Making a subscriber's account inactive so they can't login.

just change:
SET active=1

to
SET active=0

if ($uid > 0) {
							
							// Update the users table:
							$q = "UPDATE users SET active=0, date_expires = IF(date_expires < NOW(), ADDDATE(date_expires, INTERVAL 1 MONTH), ADDDATE(NOW(), INTERVAL 1 MONTH)), date_modified=NOW() WHERE id=$uid";
							$r = mysqli_query ($connect, $q);
							if (mysqli_affected_rows($connect) != 1) {
								trigger_error('The user\'s expiration date could not be updated!');
							}
}

Select allOpen in new window

The expiration date ill still be one month in the future, but since active=0, it is very likely that the login page will not allow access to the site once it sees active=0.

Thanks for your response.

I want the user to be able to login for one month until the account expires so the account has to start off by being active and then the active column should change to 0.

I have previously tried what you are suggesting and don't think that will work.

Yes, the login query now checks to see that the account is active and so it will let anyone in with a 1 in the active column.

How do I get the 1 to change to a 0 when the account expires?

My last post checks if the account has expired and if so it updates active to zero.

Theory and practice of client authentication is here:
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Theory and practice of client registration and confirmation is here:
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_3939-Registration-and-Email-Confirmation-in-PHP.html

I would recommend adding an expiration date column to the table of users.  The default value might be today's date, meaning that if they have not confirmed their registration, they're not able to use the site (this is not a technical issue - just a UX issue).  At the time of registration confirmation, use PHP date('c', strtotime('TODAY + 1 MONTH')) to get the future expiration date.  Update the table to show they confirmed the registration and at the same time, update the table to add the future expiration date.  Then go back to the login script and add a check for the date.  Not only will you test for the username and password, but you'll also test to see that the current value of date('c') is less than or equal to the expiration date column in the user's row of the database.

Date and time handling is here (note the ambiguity of the term "month"):
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_201-Handling-date-and-time-in-PHP-and-MySQL.html

This currently is my login script:

$q = "SELECT id, username, type FROM users WHERE (email='$e' AND pass='"  .  get_password_hash($p) .  "') AND active = 1 ";
	//$q = "SELECT id, username, type, IF(date_expires >= NOW(), true, false) FROM users WHERE (email='$e' AND pass='"  .  get_password_hash($p) .  "') AND active = 1 ";
	

Select allOpen in new window

There is also currently a date_expires column and an active column that will have a 1 in it when the registration.

Just trying to do this in the most simple direct way in case the coding changes later, for whatever reason.

hielo - I haven't checked your code yet but will do so at a later time today - thanks

The simplest way to prevent users to login is to also check for expired accounts during the login query -- meaning you don't have to set active=0.

$q = "SELECT id, username, type FROM users WHERE (email='$e' AND pass='"  .  get_password_hash($p) .  "') AND (active = 1) AND (DATEDIFF(Now(),`date_expires`)>0) ";

But if you would rather set active to zero, then refer to my code above.

Okay I will try that.

Thank you everyone for your quicky replies. I probably didn't explain the situation as well as I could have done and will provide more information the next time I ask a question of Experts Exchange.