Security Login of Active accounts only

I got my login page to work just fine.

How do i filter the Login Server Action to check login details against only the active accounts.
In my case the Member table has a m_active boolean field.

Currently anyone can login active or not.

thanks

/J

Hello @Kattouf
So you want to allow only users having m_active true to be able to log in?

yes …

Then, you need to query the users table and check the result with a condition.

Add database single query, which queries your user table with the following conditions. Filter by username/email(or whatever is used in the login input):


turn off the ooutput option for the query, as you don’t need to use its data on the page, so you don’t want to output it in this server action.

Add a condition step, which checks if active, returned by the single query == 1:

Then -> login / Else -> set response 403 (forbidden). You can then show this response text on the page:

1 Like

Thanks i was thinking of doing that but didn’t know if i had to declare a global Post value or not since the Login In already does that. But i declared one anyway.

I am getting error 500 now. (could be my mistake)

In Response do i just set 403 in the Status field?

You use the same POST to filter the query as the one used for login step.

For the else step (Set response) you need to fill the inputs like:

Screenshot_66

Probably some field is empty and that’s why you see error 500.

Name is the name of the step (could be anything).
Status is the HTTP status you want to be returned - in this case i think 403 is the most suitable.
Text is the message that will be displayed for this status and that can be displayed on the page.

The conditional region is giving error 500. If i remove it i login.

1

Please provide the exact error message as explained here:

yes that’s where i see the error but no explanation

What server are you using and is the detailed error reporting enabled in its settings?
Also - is that PHP/ASP/ASP.NET site?

It’s PHP 72 apache mysql .

Whats strange i just enabled error reporting in htaccess and get response 200 instead of 500 (but doesn’t login)

php_flag display_errors on
php_flag html_errors on
php_flag log_errors on

Its breaking on the Conditional step. I have to remove the above entries to see error 500 in console
Tried different browser

i’m stuck

So if you remove the condition step, then the login works fine? But not when inside the “then”?
That’s strange, just tested the same on apache/mysql and PHP7+ and it works fine here.

yes login works fine if i move the Login IN above the condition and delete the condition. So the steps above are ok. Redirects after login or shows alert if unauthorized.

Once i add condition it breaks I tried many conditions even {{$_POST.email_login == ‘myemail@mail.com’}} which has to be true.

i will keep at it. i am sure i missed something

Hello Teodor

Tried to do it in App connect and browser.goto based on query but it didn’t work either and upon investigating i Enabled PHP 7.3 in Cpanel ( had 7.2) then it gave full error and and now your above solution is working. So definitely the condition code breaks in 7.2 at least on my server.

All good now. :slight_smile:

Can you share the error please?

Nevermind, i think it was running 5.6! cpanel has two php selection options was confusing.

Seems to work now but Wordpress broke but thats a different story :slight_smile:

anyway. all good now. if i notice anything i’ll let know.

thanks

1 Like