How can i show user "Your account is not confirmed yet" when the login form check whether confirm column is YES (If yes then tke it to member page & if NO then shows that error message.) I already have error message for invalid details but I want a cofirmation one too. Thanks
<?
include("config.php"); // Including config.php file
include("includes/db_config.php"); // Including database connection
mysql_select_db($database); // select database
session_start(); //session starts here
$now = time();
if (isset($_SESSION['user_login']) && $now > $_SESSION['user_login']) {
// this session has worn out its welcome; kill it and start a brand new one
session_unset();
session_destroy();
session_start();
}
// either new or old, it should live at most for another hour
$_SESSION['discard_after'] = $now + 10800;
if(isset($_POST['user_login'])=='user_login') // user_login is the hidden variable value from Login form
{
extract($_POST);
$ip = $_SERVER['REMOTE_ADDR']; //gets the ip address of the remote system.
/* =========================Code for remember me field=========================== */
$_SESSION['userId']=$userId;
$_SESSION['password']=$password;
if (isset($_POST['remember'])){
setcookie("cookname", $_SESSION['userId'], time()+10800, "/");
setcookie("cookpass", $_SESSION['password'], time()+10800, "/");
}
/* ====================== code for checking the valid user ======================= */
date_default_timezone_set('Europe/London');
$last_login = date('y-m-d H:i:s'); //getting the last login time
$login = mysql_query("SELECT * FROM loginattempts WHERE IP = '".$ip."'");
$data = mysql_fetch_array($login);
$user = mysql_query("select * from users where userName = '".$userId."' and password='".$password."'");
$row= mysql_num_rows($user);
//gets the current time
$current_time= mktime(date("H"),date("i"),date("s"),date("m"),date("d"),date("y"));
$currenttime= date("Y-m-d H:i:s",$current_time);
// if the user exists
if($row>0)
{
//lock the user if the current time is less than blocked time.
if($currenttime < $data['blocked_time']){
@header('Location:index.php?action=locked');
}
else{
//if the time expires, update the blocked time to NULL.
$null_blocked_time="UPDATE
loginattempts
SET
blocked_time=NULL
WHERE
IP ='". $ip."'";
mysql_query($null_blocked_time);
$result = mysql_fetch_array($user);
$_SESSION['userid']=$result['userId'];
//works if ENABLE_SIGNINTIME_SIGNINCOUNT in config.php is enable
if(ENABLE_SIGNINTIME_SIGNINCOUNT){
signinCount($userId); //function call to store signin count and last login time in database.
}
//if there are no rows in the loginattempts table
if(mysql_num_rows($login) == 0){
$success_attempt= "insert into loginattempts(IP,Attempts,LastLogin)values('$ip',0,'$last_login')";
mysql_query($success_attempt);
}
//else update the attempts to '0' on successfull login.
else{
$success= "UPDATE
loginattempts
SET
Attempts = 0,
IP='".$ip."',
LastLogin='".$last_login."'
WHERE
IP ='". $ip."'";
mysql_query($success);
}
//redirects the user to user_page.php on successfull login.
@header('Location:user_page.php');
}
}
//if the user does not exist!
else
{
//if there are no rows in the loginattempts table
if(mysql_num_rows($login) == 0){
$fail_attempt= "insert into loginattempts(IP,Attempts,LastLogin)values('$ip',1,'$last_login')";
mysql_query($fail_attempt);
}
//else increment the failure attempts in Attempts column
else{
$fail= "UPDATE
loginattempts
SET
Attempts = Attempts+1,
IP='".$ip."',
LastLogin='".$last_login."'
WHERE
IP ='". $ip."'";
mysql_query($fail);
}
//Retreiving the Attempts from loginattempts table
$attempts=mysql_query("select Attempts from loginattempts where IP='". $ip."'");
$attempts_failed= mysql_fetch_array($attempts);
//works if ENABLE_LOCKABLE in config.php is enable
if(ENABLE_LOCKABLE){
if($attempts_failed['Attempts'] > 3) {
//Setting the unblocking time after 2minutes.
$unlocking_time = mktime(date("H"),date("i")+2,date("s"),date("m"),date("d"),date("Y"));
$unlock_time=date("y-m-d H:i:s", $unlocking_time);
$blocked_time="UPDATE
loginattempts
SET
blocked_time='".$unlock_time."'
WHERE
IP ='". $ip."'";
$res=mysql_query($blocked_time);
}
}
// redirect to login page if the user is not a valid user.
@header('Location:index.php?action=failure');
}
}
// code for token authentication
if(isset($_POST['token_submit']) && ($_POST['token_submit'])== "Login with Token"){
extract($_POST);
$valid_token=mysql_query("select * from users where token='".$token."'");
// if the user exists
if(mysql_num_rows($valid_token) > 0){
$user_data= mysql_fetch_array($valid_token);
$_SESSION['userId'] = $user_data['userName'];
$_SESSION['password'] = $user_data['password'];
//works if ENABLE_SIGNINTIME_SIGNINCOUNT in config.php is enable
if(ENABLE_SIGNINTIME_SIGNINCOUNT){
signinCount($_SESSION['userId']); //function call
}
@header('Location:user_page.php');
}
// if the user does not exist
else{
@header('Location:index.php?action=token_fail');
}
}
//function to calculate the signin count and last login time.
function signinCount($userId){
date_default_timezone_set('Europe/London');
$signin_time= date('y-m-d H:i:s');
$signin= "UPDATE
users
SET
signin_count = signin_count+1,
signin_time = '".$signin_time."'
WHERE
userName ='". $userId."'";
mysql_query($signin);
}
?>
<html class=" responsejs "><!-- START Head --><head>
<!-- START META SECTION -->
<meta charset="utf-8">
</head>
<!-- ================ Error Messages =================== -->
<?
if($_GET['action']=='failure')
{
?>
<div class="alert alert-danger">
<a class="close" data-dismiss="alert" href="#">×</a>
<b>Please give correct username and password</b>
</div>
<? }
if($_GET['action']=='locked')
{
?>
<div class="alert alert-danger">
<a class="close" data-dismiss="alert" href="#">×</a>
<b>You have been locked. Please try after 2 minutes.</b>
</div>
<? } ?>
<!-- ========== Executed when the account is deleted =============== -->
<? if($_GET['action']=='deleted'){ ?>
<div class="alert alert-success">
<a class="close" data-dismiss="alert" href="#">×</a>
<b>Your Account has been deleted successfully</b>
</div>
<? } ?>
<!-- ============================= User Login Form =============================== -->
<!--/ Alert message -->
<input type="hidden" name="user_login" id="user_login" value="user_login">
<div class="form-group">
<div class="form-stack has-icon pull-left">
<input name="userId" type="text" id="userId" autofocus="" class="form-control input-lg" placeholder="Email">
<i class="ico-user2 form-control-icon"></i>
</div>
<div class="form-stack has-icon pull-left">
<input name="password" id="password" type="password" class="form-control input-lg" placeholder="Password">
</div>
</div>
<!-- Error container -->
<div id="error-container" class="mb15"></div>
<!--/ Error container -->
<div class="form-group">
<div class="row">
<div class="col-xs-6 text-right" style="left: 70px; top: 0px; width: 74%">
<a href="forgot.php">Forgot Username/Password?</a>
</div>
</div>
</div>
<div class="form-group nm">
<input type="submit" name="login" value="Login" class="btn btn-block btn-info" tabindex="4">
<input type="hidden" name="rlink" value="">
</div>
</div>
</form>