Jump to content

Check if account is account activated

fullyloaded

By fullyloaded
in PHP Coding Help

 Share

Recommended Posts

fullyloaded Regular Member

fullyloaded

Posted
Posted

Hi,

I'm having a little problem checking to see if a account has been activated or not. I don't know if i'm on the right track or not, here is what i got and what im trying to add. First is my login script, and second is what im trying to add to check if the account has been activated. Any help would be great thanks.

 

Login script:

session_start();
function returnheader($location){
    $returnheader = header("location: $location");
    return $returnheader;
}
include_once("db.php");
$errors = array();
if(isset($_POST["iebugaround"])){
    $uname = trim(htmlentities($_POST['username']));
    $passw = trim(htmlentities($_POST['password']));
    if(empty($uname) || empty($passw)){
        $errors[] = "$required_fields";
    }
    if(!$errors){
        $passencrypt = hash('sha512', $_POST['password']);
        $query = "SELECT * FROM members WHERE username='".mysql_real_escape_string($uname)."' AND password='".mysql_real_escape_string($passencrypt)."'";
        $result = mysql_query($query) OR die(mysql_error());
        $result_num = mysql_num_rows($result);
        if($result_num > 0){
            while($row = mysql_fetch_array($result)){
                $idsess = stripslashes($row["id"]);
                $firstnamesess = stripslashes($row["firstname"]);
                $username = stripslashes($row["username"]);
                $_SESSION["SESS_USERID"] = $idsess;
                $_SESSION["SESS_USERFIRSTNAME"] = $firstnamesess;
                $_SESSION["SESS_USERNAME"] = $username;
                setcookie("userloggedin", $username);
                setcookie("userloggedin", $username, time()+43200);
                returnheader("users.php");
            }
            } else {
            $errors[] = "$incorrectLogin";
        }
    }
    } else {
    $uname = "";
}

 

Code trying to add(not sure if this is right):

if ($row["actnum"] == "0"){
//Then login to site
}else{
$errors[] = "$accountNotActivated";
}

Link to comment
Share on other sites
Christian F. Member

Christian F.

Posted
Posted 

session_start ();

// Look in the post, below this block, for comment.
function returnheader ($location) {
$returnheader = header ("location: $location");
return $returnheader;
}

include_once ("db.php");
$errors = array ();
if (!isset ($_POST["iebugaround"])) {
$uname = "";
// Exit early. Makes it easier to read the code, and cuts down on the nesting of blocks.
return;
}

// "htmlentities ()" is not input validation, but output escaping.
// Should only be used directly before adding content to output going to a web browser/page.
$uname = trim (htmlentities ($_POST['username']));
$passw = trim (htmlentities ($_POST['password']));
if (empty ($uname) || empty ($passw)) {
$errors[] = "$required_fields";
// Exit early.
return;
}

$passencrypt = hash ('sha512', $_POST['password']);
$query = "SELECT * FROM members WHERE username='" . mysql_real_escape_string ($uname) .
	"' AND password='" . mysql_real_escape_string ($passencrypt) . "'";
$result = mysql_query ($query) or die (mysql_error ());

$result_num = mysql_num_rows ($result);
if ($result_num != 1) {
$errors[] = "$incorrectLogin";
// Exit early.
return;
}

// The while loop is completely unnecessary here, you want only one result anyway.
$row = mysql_fetch_array ($result);

// Stripslashes () should be completely unnecessary here.
// If you need them, then you're either using a woefully outdated version of PHP, or have some other issue with your code.
$idsess = stripslashes ($row["id"]);
$firstnamesess = stripslashes ($row["firstname"]);
$username = stripslashes ($row["username"]);

// A bit redundant to prefix session array keys with "SESS_", it's quite apparant from the name
// of the $_SESSION array where they are stored. 
$_SESSION["SESS_USERID"] = $idsess;
$_SESSION["SESS_USERFIRSTNAME"] = $firstnamesess;
$_SESSION["SESS_USERNAME"] = $username;

setcookie ("userloggedin", $username);
setcookie ("userloggedin", $username, time () + 43200);

returnheader ("users.php");

 

The returnheader () function does not make sense, as header () doesn't return anything. Which means that it will always return NULL.

Also, you always want to use "die ()" after sending a header relocation. Otherwise PHP will continue to parse the script, executing all of the code below the point where you wanted to stop parsing and redirect the user.

 

Your attempt at adding activation checking to the login process seems to  be a working one, yes. That is, if "actnum" is meant to be 0 if the user is validated. Reverse the test and exit early, and you got something which works pretty well.

Personally, however, I'd go for adding a clause to the SQL query to fetch only activated accounts. Then show a generic "user doesn't exist, wrong password or not activated" to the error message.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.