Member Avatar for UK-1991

Tried to create a user validation process using status .

I created a condition like if user status is pending it should pull up a message if user status is deactiavated it should pull up any other message and when user status is active it should login though. I created the script but the problem is that when the script runs it checks the first condition and pull up the message it is not moving forward to check the other conditions

Here is my script

if(isset($_POST["login"])) {
        $get_query = mysqli_query($connection, "SELECT * FROM users");
        while($record1 = mysqli_fetch_assoc($get_query)) {
            $status = $record1["status"];   
        }

        if($status == "pending") {
            $msg = "Your account has not been activated yet";
        } elseif($status == "active") {
            echo verify($connection);
        } else {
            $msg = "Sorry but your account has been deactivated
        }
    }
  • 2 Contributors
  • 2 Replies
  • 222 Views
  • 19 Minutes Discussion Span
  • Latest Post Latest Post by UK-1991

Recommended Answers

All 2 Replies

Member Avatar for pritaeas

Shouldn't you be querying for only the user that is trying to login, instead of getting all users? Similar to this question.

Edited by pritaeas
Member Avatar for UK-1991

Yes but i was thinking to first check the status of the user but yes you are right first of all i have to check by the username whi is trying to log in

This is my verify script

    function verify($connect) {
        $username  = $_POST["username"];
        $password1 = mysqli_real_escape_string($connect, $_POST["password"]);

        $get_query = mysqli_query($connect, "SELECT * FROM users");
        while($record = mysqli_fetch_assoc($get_query)) {
            $uname = $record{"username"};
            $email = $record["email"];
            $pass  = $record["password"];

            $hash=password_hash($password1, PASSWORD_DEFAULT);
            $password  = password_verify($password1, $hash);

            if($username == $uname || $username == $email) {
                if($password == $pass) {
                    $_SESSION["uname"] = $username;
                    $_SESSION["uid"]   = $record["uid"];

                    header("Location: user.php?uid=".$_SESSION["uid"]);
                }
            } else {
                $_SESSION["message"] = "Invalid Username/Password provided";
                header("Location: login.php");
            }
        }   
    }

And this is check user status script which I have pleaced in the head or should i have to merge both of these

    if(isset($_POST["login"])) {
        $username = $_POST["username"];
        $get_query = mysqli_query($connection, "SELECT * FROM users WHERE username='$username'");
        while($record1 = mysqli_fetch_assoc($get_query)) {
            $status   = $record1["status"]; 
        }

        if($status == "pending") {
            $msg = "Your account has not been activated yet";
        } 
        if($status == "active") {
            echo verify($connection);
        } 
        if($status == "deactivated") {
            $msg = "Sorry but your account has been deactivated";
        }
    }
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.