stackoom
  简体   繁体   中英

Verifying user banned or not PHP?

 原文  2015-07-05 12:18:06       php/ mysql/ mysqli

Question

This is my login.php code. User is logged in even "status" is set to "yes". How can I verify if the user is banned and can I add more statuses like "suspend", "deactivated"? 

session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
  if (empty($_POST['username']) || empty($_POST['password'])) {
    $error = "Username or Password is invalid";
  } else {
    // Define $username and $password
    $username=$_POST['username'];
    $password=$_POST['password'];

    // Establishing Connection with Server by passing server_name, user_id and password as a parameter
    $connection = mysql_connect("localhost", "root", "");

    // To protect MySQL injection for Security purpose
    $username = stripslashes($username);
    $password = stripslashes($password);
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);

    // Selecting Database
    $db = mysql_select_db("DBname", $connection);

    // SQL query to fetch information of registerd users and finds user match.
    $query = mysql_query("select * from users where password='$password' AND username='$username' AND", $connection);
    $rows = mysql_num_rows($query);

    if($row[‘status’]==’yes’){
      header("banned.php");
    } else if ($rows == 1) {
      $_SESSION['login_user']=$username; // Initializing Session
      $sql = mysql_query("INSERT INTO logs (`uniqueId`, `fileAccessed`, `action`, `userIp`, `userPort`, `serverIp`, `fullPath`, `protocol`, `serverVersion`, `timestamp`) VALUES ('$username', '$filename', 'Logged In', '$usrip', '$usrport', '$servip', '$scriptpath', '$servprotocol', '$servver', '$timestamp')", $connection);
      header("location: ../pages/profile.php"); // Redirecting To Other Page
    } else {
      $error = "Username or Password is invalid";
    }
    mysql_close($connection); // Closing Connection
  }
}

1 answers

solution1
 0 ACCPTED  2015-07-05 12:26:58

Firstly don't use mySQL anymore, it is deprecated and insecure. You should look into using mySQLi or PDO instead.

The problem you are having is because $row has no value.

You are missing: 

$row = mysql_fetch_assoc($result)

So it would read like this: 

$query = mysql_query("select * from users where password='$password' AND username='$username' AND", $connection);
$rows = mysql_num_rows($query);
$row = mysql_fetch_assoc($result); 


    if($row[‘status’]==’yes’){
header("banned.php");
    }

Here it is rewritten as mySQLi, use this version instead and research the difference: 

session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
  if (empty($_POST['username']) || empty($_POST['password'])) {
    $error = "Username or Password is invalid";
  } else {
    // Define $username and $password
    $username=$_POST['username'];
    $password=$_POST['password'];

    // Establishing Connection with Server by passing server_name, user_id and password as a parameter
    $connection = mysqli_connect("localhost", "root", "");

    // To protect MySQL injection for Security purpose
    $username = stripslashes($username);
    $password = stripslashes($password);
    $username = mysqli_real_escape_string($username);
    $password = mysqli_real_escape_string($password);

    // Selecting Database
    $db = mysqli_select_db($connection, "DBname");

    // SQL query to fetch information of registerd users and finds user match.
    $query = "select * from users where password='$password' AND username='$username'";
    $result = mysqli_query($connection, $query);
    $row = mysqli_fetch_assoc($result); 
    $rows = mysql_num_rows($query);

    if($row[‘status’]==’yes’){
      header("banned.php");
    } else if ($rows == 1) {
      $_SESSION['login_user']=$username; // Initializing Session

      $query = "INSERT INTO logs (`uniqueId`, `fileAccessed`, `action`, `userIp`, `userPort`, `serverIp`, `fullPath`, `protocol`, `serverVersion`, `timestamp`) VALUES ('$username', '$filename', 'Logged In', '$usrip', '$usrport', '$servip', '$scriptpath', '$servprotocol', '$servver', '$timestamp')";

     $result = mysqli_query($connection, $query);

      header("location: ../pages/profile.php"); // Redirecting To Other Page
    } else {
      $error = "Username or Password is invalid";
    }
    mysqli_close($connection); // Closing Connection
  }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Login system, banned user php PHP Login script problems with check if user banned How to check if user is banned before logging in with PHP php trying to check if user's input does not contain banned words PHP check DB if SESSION user is “banned” doesn't return true? Check if user is banned (Laravel) Kill Active Session if User Is Banned PHP function to check for banned words PHP Filter text for banned words EE v2.5.2 Updated banned user email list - now php error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM