[SOLVED] Sessions

[mcmuney]

The other day, I found a user of my site mass spamming. While he was sending messages to other users of the site, I deleted his account. The strange thing is that he was able to continue to send messages even though his account was deleted. I'm assuming this was the case because he was already signed on and it has something to do with sessions. But once he signed off, the account would not be usable.

 

Is there any way to code it so that when an account is removed from the DB and the user is still signed on, it automatically disables the account?

[fooDigi]

you must have some type of "authorization" script included in all member areas, right? to see if the user is signed on or not... you could, instead of just checking if the session set, also have a db query checking to see if there account is enabled.

 

or when you disable the account you could actually manually delete their session data file located on the server...

[mcmuney]

This is what I'm using now:

 

<?session_start();
extract($_POST);
extract($_GET);
extract($_SESSION);
if(trim($mem_id)=="")
{
header("Location: ./login.php");
die();
}
?>

 

Can I use an if/OR statement, like (please check the syntax):

 

if((trim($mem_id)=="") OR if EXISTS(SELECT * FROM Table1 WHERE member_id='$mem_id')

//this should be DOESN'T EXIST

[fooDigi]

yeah, just query the database with the query you have, and count the rows returned...

 

if((trim($mem_id)=="") || $member_result_ct == 0)