php - Get certain value from database category

View Original

I want only verified accounts logging in to my website and therefore I've set up and a category called Verification which can either be 0(not verified) or 1(verified) in PHPMyAdmin. Ive gotten it to work so that it changes the value when the account is verified but I cant figure out how to check if the account's "Verification" is 1 or 0. I tried doing this but with no success:

What I've tried

$test = "SELECT Verification FROM users WHERE Verification = 1 AND users_uid = $uid";

if($test == false){
            $test = null;
            header("location: ../LoginPage.php?error=accountNotVerified");
            exit();
        }

And here is the whole code if this helps to clear anything up for you.

The whole code(This code works fine but doesn't check if the account is verified)

<?php

class Login extends Dbh{

protected  function getUser($uid, $pwd){
    $stmt = $this->connect()->prepare('SELECT users_pwd FROM users WHERE users_uid = ? OR users_email = ?;');

    if(!$stmt->execute(array($uid, $pwd))){
        $stmt = null;
        header("location: ../LoginPage.php?error=stmtfailed");
        exit();
    }

    if($stmt->rowCount()==0){
        $stmt = null;
        header("location: ../LoginPage.php?error=usernotfound");
        exit();
    }

    $pwdHashed = $stmt->fetchAll(PDO::FETCH_ASSOC);
    $checkPwd = password_verify($pwd,$pwdHashed[0]["users_pwd"]);

    if($checkPwd ==false){
        $stmt = null;
        header("location: ../LoginPage.php?error=wrongpassword");
        exit();
    }
    elseif($checkPwd == true){
        $stmt = $this->connect()->prepare('SELECT * FROM users WHERE users_uid = ? OR users_email = ? AND users_pwd = ?;');
        
        //HERE IS WHERE I WANT TO IMPLEMENT THE CODE WRITTEN ABOVE BUT IN A WORKING VERSION
        //HERE IS WHERE I WANT TO IMPLEMENT THE CODE WRITTEN ABOVE BUT IN A WORKING VERSION
        //HERE IS WHERE I WANT TO IMPLEMENT THE CODE WRITTEN ABOVE BUT IN A WORKING VERSION
        
        if(!$stmt->execute(array($uid, $uid, $pwd))){
            $stmt = null;
            header("location: ../LoginPage.php?error=stmtfailed");
            exit();
        }           
    }

    if($stmt->rowCount()==0){
        $stmt = null;
        header("location: ../LoginPage.php?error=usernotfound");
        exit();
    }


    $user = $stmt->fetchAll(PDO::FETCH_ASSOC);

    session_start();
    $_SESSION["userid"] = $user[0]["users_id"];
    $_SESSION["useruid"] = $user[0]["users_uid"];
    $stmt = null;
    
    }   
}

In conclusion, I want to check whether or not the "Verfication"-value is 1 or 0 in my database.

Answer

Solution:

You may change password check

from

$stmt = $this->connect()->prepare('SELECT users_pwd FROM users WHERE users_uid = ? OR users_email = ?;');

...

    $pwdHashed = $stmt->fetchAll(PDO::FETCH_ASSOC);
    $checkPwd = password_verify($pwd,$pwdHashed[0]["users_pwd"]);

    if($checkPwd ==false){
        $stmt = null;
        header("location: ../LoginPage.php?error=wrongpassword");
        exit();
    }

to

$stmt = $this->connect()->prepare('SELECT users_pwd, verification FROM users WHERE users_uid = ? OR users_email = ?;');

...

    $dbData = $stmt->fetchAll(PDO::FETCH_ASSOC);
    $verification = $dbData[0]["verification"]
    $checkPwd = password_verify($pwd,$dbData[0]["users_pwd"]);

    if($checkPwd === false || $verification !== 1){
        $stmt = null;
        if($checkPwd === false) {
            header("location: ../LoginPage.php?error=wrongpassword");
        } else {
            header("location: ../LoginPage.php?error=notverified");
        }
        exit();
    }

That will check password and verification status.

Source
© 2021
E-mail: contact@webdevask.com
Back to top