How do I do active and inactive log in with PHP using phpmyadmin

Question

0.00/5 (No votes)

See more:

I was suppose to add in an Active and Inactive (known as status column) into my phpmyadmin database, which I did, but I don't know where should I put in the code in my login.php. Can anyone help? Below is my

What I have tried:

HTML

<title>Log In

    
    html,
    body {
        height: 100%;
    }

    body {
        display: -ms-flexbox;
        display: -webkit-box;
        display: flex;
        -ms-flex-align: center;
        -ms-flex-pack: center;
        -webkit-box-align: center;
        align-items: center;
        -webkit-box-pack: center;
        justify-content: center;
        padding-top: 40px;
        padding-bottom: 40px;
        background-color: #f5f5f5;
    }

    .form-signin {
        width: 100%;
        max-width: 330px;
        padding: 15px;
        margin: 0 auto;
    }

    .form-signin .checkbox {
        font-weight: 400;
    }

    .form-signin .form-control {
        position: relative;
        box-sizing: border-box;
        height: auto;
        padding: 10px;
        font-size: 16px;
    }

    .form-signin .form-control:focus {
        z-index: 2;
    }

    .form-signin input[type="email"] {
        margin-bottom: -1px;
        border-bottom-right-radius: 0;
        border-bottom-left-radius: 0;
    }

    .form-signin input[type="password"] {
        margin-bottom: 10px;
        border-top-left-radius: 0;
        border-top-right-radius: 0;
    }
    




    prepare($query);

        $email=$_POST['email'];
        $password=$_POST['pass'];
        $status=$_POST['status'];

        // bind the parameters
        $stmt->bindParam(':email', $email);

        $stmt->execute();

        $num = $stmt ->rowCount();
}
?>

    " method="post">

        fetch(PDO::FETCH_ASSOC);
                extract($row);
    
                //whether the password matches or not. 
                if ($pass == $password){
                    echo "<div class="alert alert-success">Log In Successful, Welcome!</div>";
    
                }else{
                    echo "<div class="alert alert-danger">Password Does Not Match</div>";
            }
                //whether the password matches or not. 
                if ($status == 'Active'){
                    echo "<div class="alert alert-success">Log In Successful, Welcome!</div>";

                }else{
                    echo "<div class="alert alert-danger">Your Account Is Inactive.</div>";
            }
        }
        //email does not exist in table
        else if($num == 0){
            echo "<div class="alert alert-danger">Email Does Not Exist</div>";
        }
        ?>

        
        <h1 class="mb-3 font-weight-normal">Log In</h1>
        Email address
        
        Password
        
        <div class="checkbox mb-3">
            
                 Remember me
            
        </div>
        Log In
        <p class="mt-5 mb-3 text-muted">© 2020-2021</p>

Posted 15-Mar-21 0:42am

Victorria Choo

Updated 15-Mar-21 2:53am

Richard MacCutchan

v2

Add a Solution

Comments

Richard MacCutchan 15-Mar-21 7:20am

If either the userid or password do not match then the message should just say that the details are incorrect. If you say "password does not match" then a hacker knows that they have found a valid userid. And similarly for "email does not match".

Richard Deeming 15-Mar-21 8:32am

With the passwords stored in plain text, "security" is the last thing on the OP's mind. :)

Richard MacCutchan 15-Mar-21 8:37am

Since so many people seem to do it these days ...

Richard Deeming 15-Mar-21 8:33am

You are storing the users' passwords in plain text. Don't do that.
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

PHP even has built-in functions to help you do the right thing:
PHP: password_hash[^]
PHP: password_verify[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

W∴ Balboos, *GHB* · Answer 1 · 2021-03-15T02:53:00

That's really up to you: you need to decide in what manner you will mark an account active or inactive. For example, an account_expired field with a date. If the date has passed then the account is expired. You can even set accounts to expire in the future with this methodology.

You can use any sort of flag you wish: set the password to null would work, depending upon how you create accounts when not in phpmyadmin. Personally, because I work in a business climate/financial institution, everything has a trail. Created_Date, Expires_Date, possibly last successful access; last failed access; failed access count (between success, maybe).

Your question in a way is too wide open - you can set up the marker for active/inactive in a huge number of ways.