Pooojaaaa Pooojaaaa - 6 months ago 23
MySQL Question

Login after admin confirmation

<?php
$cname=$_POST['cname'];
$cpass=$_POST['cpass'];

$stmt = $con->prepare("SELECT * FROM employer WHERE email = ? AND password = ? AND action = 'confirmed' ");
$stmt->bind_param('ss', $_POST['cname'], $_POST['cpass']);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > "0")
{
$member = $result->fetch_assoc();
$_SESSION['SESS_MEMBER_ID'] = $member['id'];
$_SESSION['SESS_EMAIL'] = $member['email'];
session_write_close();
header("location:emp_home.php");
}
else
{
$errmsg_arr[] = 'Wrong Username or Password';
$errflag = true;
if($errflag)
{
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:employer.php");
}
}
$stmt->close();


This is my code for login but as i ve added the "action" in sql statement, That action is confirmed by the Admin only.So i want to ask how can i echo a message like "You have not been confirmed by the admin yet, Try login after some time" when someone already registered but not been confirmed. the statement be like

$stmt = $con->prepare("SELECT * FROM employer WHERE email = ? AND password = ? AND action = '' ");
?>

Answer

Don't add the action to the query, but check it manually in php:

if ($result->num_rows > "0") {
    $member = $result->fetch_assoc();
    if ($member['action'] != 'confirmed') {
        $errmsg_arr[] = 'You have not been confirmed by the admin yet, Try login after some time';
        $errflag = true;
        if ($errflag) {
            $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            session_write_close();
            header("location:employer.php");
        }
    } else {
        $_SESSION['SESS_MEMBER_ID'] = $member['id'];
        $_SESSION['SESS_EMAIL'] = $member['email'];
        session_write_close();
        header("location:emp_home.php");
    }
} else {
    $errmsg_arr[] = 'Wrong Username or Password';
    $errflag = true;
    if ($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location:employer.php");
    }
}

And try to avoid multiple copy+paste lines, I suggest you do it something like this:

$errflag = false;
if ($result->num_rows > "0") {
    $member = $result->fetch_assoc();
    if ($member['action'] != 'confirmed') {
        $errmsg_arr[] = 'You have not been confirmed by the admin yet, Try login after some time';
        $errflag = true;
    }
} else {
    $errmsg_arr[] = 'Wrong Username or Password';
    $errflag = true;
}

if ($errflag === true) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    $location = 'employer.php';
} else {
    $_SESSION['SESS_MEMBER_ID'] = $member['id'];
    $_SESSION['SESS_EMAIL'] = $member['email'];
    $location = 'emp_home.php';
}

session_write_close();
header("location:" . $location);
die; // <-- NOTICE THIS
Comments