Make suspended user unable to login?

djfox · August 30, 2007

I have in the database a field called isHold. If isHold is 0, the account is not suspended. But if it`s 1, then the account is suspended.

I think the easiest way to make the account actually on suspension is to make the person unable to log in. Like, if they try, the login does not work and they get a message that says something like "Sorry, your account is suspended."

Here is the form to login (login.php):

<table border=0 width=100% bgcolor="000000">
<tr>
<td background="largebanner.png"><b>Enter Secret Trance</b>
<tr>
<td background="boxback.png"><form action="index.php" method="post">
Username: <input type="text" name="log" size="20">     
Password: <input type="password" name="pass" size="20">     
<input name="submit" type=submit value="Login">    
</form>
</table>

Here is the file for when the person is logged in (logged.php):

<?

/*
  Authentication code
*/
require_once "auth.php";

$log = isset($_SESSION['sess_name'])?$_SESSION['sess_name']:'';
$pass = isset($_SESSION['pass'])?$_SESSION['pass']:'';
$nmsg = 0;
$rows = isset($_SESSION['rows'])?$_SESSION['rows']:array();
$echos = isset($_SESSION['echos'])?$_SESSION['echos']:'';

/*
==========================================================================
*/
function ShowLoggedInBar() {
global $log,$pass,$nmsg,$rows,$echos;

   $nmes="";
   if($nmsg){
 $nmes="($nmsg New)";
   }
   
   echo "<table width=100% border=0 cellpadding=0 bgcolor='000000'><tr><td background='largebanner.png'>";
   echo "<b><a href=\"trancer.php\">$log</a></b>     Echos <b>$echos</b>     ";
   echo "<a href='index.php?logout=1'>Logout</a>";
   echo "<tr><td background='boxback.png'>";
   ?>
   <?
   require_once "loggedmenu.php";
   ?>
   <?php
   echo "</table>";	
}

/*
==========================================================================
Main
==========================================================================
*/

/* check if we are logging out */
if (isset($_REQUEST['logout'])) {
Logout();
}

/* check if already logged in */
if (isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)) {   
   ShowLoggedInBar();
} else {

/* not logged in, is it a form post? */
if (isset($_REQUEST['log']) && isset($_REQUEST['pass'])) {
	$log = $_REQUEST['log'];
	$pass = crypt($_REQUEST['pass'],$log);
	Login($log,$pass);
	ShowLoggedInBar();
} else {
	require "login.php";
}
}


?>

Just in case it`s needed, here`s auth.php:

<?
	// Defines

	DEFINE('SESSION_MAGIC','sadhjasklsad2342');

	// Initialization
	@session_start();
	@ob_start();
  

    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 

     /*
        Deletes existing session
    */
function RemoveSession() {
	$_SESSION = array();
	if (isset($_COOKIE[session_name()])) {
	   @setcookie(session_name(), '', time()-42000, '/');
	}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

	return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}

    /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }

    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
   {
	   $count=mysql_num_rows($res);
	   mysql_free_result($res);	   
	   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;	
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['status'] = $rows[4];
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $rows; /* stupid stupid hack */
		    $nmsg = CountMessages($rows[0]);
		    $ok=true;
	   } else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
   }
   return($ok);
   }

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
	    foreach($arr as $k => $v) {
	        if (is_array($v)) {
	            Escape($arr[$k]);
	        }
	        else {
	            if (function_exists('get_magic_quotes')) {
	                if(!get_magic_quotes_gpc()) {
	                    $arr[$k] = stripslashes($v);
	                }
	            }
	            $arr[$k] = mysql_real_escape_string($v);
	        }
	   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>

By no means am I professional, I`m still learning all about php. These codes were done by other programmers (all whom I do not have any way to contact them again so I can`t ask them to do it) by about 90%.

I`ve seen sites have the function where if your account is suspended, they don`t let you log in and they give you a message that says your account is suspended. But I`ve no clue on how to do it. And I couldn`t find any example scripts to look over.

Fadion · August 31, 2007

To make it easy modify this line in the login function:

if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status FROM userdata WHERE login='$username' AND password='$password'")){

to

if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status FROM userdata WHERE login='$username' AND password='$password' AND isHold='0'")){

If that query return 0 rows then its either an invalid account or its suspended. Another way to also keep better error handling:

if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
                                   if($rows[isHold_column] == '1'){
                                         die('Your account is suspended');
                                   } else{
                                         //code code
                                   }
                             }

djfox · August 31, 2007

I must have done something wrong somewhere while implementing the second code you displayed:

function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;	
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
                                   if($rows[isHold_column] == '1'){
                                         die('Your account is suspended');
                                   } else{
                                       if ($rows=mysql_fetch_row($res)) {
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['status'] = $rows[4];
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $rows; /* stupid stupid hack */
		    $nmsg = CountMessages($rows[0]);
		    $ok=true;
	   } else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
	   }
   return($ok);
                                   }
                             }
	   
	   
  
   }

It disallows everyone from logging in. Where did I mess up?

Fadion · August 31, 2007

the isHold_column i wrote was just a placeholder as i dont know its column name. It should be:

if($rows[5] == '1'){

or

if($rows['isHold'] == '1'){

The idea is to check the isHold field of that row. $rows[5] means it is the sixth column of your users table.

Also in the select query add isHold:

$res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold FROM userdata WHERE login='$username' AND password='$password'")

djfox · August 31, 2007

Ok, I did that and am still having problems with it allowing people to log in. Is there something else I missed?

phpSensei · August 31, 2007

Its unecessary to put "if(mysql_fetch_array...."

just leave it out of the statement.

pocobueno1388 · August 31, 2007

Could you post your updated code?

Fadion · August 31, 2007

Probably u still havent the right column for isHold. Try echoing $rows[5] or whatever u put to it, normally after u make the query . Try different values to see which one echos the right isHold column. Ex:

echo $row[5]; //ex it doesnt print nothing
echo $row[6]; //ex it prints 1, so this is what u need
echo $row[7]; //ex it doesnt print nothing

djfox · August 31, 2007

pocobueno1388

Here is the updated code:

<?
	// Defines

	DEFINE('SESSION_MAGIC','sadhjasklsad2342');

	// Initialization
	@session_start();
	@ob_start();
  

    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 

     /*
        Deletes existing session
    */
function RemoveSession() {
	$_SESSION = array();
	if (isset($_COOKIE[session_name()])) {
	   @setcookie(session_name(), '', time()-42000, '/');
	}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

	return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}

    /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }

    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
   {
	   $count=mysql_num_rows($res);
	   mysql_free_result($res);	   
	   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;	
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
                                   if($rows[5] == '1'){
                                         die('Your account is suspended');
                                   } else{
                                       if ($rows=mysql_fetch_row($res)) {
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['status'] = $rows[4];
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $rows; /* stupid stupid hack */
		    $nmsg = CountMessages($rows[0]);
		    $ok=true;
	   } else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
	   }
   return($ok);
                                   }
                             }
	   
	   
  
   }

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
	    foreach($arr as $k => $v) {
	        if (is_array($v)) {
	            Escape($arr[$k]);
	        }
	        else {
	            if (function_exists('get_magic_quotes')) {
	                if(!get_magic_quotes_gpc()) {
	                    $arr[$k] = stripslashes($v);
	                }
	            }
	            $arr[$k] = mysql_real_escape_string($v);
	        }
	   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>

phpSensei · August 31, 2007

try this



if($row['THE HOLD TABLE HERE'] == '1'){

Fadion · August 31, 2007

phpSensei, thats what ive been suggesting in 3 posts...

djfox · August 31, 2007

phpSensei

That still gives me the same result. Even though the person`s account is not suspended, the code doesn`t let the person log in. (Love the name, btw. )

Fadion · August 31, 2007

djfox, make a screenshot to your users table in phpmyadmin to see your columns setup, as trying like this is leading nowhere.

phpSensei · August 31, 2007

phpSensei

That still gives me the same result. Even though the person`s account is not suspended, the code doesn`t let the person log in. (Love the name, btw. )

lol thanks...

suggestions: Then make like this


if($row['YOUR SUSPENDED COLOUMN'] != '0'){

///////DIEE!!!!

One more thing, I suggest you use letters instead of numbers. Just try making A for suspended and B for not suspended.

djfox · August 31, 2007

I`m not sure which way is the correct way to post these in this forum (every forum has different rules and I can`t keep track of it) but here we go:

http://i174.photobucket.com/albums/w120/beloveddoll/data.jpg

http://i174.photobucket.com/albums/w120/beloveddoll/data2.jpg

Fadion · August 31, 2007

suggestions: Then make like this
if($row['YOUR SUSPENDED COLOUMN'] != '0'){
///////DIEE!!!!
One more thing, I suggest you use letters instead of numbers. Just try making A for suspended and B for not suspended.

"$var == 1" and "$var != 0" will produce exactly the same in this case. And whats the point of using A and B instead of 0 and 1?? Ideally he could use boolean, but 0 and 1, 100 and 293, ABC and BCA are the same, again in this case.

Fadion · August 31, 2007

I`m not sure which way is the correct way to post these in this forum (every forum has different rules and I can`t keep track of it) but here we go:

http://i174.photobucket.com/albums/w120/beloveddoll/data.jpg

http://i174.photobucket.com/albums/w120/beloveddoll/data2.jpg

use $rows['isHold'] or $rows[6].

djfox · August 31, 2007

Got the same result. This is a head scratcher...I did put the codes in properly, right? I didn`t miss any { }or put in any extras?

Fadion · August 31, 2007

Did u modify the query as i suggested?

$res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold FROM userdata WHERE login='$username' AND password='$password'")

djfox · August 31, 2007

Yep, here ya go:

<?
	// Defines

	DEFINE('SESSION_MAGIC','sadhjasklsad2342');

	// Initialization
	@session_start();
	@ob_start();
  

    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 

     /*
        Deletes existing session
    */
function RemoveSession() {
	$_SESSION = array();
	if (isset($_COOKIE[session_name()])) {
	   @setcookie(session_name(), '', time()-42000, '/');
	}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

	return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}

    /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }

    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
   {
	   $count=mysql_num_rows($res);
	   mysql_free_result($res);	   
	   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;	
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
                                   if($row[6] == '1'){
                                         die('Your account is suspended');
                                   } else{
                                       if ($rows=mysql_fetch_row($res)) {
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['status'] = $rows[4];
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $rows; /* stupid stupid hack */
		    $nmsg = CountMessages($rows[0]);
		    $ok=true;
	   } else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
	   }
   return($ok);
                                   }
                             }
	   
	   
  
}

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
	    foreach($arr as $k => $v) {
	        if (is_array($v)) {
	            Escape($arr[$k]);
	        }
	        else {
	            if (function_exists('get_magic_quotes')) {
	                if(!get_magic_quotes_gpc()) {
	                    $arr[$k] = stripslashes($v);
	                }
	            }
	            $arr[$k] = mysql_real_escape_string($v);
	        }
	   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>

I tried $rows[5] and $rows[6] in which neither had any sort of effect. I left 6 in there because that was in there last. Putting in 5 (which is what I`m sure it should be) didn`t make any difference in the code`s performance.

phpSensei · August 31, 2007

Yep, here ya go:

<?
	// Defines

	DEFINE('SESSION_MAGIC','sadhjasklsad2342');

	// Initialization
	@session_start();
	@ob_start();
  

    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 

     /*
        Deletes existing session
    */
function RemoveSession() {
	$_SESSION = array();
	if (isset($_COOKIE[session_name()])) {
	   @setcookie(session_name(), '', time()-42000, '/');
	}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

	return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}

    /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }

    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
   {
	   $count=mysql_num_rows($res);
	   mysql_free_result($res);	   
	   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;	
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
                                   if($row[6] == '1'){
                                         die('Your account is suspended');
                                   } else{
                                       if ($rows=mysql_fetch_row($res)) {
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['status'] = $rows[4];
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $rows; /* stupid stupid hack */
		    $nmsg = CountMessages($rows[0]);
		    $ok=true;
	   } else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
	   }
   return($ok);
                                   }
                             }
	   
	   
  
}

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
	    foreach($arr as $k => $v) {
	        if (is_array($v)) {
	            Escape($arr[$k]);
	        }
	        else {
	            if (function_exists('get_magic_quotes')) {
	                if(!get_magic_quotes_gpc()) {
	                    $arr[$k] = stripslashes($v);
	                }
	            }
	            $arr[$k] = mysql_real_escape_string($v);
	        }
	   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>

woudlnt Id be row[0], and ishold row[5]??

djfox · August 31, 2007

phpSensei

Just because I edited my post after your post:

I tried $rows[5] and $rows[6] in which neither had any sort of effect. I left 6 in there because that was in there last. Putting in 5 (which is what I`m sure it should be) didn`t make any difference in the code`s performance.

Fadion · August 31, 2007

@phpsensei:

0 => id

1 => login

2 => password

3 => level

4 => gallnum

5 => mailnum

6 => ishold

Those are the columns and those are the index keys. U would be right only if the indexes are for selected columns, which i doubt. Anyway im used to mysql_fetch_array() so maybe im wrong.

Fadion · August 31, 2007

djfox, try echoing $rows[6] or $rows[5] if they get a value and reply what u get by the echo.

djfox · August 31, 2007

$row[6] is nothing but $row[5] echos as 0, which is good because that is the correct number for the account I tested with.

Sign In

Make suspended user unable to login?

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived

Important Information