Jump to content

Need help with my ban system

Tom8001

By Tom8001
in PHP Coding Help

 Share
Go to solution Solved by Ch0cu3r,

Recommended Posts

Tom8001 Member

Tom8001

Posted
Posted (edited)

 

Hi this is my login script i do have the html if you need to see it please ask & i was wondering if anyone would be kind enough to tell me how i can get my ban system to work :) Thanks

<?php

require 'connect.php';

if(isset($_POST['submit'])) {

	$username = $_POST['username'];
	$password = $_POST['password'];

	//Prevent hackers from using SQL Injection
	$username = stripslashes($username);
	$password = stripslashes($password);
	$username = mysql_real_escape_string($username);
	$password = mysql_real_escape_string($password);

	$sql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'";
	$result = mysql_query($sql);
	$count = mysql_num_rows($result);

	$user_level = $_GET['user_level'];

	$_SESSION['user_level'] = $user_level;

	if($count == 1) {

		$_SESSION['username'];
		$_SESSION['password'];
		header("Location: index.php");
	} else {

		echo "Please check the username and password you entered is correct.";
	} if($_SESSION['user_level'] == 0) {
		$_SESSION['username'];
		$_SESSION['password'];
		header("Location: index.php");
		
	} else if($_SESSION['user_level'] == -1) {

		die();
		header("Location: banned.php");

	} else if($_SESSION['user_level'] < -1) {
		die();
		echo "An error has occurred please contact your administrator.";

	} else if($_SESSION['user_level'] == 1) {
		$_SESSION['username'];
		$_SESSION['password'];
		header("Location: admin.php");

	}


}

?>
Edited by Tom8001
Link to comment
Share on other sites
Ch0cu3r Newbie

Ch0cu3r

Posted
Posted (edited)

 

 

how i can get my ban system to work

Which is where? What problems are you facing? Do you get any errors if so post them here. Its not good just pasting code and not explaining what the problem is.

 

Your passwords should not be stored in the database as plain text. You should only be storing the password hash in the database. Look at using password_hash (if you're not using PHP5.5 then use this password compatibility library) to hash your users password.

 

These lines on their own will be doing nothing.

$_SESSION['username'];
$_SESSION['password'];

You should also update your code to use PDO or MySQLi. The mysql_* functions are deprecated, meaning they are no longer supported. They could be be removed from future versions of PHP.

Edited by Ch0cu3r
Link to comment
Share on other sites
Tom8001 Member

Tom8001

Posted
  • Author
Posted

Which is where? What problems are you facing? Do you get any errors if so post them here. Its not good just pasting code and not explaining what the problem is.

 

Your passwords should not be stored in the database as plain text. You should only be storing the password hash in the database. Look at using password_hash (if you're not using PHP5.5 then use this password compatibility library) to hash your users password.

 

These lines on their own will be doing nothing.

$_SESSION['username'];
$_SESSION['password'];

You should also update your code to use PDO or MySQLi. The mysql_* functions are deprecated, meaning they are no longer supported. They could be be removed from future versions of PHP.

It's ok it's on localhost and no i do not get any errors with this, what happens is i have changed my user level in phpmyadmin and it does not change anything the code for the ban system at the bottom is not working i'm not sure if i need to send a query to the database it just redirects to the index.php page and not the banned.php page. If you need me to paste anything else in please ask :) 

Link to comment
Share on other sites
  • Solution
Ch0cu3r Newbie

Ch0cu3r

Posted
  • Solution
Posted

So its this part is used to prevent someone with a user level of -1 from logging in?

else if($_SESSION['user_level'] == -1) {
 
		die();
		header("Location: banned.php");
 
	}

die() needs to be called after header() not before it.

 

Here you getting the user level from $_GET

	$user_level = $_GET['user_level'];

$_GET is used to get values of parameters passed in the url.

 

Dont you mean to get the user_level from the result of your query here?

// fetch the data from the resultset
$row = mysql_fetch_assoc($result);

// get the users user level
$user_level = $row['user_level'];
Link to comment
Share on other sites
Ch0cu3r Newbie

Ch0cu3r

Posted
Posted

A simple way would be to add a   loggedIn  flag in the session when the user successfully authenticates. On the pages you only want logged in users to access you'd check to make sure this flag exist in the session. You would redirect the user to login.php if it does not exist.

 

To log a user out you can simply delete that flag from the session.

 

Example code

 

When the user successfully logs in set the loggedIn flag in the session to true

$_SESSION['loggedIn'] = true;

On pages you want to protect you can start them with

<?php
session_start(); // always call session_start at the top of any script which is going to use $_SESSION

// redirect user to login.php if loggedIn session flaf is not set or it is set but is not true
if(!isset($_SESSION['loggedIn']) || (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] != true))
{
    header('Location: login.php');
}

// rest of your code here
Link to comment
Share on other sites
Tom8001 Member

Tom8001

Posted
  • Author
Posted

Hello, well my ban system works when i login but if i go to the index page i can still view it 

 

My ban code (This is the code in login.php)

$row = mysql_fetch_assoc($result);
$user_level = $row['user_level'];

if($row['user_level'] == 0) {

		//Do Nothing

	} else if($row['user_level'] == -1) {
 
		header("Location: banned.php");
 
	} else if($row['user_level'] < -1) {
		echo "There is something wrong with your account please contact support.";
 
	} else if($row['user_level'] == 1) {

		header("Location: admin.php");
 
	}

& This is the code in my index.php page 

<?php

error_reporting(0);

require 'connect.php';

require 'ifbanned.php';

session_start();
if(!$_SESSION['loggedIn']){
echo "You must be logged in to access this page you are not currently logged in you can login <a href='login.php'>here</a>";
die();
}

?>

to try and resolve this i made the file ifbanned.php which has the same code as the first lot of code i pasted.

 

I'm  not sure if that made sense but if it did can you please try and help me?

 

Thanks

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.