User status validation problem

Question

UK-1991 0 Posting Whiz

9 Years Ago

Tried to create a user validation process using status .

I created a condition like if user status is pending it should pull up a message if user status is deactiavated it should pull up any other message and when user status is active it should login though. I created the script but the problem is that when the script runs it checks the first condition and pull up the message it is not moving forward to check the other conditions

Here is my script

if(isset($_POST["login"])) {
        $get_query = mysqli_query($connection, "SELECT * FROM users");
        while($record1 = mysqli_fetch_assoc($get_query)) {
            $status = $record1["status"];   
        }

        if($status == "pending") {
            $msg = "Your account has not been activated yet";
        } elseif($status == "active") {
            echo verify($connection);
        } else {
            $msg = "Sorry but your account has been deactivated
        }
    }

php

2 Contributors
2 Replies
222 Views
19 Minutes Discussion Span
Latest Post 9 Years Ago Latest Post by UK-1991

pritaeas 2,194 ¯\_(ツ)_/¯

9 Years Ago

Shouldn't you be querying for only the user that is trying to login, instead of getting all users? Similar to this question.

Edited 9 Years Ago by pritaeas

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

UK-1991 0 Posting Whiz · Answer 1 · 2015-07-21T09:45:13+00:00

Yes but i was thinking to first check the status of the user but yes you are right first of all i have to check by the username whi is trying to log in

This is my verify script

    function verify($connect) {
        $username  = $_POST["username"];
        $password1 = mysqli_real_escape_string($connect, $_POST["password"]);

        $get_query = mysqli_query($connect, "SELECT * FROM users");
        while($record = mysqli_fetch_assoc($get_query)) {
            $uname = $record{"username"};
            $email = $record["email"];
            $pass  = $record["password"];

            $hash=password_hash($password1, PASSWORD_DEFAULT);
            $password  = password_verify($password1, $hash);

            if($username == $uname || $username == $email) {
                if($password == $pass) {
                    $_SESSION["uname"] = $username;
                    $_SESSION["uid"]   = $record["uid"];

                    header("Location: user.php?uid=".$_SESSION["uid"]);
                }
            } else {
                $_SESSION["message"] = "Invalid Username/Password provided";
                header("Location: login.php");
            }
        }   
    }

And this is check user status script which I have pleaced in the head or should i have to merge both of these

    if(isset($_POST["login"])) {
        $username = $_POST["username"];
        $get_query = mysqli_query($connection, "SELECT * FROM users WHERE username='$username'");
        while($record1 = mysqli_fetch_assoc($get_query)) {
            $status   = $record1["status"]; 
        }

        if($status == "pending") {
            $msg = "Your account has not been activated yet";
        } 
        if($status == "active") {
            echo verify($connection);
        } 
        if($status == "deactivated") {
            $msg = "Sorry but your account has been deactivated";
        }
    }