Click here to Skip to main content
14,926,224 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I was suppose to add in an Active and Inactive (known as status column) into my phpmyadmin database, which I did, but I don't know where should I put in the code in my login.php. Can anyone help? Below is my

What I have tried:

HTML
<title>Log In

    
    html,
    body {
        height: 100%;
    }

    body {
        display: -ms-flexbox;
        display: -webkit-box;
        display: flex;
        -ms-flex-align: center;
        -ms-flex-pack: center;
        -webkit-box-align: center;
        align-items: center;
        -webkit-box-pack: center;
        justify-content: center;
        padding-top: 40px;
        padding-bottom: 40px;
        background-color: #f5f5f5;
    }

    .form-signin {
        width: 100%;
        max-width: 330px;
        padding: 15px;
        margin: 0 auto;
    }

    .form-signin .checkbox {
        font-weight: 400;
    }

    .form-signin .form-control {
        position: relative;
        box-sizing: border-box;
        height: auto;
        padding: 10px;
        font-size: 16px;
    }

    .form-signin .form-control:focus {
        z-index: 2;
    }

    .form-signin input[type="email"] {
        margin-bottom: -1px;
        border-bottom-right-radius: 0;
        border-bottom-left-radius: 0;
    }

    .form-signin input[type="password"] {
        margin-bottom: 10px;
        border-top-left-radius: 0;
        border-top-right-radius: 0;
    }
    




    prepare($query);

        $email=$_POST['email'];
        $password=$_POST['pass'];
        $status=$_POST['status'];

        // bind the parameters
        $stmt->bindParam(':email', $email);

        $stmt->execute();

        $num = $stmt ->rowCount();
}
?>

    " method="post">

        fetch(PDO::FETCH_ASSOC);
                extract($row);
    
                //whether the password matches or not. 
                if ($pass == $password){
                    echo "<div class="alert alert-success">Log In Successful, Welcome!</div>";
    
                }else{
                    echo "<div class="alert alert-danger">Password Does Not Match</div>";
            }
                //whether the password matches or not. 
                if ($status == 'Active'){
                    echo "<div class="alert alert-success">Log In Successful, Welcome!</div>";

                }else{
                    echo "<div class="alert alert-danger">Your Account Is Inactive.</div>";
            }
        }
        //email does not exist in table
        else if($num == 0){
            echo "<div class="alert alert-danger">Email Does Not Exist</div>";
        }
        ?>

        
        <h1 class="mb-3 font-weight-normal">Log In</h1>
        Email address
        
        Password
        
        <div class="checkbox mb-3">
            
                 Remember me
            
        </div>
        Log In
        <p class="mt-5 mb-3 text-muted">© 2020-2021</p>
Posted
Updated 15-Mar-21 2:53am
v2
Comments
Richard MacCutchan 15-Mar-21 7:20am
   
If either the userid or password do not match then the message should just say that the details are incorrect. If you say "password does not match" then a hacker knows that they have found a valid userid. And similarly for "email does not match".
Richard Deeming 15-Mar-21 8:32am
   
With the passwords stored in plain text, "security" is the last thing on the OP's mind. :)
Richard MacCutchan 15-Mar-21 8:37am
   
Since so many people seem to do it these days ...
Richard Deeming 15-Mar-21 8:33am
   
You are storing the users' passwords in plain text. Don't do that.
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

PHP even has built-in functions to help you do the right thing:
PHP: password_hash[^]
PHP: password_verify[^]

1 solution

That's really up to you: you need to decide in what manner you will mark an account active or inactive. For example, an account_expired field with a date. If the date has passed then the account is expired. You can even set accounts to expire in the future with this methodology.

You can use any sort of flag you wish: set the password to null would work, depending upon how you create accounts when not in phpmyadmin. Personally, because I work in a business climate/financial institution, everything has a trail. Created_Date, Expires_Date, possibly last successful access; last failed access; failed access count (between success, maybe).

Your question in a way is too wide open - you can set up the marker for active/inactive in a huge number of ways.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900