0

How can i show user "Your account is not confirmed yet" when the login form check whether confirm column is YES (If yes then tke it to member page & if NO then shows that error message.) I already have error message for invalid details but I want a cofirmation one too. Thanks

<?

include("config.php");  // Including config.php file
include("includes/db_config.php");  // Including database connection

    mysql_select_db($database); // select database

    session_start();    //session starts here
$now = time();
if (isset($_SESSION['user_login']) && $now > $_SESSION['user_login']) {
    // this session has worn out its welcome; kill it and start a brand new one
    session_unset();
    session_destroy();
    session_start();
}

// either new or old, it should live at most for another hour
$_SESSION['discard_after'] = $now + 10800;

    if(isset($_POST['user_login'])=='user_login')   // user_login is the hidden variable value from Login form
    {
         extract($_POST);   
         $ip = $_SERVER['REMOTE_ADDR']; //gets the ip address of the remote system.



        /* =========================Code for remember me field=========================== */

        $_SESSION['userId']=$userId;
        $_SESSION['password']=$password;

        if (isset($_POST['remember'])){

            setcookie("cookname", $_SESSION['userId'], time()+10800, "/");

            setcookie("cookpass", $_SESSION['password'], time()+10800, "/");

        }




        /* ====================== code for checking the valid user ======================= */ 

         date_default_timezone_set('Europe/London');
         $last_login = date('y-m-d H:i:s'); //getting the last login time
         $login = mysql_query("SELECT * FROM loginattempts WHERE IP = '".$ip."'");
         $data = mysql_fetch_array($login);

         $user = mysql_query("select * from users where userName = '".$userId."' and password='".$password."'");
         $row= mysql_num_rows($user);

         //gets the current time
         $current_time= mktime(date("H"),date("i"),date("s"),date("m"),date("d"),date("y"));
         $currenttime= date("Y-m-d H:i:s",$current_time); 

         // if the user exists
         if($row>0) 
         {
                //lock the user if the current time is less than blocked time.
                if($currenttime < $data['blocked_time']){
                    @header('Location:index.php?action=locked');

                }

                else{    

                    //if the time expires, update the blocked time to NULL.
                    $null_blocked_time="UPDATE 
                                    loginattempts 
                                SET 
                                    blocked_time=NULL

                                WHERE 
                                    IP ='". $ip."'";

                    mysql_query($null_blocked_time);



                    $result = mysql_fetch_array($user); 
                    $_SESSION['userid']=$result['userId'];

                    //works if ENABLE_SIGNINTIME_SIGNINCOUNT in config.php is enable
                    if(ENABLE_SIGNINTIME_SIGNINCOUNT){

                        signinCount($userId);   //function call to store signin count and last login time in database.

                    }



                    //if there are no rows in the loginattempts table
                    if(mysql_num_rows($login) == 0){

                        $success_attempt= "insert into loginattempts(IP,Attempts,LastLogin)values('$ip',0,'$last_login')";
                        mysql_query($success_attempt);

                    }

                    //else update the attempts to '0' on successfull login.
                    else{
                        $success= "UPDATE 
                                        loginattempts 
                                   SET
                                        Attempts = 0,
                                        IP='".$ip."',
                                        LastLogin='".$last_login."'

                                  WHERE 
                                        IP ='". $ip."'";

                        mysql_query($success);
                    }


                    //redirects the user to user_page.php on successfull login.
                    @header('Location:user_page.php');
                }

         }

        //if the user does not exist!
        else    
        {
                //if there are no rows in the loginattempts table
                if(mysql_num_rows($login) == 0){

                    $fail_attempt= "insert into loginattempts(IP,Attempts,LastLogin)values('$ip',1,'$last_login')";
                    mysql_query($fail_attempt);

                }

                //else increment the failure attempts in Attempts column
                else{

                    $fail= "UPDATE 
                                loginattempts 
                            SET 
                                Attempts = Attempts+1,
                                IP='".$ip."',
                                LastLogin='".$last_login."'

                            WHERE 
                                IP ='". $ip."'";

                    mysql_query($fail);
                }

                //Retreiving the Attempts from loginattempts table
                $attempts=mysql_query("select Attempts from loginattempts where IP='". $ip."'");

                $attempts_failed= mysql_fetch_array($attempts);

                //works if ENABLE_LOCKABLE in config.php is enable
                if(ENABLE_LOCKABLE){

                    if($attempts_failed['Attempts'] > 3) {
                        //Setting the unblocking time after 2minutes.
                        $unlocking_time = mktime(date("H"),date("i")+2,date("s"),date("m"),date("d"),date("Y"));
                        $unlock_time=date("y-m-d H:i:s", $unlocking_time);

                        $blocked_time="UPDATE 
                                        loginattempts 
                                    SET 
                                        blocked_time='".$unlock_time."'

                                    WHERE 
                                        IP ='". $ip."'";

                        $res=mysql_query($blocked_time);                       
                    }
                }

                // redirect to login page if the user is not a valid user.
                @header('Location:index.php?action=failure');

        } 
    }   


    // code for token authentication
    if(isset($_POST['token_submit']) && ($_POST['token_submit'])== "Login with Token"){
        extract($_POST);
        $valid_token=mysql_query("select * from users where token='".$token."'");

        // if the user exists
        if(mysql_num_rows($valid_token) > 0){

            $user_data= mysql_fetch_array($valid_token);
            $_SESSION['userId'] = $user_data['userName'];
            $_SESSION['password'] = $user_data['password'];

            //works if ENABLE_SIGNINTIME_SIGNINCOUNT in config.php is enable
            if(ENABLE_SIGNINTIME_SIGNINCOUNT){
                signinCount($_SESSION['userId']);   //function call 
            }

            @header('Location:user_page.php');

        }

        // if the user does not exist
        else{
            @header('Location:index.php?action=token_fail');
        }

    }


    //function to calculate the signin count and last login time.
    function signinCount($userId){
        date_default_timezone_set('Europe/London');         
        $signin_time= date('y-m-d H:i:s');

        $signin= "UPDATE 
                            users 
                       SET
                            signin_count = signin_count+1,
                            signin_time = '".$signin_time."' 

                       WHERE 
                            userName ='". $userId."'";
        mysql_query($signin);
    }


?>




<html class=" responsejs "><!-- START Head --><head>
    <!-- START META SECTION -->
    <meta charset="utf-8">
</head>

                 <!-- ================ Error Messages =================== -->

             <?
               if($_GET['action']=='failure')
               {
               ?>
                <div class="alert alert-danger">
                    <a class="close" data-dismiss="alert" href="#">&times;</a>
                    <b>Please give correct username and password</b>
                </div>
             <? } 

               if($_GET['action']=='locked')
               {
               ?>
                 <div class="alert alert-danger">
                    <a class="close" data-dismiss="alert" href="#">&times;</a>
                    <b>You have been locked. Please try after 2 minutes.</b>
                 </div>
             <? } ?>

             <!-- ========== Executed when the account is deleted =============== -->
            <? if($_GET['action']=='deleted'){ ?>
                <div class="alert alert-success">
                    <a class="close" data-dismiss="alert" href="#">&times;</a>
                  <b>Your Account has been deleted successfully</b>
                </div>
             <? } ?>

        <!-- ============================= User Login Form =============================== -->
                        <!--/ Alert message -->
                       <input type="hidden" name="user_login" id="user_login" value="user_login">
        <div class="form-group">
            <div class="form-stack has-icon pull-left">         
               <input name="userId" type="text" id="userId" autofocus="" class="form-control input-lg" placeholder="Email">
                <i class="ico-user2 form-control-icon"></i>
            </div>
            <div class="form-stack has-icon pull-left">
                <input name="password" id="password" type="password" class="form-control input-lg" placeholder="Password">
            </div>
        </div>

        <!-- Error container -->
        <div id="error-container" class="mb15"></div>
        <!--/ Error container -->

        <div class="form-group">
            <div class="row">
                <div class="col-xs-6 text-right" style="left: 70px; top: 0px; width: 74%">
                    <a href="forgot.php">Forgot Username/Password?</a>
                </div>
            </div>
        </div>
        <div class="form-group nm">
            <input type="submit" name="login" value="Login" class="btn btn-block btn-info" tabindex="4">
            <input type="hidden" name="rlink" value="">
                    </div>
    </div>
</form>
2
Contributors
1
Reply
12
Views
2 Years
Discussion Span
Last Post by diafol
0

300 lines of code is hell of a lot to waade through. Can you, for the sake of would-be contributors, highlight where this is not working? You want to send a confirmation message somewhere?

Edited by diafol

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.