ban and user activation system but I have some problems on the login script

Question

I'm new to php. I have a login system, and now I'm trying to implement a ban and user activation system but I have some problems on the login script. Here is the code from my script:

 <?php
    $query = "SELECT id, username, password, salt, email, firstname, lastname, active, banned FROM users WHERE username = :username "; 
    $query_params = array( 
        ':username' => $_POST['username'] 
    ); 
    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        die("Failed to run query: " . $ex->getMessage()); 
    } 
    $row = $stmt->fetch(); 

    $login_ok = false; 
    $login_match = false; 
    $login_active = false; 
    $login_banned = false; 

    if($row) 
    { 
        $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
        if($check_password === $row['password']) 
        { 
            $login_match = true; 
        } 
    if($row['active'] == 1) {
        $login_active = true;
    }
    if($row['banned'] == 1) {
        $login_banned = true;
    }
    if($login_match && $login_active && !$login_banned) {
        $login_ok = true;
    }
    } 
    if($login_ok) 
    { 
        unset($row['salt']); 
        unset($row['password']); 
        $_SESSION['user'] = $row; 
        header("Location: index.php"); 
        die("Redirecting..."); 
    } 
    else 
    { 
        if(!$login_match) { echo "Wrong username/pasword.";}
        if(!$login_active) { echo "Account not activated, check your email";}
        if($login_banned) { echo "Your account is banned";}
    } 
?>

In my Database I have 2 columns active and banned, where 0 means that account is activated and not banned, and 1 if account is not activate or is banned.

How can I display different messages to the user? If a user will enter a wrong username or password, he will get all three messages from the final else {}. I want to display messages to the user like this: If username or password is wrong, display only Wrong username/pasword. and ignore $login_active $login_banned. If username/password is ok, but account not activated, Account not activated, check your email. and ignore the $login_banned switch. If username/password is ok, but account is banned display Your account is banned and ignore the $login_active switch.

I'm sorry if I wrote too much, I hope I explained right.

Answer 1

Change this:

if(!$login_match) { echo "Wrong username/pasword.";}
if(!$login_active) { echo "Account not activated, check your email";}
if($login_banned) { echo "Your account is banned";}

To this:

<?php
if ($login_banned == true) {
        echo "Your account is banned";
} else if ($login_match != true) {
        echo "Wrong username/password.";
} else if ($login_active != true) {
        echo "Account not activated, check your email";
}
?>

I hope it does what you want.

Below are options you could still use:

//PICK OPTIONS DEPENDING ON YOUR PREFERENCE AND MESSAGE PRIORITIES
    //option 1
    if ($login_match != true) {
        echo "Wrong username/pasword.";
    } else if ($login_banned != true) {
        echo "Your account is banned";
    } else if ($login_active != true) {
        echo "Account not activated, check your email";
    }

    //option 2
    if ($login_match != true) {
        echo "Wrong username/pasword.";
    } else if ($login_active != true) {
        echo "Account not activated, check your email";
    } else if ($login_banned != true) {
        echo "Your account is banned";
    }

    //option 3
    if ($login_banned == true) {
        echo "Your account is banned";
    } else if ($login_match != true) {
        echo "Wrong username/password.";
    } else if ($login_active != true) {
        echo "Account not activated, check your email";
    }