Verifiying a DB entry from the logged in user's record and act if found

vexdarkness · September 24, 2019, 11:54pm

I hope my title makes sense. Basically, if a member in my DB is activated, the var “activated” shows up in their record under “activation_code”. So I want to read that and if found, the user can proceed, and if not found, display the error message. This is my code, and it doesn’t work. lol I think I need to figure out how to reference the currently logged in user, but I’m not sure how. Help please!

if ($stmt = $db->prepare('SELECT * FROM members WHERE activation_code = ?')) {
		$stmt->bind_param('s', $activated);
		$stmt->execute();
		// Store the result so we can check if the account exists in the database.
		$stmt->store_result();
      	if ($stmt->num_rows < 0) {
			header("Location: error.php");
		}
}

Thanks!

m_hutley · September 25, 2019, 12:57am

Well, how do you know a user is logged in?

droopsnoot · September 25, 2019, 9:10am

You need a WHERE clause in that query

select * from members where activation_code = 'activated' and member_id = ?

for example.

Personally I’d have two separate columns - activation_code (which is presumably a string containing the code you use for the email-confirmation or similar) and activated, a Boolean.

Will this

if ($stmt->num_rows < 0) {

ever be true?

vexdarkness · September 25, 2019, 8:21pm

I was able to fix it with the script author’s help. I’m using 3 or 4 code snippets that I’ve pieced together.

Thanks!

SpacePhoenix · September 26, 2019, 6:06am

Do you really need all the fields when it looks like you’re not using them? Consider using a SELECT COUNT() and when you get the result of the SELECT COUNT(), if the result is 0 then give a no such member error, if it’s more than 1 give the user a generic something went wrong error but log it to your error log that there was two or more occurances of the activation code.

Are you making sure that no two (or more) users can get the same activation code?

I personally would have a separate table for registrations, if they get confirmed, create a suitable entry in the members/users table and have a cron job purge the registrations table of any that haven’t confirmed their registration within a given amount of time after having filled out the registration form

vexdarkness · September 26, 2019, 9:04pm

Basically the code I implemented looks up the user in the DB by the ID of the logged in member. Then it checks to see if they are activated (UN-activated members each get a unique code). If “activated” exists in that user’s record in place of the code, they are forwarded to the main page. If not, they get an error and are sent back to the home page. It took some tinkering, but seems to work great!

system · December 27, 2019, 4:04am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.