Tom8001 Posted November 23, 2014 Share Posted November 23, 2014 (edited) Hi this is my login script i do have the html if you need to see it please ask & i was wondering if anyone would be kind enough to tell me how i can get my ban system to work Thanks <?php require 'connect.php'; if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; //Prevent hackers from using SQL Injection $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"; $result = mysql_query($sql); $count = mysql_num_rows($result); $user_level = $_GET['user_level']; $_SESSION['user_level'] = $user_level; if($count == 1) { $_SESSION['username']; $_SESSION['password']; header("Location: index.php"); } else { echo "Please check the username and password you entered is correct."; } if($_SESSION['user_level'] == 0) { $_SESSION['username']; $_SESSION['password']; header("Location: index.php"); } else if($_SESSION['user_level'] == -1) { die(); header("Location: banned.php"); } else if($_SESSION['user_level'] < -1) { die(); echo "An error has occurred please contact your administrator."; } else if($_SESSION['user_level'] == 1) { $_SESSION['username']; $_SESSION['password']; header("Location: admin.php"); } } ?> Edited November 23, 2014 by Tom8001 Quote Link to comment https://forums.phpfreaks.com/topic/292666-need-help-with-my-ban-system/ Share on other sites More sharing options...
Ch0cu3r Posted November 23, 2014 Share Posted November 23, 2014 (edited) how i can get my ban system to work Which is where? What problems are you facing? Do you get any errors if so post them here. Its not good just pasting code and not explaining what the problem is. Your passwords should not be stored in the database as plain text. You should only be storing the password hash in the database. Look at using password_hash (if you're not using PHP5.5 then use this password compatibility library) to hash your users password. These lines on their own will be doing nothing. $_SESSION['username']; $_SESSION['password']; You should also update your code to use PDO or MySQLi. The mysql_* functions are deprecated, meaning they are no longer supported. They could be be removed from future versions of PHP. Edited November 23, 2014 by Ch0cu3r Quote Link to comment https://forums.phpfreaks.com/topic/292666-need-help-with-my-ban-system/#findComment-1497401 Share on other sites More sharing options...
Tom8001 Posted November 23, 2014 Author Share Posted November 23, 2014 Which is where? What problems are you facing? Do you get any errors if so post them here. Its not good just pasting code and not explaining what the problem is. Your passwords should not be stored in the database as plain text. You should only be storing the password hash in the database. Look at using password_hash (if you're not using PHP5.5 then use this password compatibility library) to hash your users password. These lines on their own will be doing nothing. $_SESSION['username']; $_SESSION['password']; You should also update your code to use PDO or MySQLi. The mysql_* functions are deprecated, meaning they are no longer supported. They could be be removed from future versions of PHP. It's ok it's on localhost and no i do not get any errors with this, what happens is i have changed my user level in phpmyadmin and it does not change anything the code for the ban system at the bottom is not working i'm not sure if i need to send a query to the database it just redirects to the index.php page and not the banned.php page. If you need me to paste anything else in please ask Quote Link to comment https://forums.phpfreaks.com/topic/292666-need-help-with-my-ban-system/#findComment-1497402 Share on other sites More sharing options...
Tom8001 Posted November 23, 2014 Author Share Posted November 23, 2014 I Have just been messing about now and it says on line 29 which is if($_SESSION['user_level'] == 0) { It says Notice: Undefined variable: _SESSION in C:\xampp\htdocs\Login\login.php on line 29 Quote Link to comment https://forums.phpfreaks.com/topic/292666-need-help-with-my-ban-system/#findComment-1497404 Share on other sites More sharing options...
Solution Ch0cu3r Posted November 23, 2014 Solution Share Posted November 23, 2014 So its this part is used to prevent someone with a user level of -1 from logging in? else if($_SESSION['user_level'] == -1) { die(); header("Location: banned.php"); } die() needs to be called after header() not before it. Here you getting the user level from $_GET $user_level = $_GET['user_level']; $_GET is used to get values of parameters passed in the url. Dont you mean to get the user_level from the result of your query here? // fetch the data from the resultset $row = mysql_fetch_assoc($result); // get the users user level $user_level = $row['user_level']; Quote Link to comment https://forums.phpfreaks.com/topic/292666-need-help-with-my-ban-system/#findComment-1497405 Share on other sites More sharing options...
Tom8001 Posted November 23, 2014 Author Share Posted November 23, 2014 Yes, thank you so much it's now working Thanks Quote Link to comment https://forums.phpfreaks.com/topic/292666-need-help-with-my-ban-system/#findComment-1497408 Share on other sites More sharing options...
Tom8001 Posted November 23, 2014 Author Share Posted November 23, 2014 Sorry just something else, would you be able to tell me how i can redirect a user to the login page for example if they try to access a page that you need to be logged in to view how i can redirect them? Quote Link to comment https://forums.phpfreaks.com/topic/292666-need-help-with-my-ban-system/#findComment-1497409 Share on other sites More sharing options...
Ch0cu3r Posted November 23, 2014 Share Posted November 23, 2014 A simple way would be to add a loggedIn flag in the session when the user successfully authenticates. On the pages you only want logged in users to access you'd check to make sure this flag exist in the session. You would redirect the user to login.php if it does not exist. To log a user out you can simply delete that flag from the session. Example code When the user successfully logs in set the loggedIn flag in the session to true $_SESSION['loggedIn'] = true; On pages you want to protect you can start them with <?php session_start(); // always call session_start at the top of any script which is going to use $_SESSION // redirect user to login.php if loggedIn session flaf is not set or it is set but is not true if(!isset($_SESSION['loggedIn']) || (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] != true)) { header('Location: login.php'); } // rest of your code here Quote Link to comment https://forums.phpfreaks.com/topic/292666-need-help-with-my-ban-system/#findComment-1497413 Share on other sites More sharing options...
Tom8001 Posted November 23, 2014 Author Share Posted November 23, 2014 i got this error Notice: A session had already been started - ignoring session_start() in C:\xampp\htdocs\Login\login.php on line 3 Quote Link to comment https://forums.phpfreaks.com/topic/292666-need-help-with-my-ban-system/#findComment-1497415 Share on other sites More sharing options...
Ch0cu3r Posted November 23, 2014 Share Posted November 23, 2014 Somewhere in your code you are calling session_start() more than once. It only needs to be called once. Quote Link to comment https://forums.phpfreaks.com/topic/292666-need-help-with-my-ban-system/#findComment-1497417 Share on other sites More sharing options...
Tom8001 Posted November 23, 2014 Author Share Posted November 23, 2014 i want to protect my index.php page so only logged in users can see it and the only code in index.php is <html> <a href="logout.php"> Logout </a> </html> Quote Link to comment https://forums.phpfreaks.com/topic/292666-need-help-with-my-ban-system/#findComment-1497421 Share on other sites More sharing options...
Tom8001 Posted November 23, 2014 Author Share Posted November 23, 2014 Hello, well my ban system works when i login but if i go to the index page i can still view it My ban code (This is the code in login.php) $row = mysql_fetch_assoc($result); $user_level = $row['user_level']; if($row['user_level'] == 0) { //Do Nothing } else if($row['user_level'] == -1) { header("Location: banned.php"); } else if($row['user_level'] < -1) { echo "There is something wrong with your account please contact support."; } else if($row['user_level'] == 1) { header("Location: admin.php"); } & This is the code in my index.php page <?php error_reporting(0); require 'connect.php'; require 'ifbanned.php'; session_start(); if(!$_SESSION['loggedIn']){ echo "You must be logged in to access this page you are not currently logged in you can login <a href='login.php'>here</a>"; die(); } ?> to try and resolve this i made the file ifbanned.php which has the same code as the first lot of code i pasted. I'm not sure if that made sense but if it did can you please try and help me? Thanks Quote Link to comment https://forums.phpfreaks.com/topic/292666-need-help-with-my-ban-system/#findComment-1497444 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.