0
<?php
$cname=$_POST['cname'];
$cpass=$_POST['cpass'];

$stmt = $con->prepare("SELECT * FROM employer WHERE email = ? AND password = ? AND action = 'confirmed' ");
$stmt->bind_param('ss', $_POST['cname'], $_POST['cpass']);
$stmt->execute();
$result = $stmt->get_result();
    if ($result->num_rows > "0")
    {
        $member = $result->fetch_assoc(); 
        $_SESSION['SESS_MEMBER_ID'] = $member['id'];
        $_SESSION['SESS_EMAIL'] = $member['email'];
        session_write_close();
        header("location:emp_home.php");
    }
    else 
    {
        $errmsg_arr[] = 'Wrong Username or Password';
        $errflag = true;
        if($errflag) 
        {
            $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            session_write_close();
            header("location:employer.php");
        }
    } 
    $stmt->close();

This is my code for login but as I've added the "action" in SQL statement that action is confirmed by the Admin only. So I want to ask how can I echo a message like You have not been confirmed by the admin yet, try login after some time when someone already registered but not been confirmed.

The statement be like:

$stmt = $con->prepare("SELECT * FROM employer WHERE email = ? AND password = ? AND action = '' ");
Peon
  • 7,902
  • 7
  • 59
  • 100
Pooojaaaa
  • 183
  • 1
  • 4
  • 16
  • you can do this same as you are handeling error messages. Hold success message in `$_SESSION` variable and handle it in your html as you handeling error messages. – Ranjit Shinde May 30 '16 at 11:40
  • Sorry, I don't quite understand you. You wish to output a message when a user registers saying that they need to wait for confirmation? – developius May 30 '16 at 11:44
  • @developius when he/she registered her/his status will be pending once it will confirm by admin then and then he/she will be able to login.that's what she wants i guess – kiran gadhvi May 30 '16 at 11:47
  • `action = 'confirmed'` this is been confirmed by the admin .. So when it has not been confirmed n user tries to login , it should show a message "You have not been confirmed by the admin yet, Try login after some time" – Pooojaaaa May 30 '16 at 11:48
  • Absolutely @kirangadhvi – Pooojaaaa May 30 '16 at 11:48

2 Answers2

2

Don't add the action to the query, but check it manually in php:

if ($result->num_rows > "0") {
    $member = $result->fetch_assoc();
    if ($member['action'] != 'confirmed') {
        $errmsg_arr[] = 'You have not been confirmed by the admin yet, Try login after some time';
        $errflag = true;
        if ($errflag) {
            $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            session_write_close();
            header("location:employer.php");
        }
    } else {
        $_SESSION['SESS_MEMBER_ID'] = $member['id'];
        $_SESSION['SESS_EMAIL'] = $member['email'];
        session_write_close();
        header("location:emp_home.php");
    }
} else {
    $errmsg_arr[] = 'Wrong Username or Password';
    $errflag = true;
    if ($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location:employer.php");
    }
}

And try to avoid multiple copy+paste lines, I suggest you do it something like this:

$errflag = false;
if ($result->num_rows > "0") {
    $member = $result->fetch_assoc();
    if ($member['action'] != 'confirmed') {
        $errmsg_arr[] = 'You have not been confirmed by the admin yet, Try login after some time';
        $errflag = true;
    }
} else {
    $errmsg_arr[] = 'Wrong Username or Password';
    $errflag = true;
}

if ($errflag === true) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    $location = 'employer.php';
} else {
    $_SESSION['SESS_MEMBER_ID'] = $member['id'];
    $_SESSION['SESS_EMAIL'] = $member['email'];
    $location = 'emp_home.php';
}

session_write_close();
header("location:" . $location);
die; // <-- NOTICE THIS
Peon
  • 7,902
  • 7
  • 59
  • 100
0


Add one more condition in this if ($result->num_rows > "0") section. Because $result->num_rows > "0" does not mean $errmsg_arr[] = 'Wrong Username or Password';. There is one more thing which you need to check.
I will suggest you to, close this if and then add another if with this $stmt = $con->prepare("SELECT * FROM employer WHERE email = ? AND password = ? AND action = '' "); SQL. In the else part you can add wrong user name and password.
Hope this may solve your problem.

Avishake
  • 460
  • 1
  • 6
  • 20