I have made a Registration and Login application with Codeigniter 3.
When someone fills the *Registration form* and submits it successfully, the "active" column of the "users" table receives the value 0, as visible in the image bellow:
![[Image: 6oeby.png]]()
Users will have to activate their accounts before being able to sign in.
The user_login() function inside the Usermodel:
In the Signin.php controller I have the signin() method:
but there is a flaw in it because even when the email and password are correct, but the user is inactive, the message is: "Incorrect email or password" Instead of "Your account has not been activated".
When someone fills the *Registration form* and submits it successfully, the "active" column of the "users" table receives the value 0, as visible in the image bellow:
![[Image: 6oeby.png]](http://i.stack.imgur.com/6oeby.png)
Users will have to activate their accounts before being able to sign in.
The user_login() function inside the Usermodel:
PHP Code:
public function user_login($email, $password, $active) {
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]);
return $query->row();
}
In the Signin.php controller I have the signin() method:
PHP Code:
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user->active == 1) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->fname,
'user_active' => $current_user->active,
'is_logged_in' => TRUE
)
);
redirect('home');
} else {
// If the user found is NOT active
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
redirect('signin');
}
} else {
// If we do NOT find a user
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else
{
$this->load->view('signin');
}
}
but there is a flaw in it because even when the email and password are correct, but the user is inactive, the message is: "Incorrect email or password" Instead of "Your account has not been activated".