troubleshooting Question

script logging me in even though database user activation value isn't equal to "yes"

Avatar of Crazy Horse
Crazy HorseFlag for South Africa asked on
PHP
5 Comments1 Solution208 ViewsLast Modified:
This code should only let a user log in if they have activated their account. So, when someone registers the default for the database column is "no". Once they activate it will update to "yes".

$stmt = $link->prepare("SELECT `user_name`, `user_email`, `safe_id`, `access_level`, `user_pass`, `active` FROM `users` WHERE `user_email` = ?");
		$stmt->bind_param("s", $_POST['email']);
		$stmt->execute();
		$result = $stmt->get_result();
		$numRows = $result->num_rows;
		if($numRows > 0) {
			$_SESSION['user_details'] = $result->fetch_object();
			$db_pass = $_SESSION['user_details']->user_pass;
			if(password_verify(trim($_POST['password']), $db_pass) && ($_SESSION['user_details']->active == "yes")) {
// do some other stuff here
} else {
			echo error_message("Your account has not yet been activated");
		}

With this code, when they user tries to login, it shows the error message. If I try again it takes me to the dashboard or if I just press enter in the address bar again it takes me to the dashboard which I can't seem to figure out why.
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros