Setting up the SQL Query - PHP

Once we are successfully connected to the database, we continue to set up the SQL query. The query checks for two things. First, it checks to see if the email address that the user passed exists in the database, and then it checks to see if that account is active. So even if the email address exists, but the account is inactive, the function would return a error:

//see if the user password and email is in the table
$query ="SELECT uid, upass,CONCAT(name,' ',sname) as
name,access_level,depid FROM ".$this->dbtbl." WHERE email =
'".$this->email."'";
$query .="AND isActive = '1'";

The query is then executed:

$result =$dbcon->a_query($query);

If the result of the query is false, the user was not found in the database, so we set the login status to false:

//set the authorization status accordingly
if(!$result){
  $this->loginstatus=FALSE;

If the result of the query is true, then the user does have an active account in the database. We then continue to further authenticate the user by comparing the user-submitted password with the one retrieved from the database:

}else {
  $row=$result->fetchrow();
  //compare user submitted password with the one from the database:
  if($this->password == $row->upass){

If the two passwords are the same, then we assign the database-retrieved information to some of the global variables declared earlier:

  $this->userid=$row->uid;
  $this->uname = $row->name;
  $this->access =$row->access_level;
  $this->did =$row->depid;
  $this->em=$email;
  //$this->email=$row->email;
  $this->loginstatus=TRUE;
}

If the passwords don't match, then the appropriate error is shown and the database connect is terminated:

    else{
      $this->err=$dbcon->showerror();
      $this->loginstatus=FALSE;
    }//password check
  }
  $dbcon->disconnect();
  return $this->loginstatus;
}