Issue
I want only verified accounts logging in to my website and therefore I've set up and a category called Verification which can either be 0(not verified) or 1(verified) in PHPMyAdmin. Ive gotten it to work so that it changes the value when the account is verified but I cant figure out how to check if the account's "Verification" is 1 or 0. I tried doing this but with no success:
What I've tried
$test = "SELECT Verification FROM users WHERE Verification = 1 AND users_uid = $uid";
if($test == false){
$test = null;
header("location: ../LoginPage.php?error=accountNotVerified");
exit();
}
And here is the whole code if this helps to clear anything up for you.
The whole code(This code works fine but doesn't check if the account is verified)
<?php
class Login extends Dbh{
protected function getUser($uid, $pwd){
$stmt = $this->connect()->prepare('SELECT users_pwd FROM users WHERE users_uid = ? OR users_email = ?;');
if(!$stmt->execute(array($uid, $pwd))){
$stmt = null;
header("location: ../LoginPage.php?error=stmtfailed");
exit();
}
if($stmt->rowCount()==0){
$stmt = null;
header("location: ../LoginPage.php?error=usernotfound");
exit();
}
$pwdHashed = $stmt->fetchAll(PDO::FETCH_ASSOC);
$checkPwd = password_verify($pwd,$pwdHashed[0]["users_pwd"]);
if($checkPwd ==false){
$stmt = null;
header("location: ../LoginPage.php?error=wrongpassword");
exit();
}
elseif($checkPwd == true){
$stmt = $this->connect()->prepare('SELECT * FROM users WHERE users_uid = ? OR users_email = ? AND users_pwd = ?;');
//HERE IS WHERE I WANT TO IMPLEMENT THE CODE WRITTEN ABOVE BUT IN A WORKING VERSION
//HERE IS WHERE I WANT TO IMPLEMENT THE CODE WRITTEN ABOVE BUT IN A WORKING VERSION
//HERE IS WHERE I WANT TO IMPLEMENT THE CODE WRITTEN ABOVE BUT IN A WORKING VERSION
if(!$stmt->execute(array($uid, $uid, $pwd))){
$stmt = null;
header("location: ../LoginPage.php?error=stmtfailed");
exit();
}
}
if($stmt->rowCount()==0){
$stmt = null;
header("location: ../LoginPage.php?error=usernotfound");
exit();
}
$user = $stmt->fetchAll(PDO::FETCH_ASSOC);
session_start();
$_SESSION["userid"] = $user[0]["users_id"];
$_SESSION["useruid"] = $user[0]["users_uid"];
$stmt = null;
}
}
In conclusion, I want to check whether or not the "Verfication"-value is 1 or 0 in my database.
Solution
You may change password check
from
$stmt = $this->connect()->prepare('SELECT users_pwd FROM users WHERE users_uid = ? OR users_email = ?;');
...
$pwdHashed = $stmt->fetchAll(PDO::FETCH_ASSOC);
$checkPwd = password_verify($pwd,$pwdHashed[0]["users_pwd"]);
if($checkPwd ==false){
$stmt = null;
header("location: ../LoginPage.php?error=wrongpassword");
exit();
}
to
$stmt = $this->connect()->prepare('SELECT users_pwd, verification FROM users WHERE users_uid = ? OR users_email = ?;');
...
$dbData = $stmt->fetchAll(PDO::FETCH_ASSOC);
$verification = $dbData[0]["verification"]
$checkPwd = password_verify($pwd,$dbData[0]["users_pwd"]);
if($checkPwd === false || $verification !== 1){
$stmt = null;
if($checkPwd === false) {
header("location: ../LoginPage.php?error=wrongpassword");
} else {
header("location: ../LoginPage.php?error=notverified");
}
exit();
}
That will check password and verification status.
Answered By - rzlvmp
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.