PHP How to also check if active

StackOverflow https://stackoverflow.com/questions/21517492

  •  06-10-2022
  •  | 
  •  

Domanda

I have a problem with my code. Or rather don't know how to implement what I would like to have. I would like; Also in this code, check if the username have a 1 in active column. and if so the proceed to login protected page else return to login page.

<?php

session_start(); 

function validateUser(){

session_regenerate_id (); 
$_SESSION['valid'] = 1;
$_SESSION['username'] = $username;

}
$username = $_POST['username'];
$password = > $_POST['password'];
require('config.inc.php'); 
$db = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass); 
$stmt = $db->prepare("SELECT password_hash FROM users WHERE username =:username");
$stmt->bindParam(':username', $username, PDO::PARAM_STR,32);
$stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC);
$db=null;
$dbhash = $result['password_hash'];

if ($dbhash == crypt($password, $dbhash)){
validateUser();    
header('Location: ../main.php');
}else{
header('Location: ../index.php?invalidcreds=1');
die();
}

?>

So what you guys think? I have tried everything but can't get it to work.

Also I would like to have a admin column no/0 or yes/1 so I can protect certain links or text in my page. But first thing first.

È stato utile?

Soluzione

You can add an is_active column in your db then use:

SELECT is_active, password_hash FROM users where username=:username

In your php just use:

if($result['is_active'])
{
    //Send to restricted login
}
else
{
    //Send to normal login
}

Also, like I said in a comment, you have a stray > when you initialize your password variable. It may be a reason why your code isn't working.

Altri suggerimenti

Okay so this is the code and it work perfect. And the > was just a typo sorry. Thanks Bun for your super easy code.

Does this look okay? Or just plain wrong. I'm a bit unsure of the if code or is this the way to go!?

<?php

session_start();
function validateUser(){
    session_regenerate_id (); //this is a security measure
    $_SESSION['valid'] = 1;
    $_SESSION['username'] = $username;
}
$username = $_POST['username'];
$password = $_POST['password'];
require('config.inc.php');
$db = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$stmt = $db->prepare("SELECT active, password_hash FROM users WHERE username = :username");
$stmt->bindParam(':username', $username, PDO::PARAM_STR, 32);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$db =null;

if($result['active']){
    $dbhash = $result['password_hash'];
if ($dbhash == crypt($password, $dbhash))
    validateUser();
    header('Location: ../main.php');
}
else{
    header('Location: ../index.php?invalidcreds=1');
    die();
}

?>

But now if I would like to do a admin column too and try to implement this here, how would I do this? I know there needs to be added perhaps a bit more code in other places also. Nothing pretty or advanced. It's just a simple login so. Any advice where I should direct my eyes at, private/public classes (I've tried this but I got lost in the code totaly)

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top