Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Login System

Posted on 2013-01-18
6
Medium Priority
?
340 Views
Last Modified: 2013-01-21
I would like my registered users not to be allowed into my site until they have paid their fees. This can be determined by the date when they have paid. I have some code worked out but it appears to be working the opposite to the way that I would like. When they register a date is placed into the users table of the database that is one day less that the date they registered. When they pay then the date would change. However, my code is letting in the wrong registrants.

Following is my code:

<?php 

// Query the database:
	$q = "SELECT id, username, type, IF(date_expires >= NOW(), false) FROM users WHERE (email='$e' AND pass='"  .  get_password_hash($p) .  "')";		
	$r = mysqli_query ($connect, $q);
	
	if (mysqli_num_rows($r) == 1) { // A match was made.

	
// Get the data:
	$row = mysqli_fetch_array ($r, MYSQLI_NUM); 
	
	// Only indicate if the user's account is not expired:
	if ($row[3] == 1) $_SESSION['user_not_expired'] = true;
	
} else { // No match was made.
	$login_errors['login'] = 'The email address and password do not match those on file. ';
}


} // End of $login_errors IF

Open in new window


Thanks,

wchirnside
0
Comment
Question by:wchirnside
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 38795376
This is not really a question with a succinct answer so much as a requirement for application development.  Maybe this article can help?
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0
 

Author Comment

by:wchirnside
ID: 38796469
Thanks for the article. It is very informative. However, I believe that my question should have a direct answer. My code doesn't seem to be working. It is letting in registrants whose registration date is less than or equal to NOW but should only be letting in people whose date is GREATER THAN OR EQUAL TO NOW. So, of course, I need to figure out what is wrong with the code but at this stage I have a login system figured out that SHOULD be working. I don't really want to rework everything from the beginning. I have the database and all other aspects are working with that. The only thing is letting in people who have paid and redirecting those who have not paid their fees.

Thanks,

wchirnside
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 38796507
Not trying to be snarky, but NOW is a term of art in time-line processing and it has a value, such as the Unix Timestamp.  Everything in the past has a lower value.  Everything in the future will have a higher value when the future comes to pass.  

This precise moment in time, plus the future values, are the values that would match GREATER THAN OR EQUAL TO NOW.  As far as I can tell, logically, anyone who is already registered would have a registration date in the past.  So it sounds like you want to redesign with a registration date, a payment date and an expiration date in separate columns.

If you want to post the CREATE TABLE script I may be able to help you get the query working right, or at least suggest how to redesign the table and the logic.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:wchirnside
ID: 38797175
Yes, I understand. Thanks for your reply. The registered users who have not paid would have an expiration date that is in the past. These people should not be allowed into the site. The registered users who have continued on with the full registration and paid their fees would have a registration date somewhere in the future - up to two years.

During the payment process the date in the table would change to a date in the future.

The original registration date is controlled by the initial registration form.

CREATE TABLE `users` (
  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
  `type` ENUM('member','admin') NOT NULL,
  `username` VARCHAR(30) NOT NULL,
  `email` VARCHAR(80) NOT NULL,
  `pass` VARBINARY(32) DEFAULT NULL,
  `first_name` VARCHAR(20) NOT NULL,
  `last_name` VARCHAR(40) NOT NULL,
  `date_expires` DATE NOT NULL,
  `date_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
  `date_modified` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00',
  PRIMARY KEY (`id`),
  UNIQUE KEY `username` (`username`),
  UNIQUE KEY `email` (`email`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

Open in new window


Wchirnside
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 38797239
Maybe go with something like this in the table definition:

`date_expires` DATE NOT NULL DEFAULT '1975-01-01',

Then in the initial INSERT QUERY leave that column out to get date_expires loaded with the default value.  And when the client pays, UPDATE the row to set the correct (future) expiration date.

In the SELECT query you can do something like this:

$now = date('c');
$sql = "SELECT... WHERE date_expires > '$now' LIMIT 1";
0
 

Author Closing Comment

by:wchirnside
ID: 38803960
Thank you for your quick response
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Q&A with Course Creator, Mark Lassoff, on the importance of HTML5 in the career of a modern-day developer.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question