我有下表
登录
IdUser(整数)
用户名(varchar)
密码(varchar)
电子邮件(varchar)
主动(整数)
Active 为 0 或 1,具体取决于用户的电子邮件是否经过验证。如果验证了帐户,则表中的活动行将更新为 1。如果未验证帐户,则表中的活动行保持为 0。
用户只有在其帐户经过验证后才能登录。
到目前为止,我的登录是这样的:
//login API
function login($user, $pass) {
// try to match a row in the "login" table for the given username and password
$result = query("SELECT IdUser, username FROM login WHERE username='%s' AND pass='%s' limit 1", $user, $pass);
if (count($result['result'])>0) {
// a row was found in the database for username/pass combination
// save a simple flag in the user session, so the server remembers that the user is authorized
$_SESSION['IdUser'] = $result['result'][0]['IdUser'];
// print out the JSON of the user data to the iPhone app; it looks like this:
// {IdUser:1, username: "Name"}
print json_encode($result);
} else {
// no matching username/password was found in the login table
errorJson('Authorization failed');
}
}
我将如何只为经过验证的用户提供登录权限?