This topic is locked

Prevent users with active=false to login

10/20/2021 12:24:44 PM
ASPRunner.NET General questions
C
ccvvcc author

Dear everyone,

My aim is to disable a user to login if their "active" field is 0 / False in the database.

My ASPRunner.NET is 10.6 Build 37620 x64

I am using Database approach in Security Settings. I dont have New User Registration page. I am creating users manually in database. So some users have active field active =1, some users have active=0

I have created users table through Security Wizard. So it is a default table for users.

In conclusion; How can I prevent users with active=false to login?

Thanks a lot for your suggestions in advance.

ccvvcc

admin 10/20/2021

There are multiple ways to achieve this but the easiest is to modify the SQL query of the login table:

select username,
password,
...
from users
where active=1
D
david22585 10/21/2021

I'm using PHPRunner/PHP, and this is what I use which may point you in another direction:

Events -> Login page -> Before Process

// Set message depending on login error or not.
echo $_SESSION["msg"]

Before Login

// Checks to see if account is inactive. If true, don't allow login. USERTYPE 5 is Pending
$_SESSION["msg"] = "";
$rs = DB::Query("SELECT usertype, activation_flag FROM website_users WHERE email = '".$username."'");
$status = $rs->fetchAssoc();
if ($status["activation_flag"] == "0"){
$message = "You email address has not been verified. Please click the link in the email that was sent to you to verify your email.
Please check your spam folder as well.";
return false;
} else if ($status["usertype"] == "5"){
$message = "Your profile is currently pending. Please allow 48 hours for your registration to be reviewed. You will receieve an e-mail as soon as your account has been approved.";
return false;
} else if($status["usertype"] == "99"){
$message = "This account has been deactivated. Please contact support for further information.";
return false;
} else {
return true;
}
T
Tuong Do 10/29/2021

Hi

If you implement this in the before login then you can not kickout the one that have already login in the past and tick remember me

You need to implement this in the after AfterSuccessfulLogin event

bool vRememberMe = false ;
if (String.IsNullOrEmpty(MVCFunctions.postvalue("username")) ) {
vRememberMe = true;
if (data["ACTIVE"] != "Y" || data["ACCOUNT_LOCKED"] == "Y" ) {
Security.logout();
}
}