In order for my users to log in they have to activate their account through email. The activation works fine. The trouble I am having is displaying a message at login if the user has not activated. Here is the activation script:
<?php
require "connect.php";
if(isset($_GET['u'])){
//make sure that 'u' is numeric
if(is_numeric($_GET['u'])){
$u=$_GET['u'];
}else{
$u=0;
}
}
if(isset($_GET['a_code'])){
$code=$_GET['a_code'];
}else{
$code=0;
}
//Check to see if the received values are correct
$sql = "SELECT * FROM members WHERE uid = '".$u."' AND actcode = '".md5(0)."'";
if(($u > 0) && (strlen($code)) == 32){
//now activate the user
$sql="UPDATE members SET actcode ='".md5(1)."' WHERE uid = '".$u."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_affected_rows() == 1){
//update successful
echo ('Your account is now activated. You may proceed and log in.<br/><br /><a href="http://www.eternalhour.com/login.php">Login Page</a>');
}else{
echo ('Your account could not be activated. Please try again or contact the site admin.<br/><br/><a href="http://www.eternalhour.com/registration_form.php">Registration Page</a>');
}
}
?>
I have tried setting up a query then using a $_GET to compare the codes.
But I am imagining the code for the login script will look something like:
if(isset($_GET['u'])){
$u=$_GET['u'];
}
$sql = "SELECT * FROM members WHERE uid = '".$u."' AND actcode = '".md5."'";
if($row['actcode']) == (md5(1)){
}else{
$msg = "You need to activate your account before logging in.";
}
But what I don't understand, is how to verify that the string == md5(1). Could someone help me please?