Jump to content

Make suspended user unable to login?


djfox

Recommended Posts

I have in the database a field called isHold. If isHold is 0, the account is not suspended. But if it`s 1, then the account is suspended.

 

I think the easiest way to make the account actually on suspension is to make the person unable to log in. Like, if they try, the login does not work and they get a message that says something like "Sorry, your account is suspended."

 

Here is the form to login (login.php):

<table border=0 width=100% bgcolor="000000">
<tr>
<td background="largebanner.png"><b>Enter Secret Trance</b>
<tr>
<td background="boxback.png"><form action="index.php" method="post">
Username: <input type="text" name="log" size="20">     
Password: <input type="password" name="pass" size="20">     
<input name="submit" type=submit value="Login">    
</form>
</table>

 

Here is the file for when the person is logged in (logged.php):

<?

/*
  Authentication code
*/
require_once "auth.php";

$log = isset($_SESSION['sess_name'])?$_SESSION['sess_name']:'';
$pass = isset($_SESSION['pass'])?$_SESSION['pass']:'';
$nmsg = 0;
$rows = isset($_SESSION['rows'])?$_SESSION['rows']:array();
$echos = isset($_SESSION['echos'])?$_SESSION['echos']:'';

/*
==========================================================================
*/
function ShowLoggedInBar() {
global $log,$pass,$nmsg,$rows,$echos;

   $nmes="";
   if($nmsg){
 $nmes="($nmsg New)";
   }
   
   echo "<table width=100% border=0 cellpadding=0 bgcolor='000000'><tr><td background='largebanner.png'>";
   echo "<b><a href=\"trancer.php\">$log</a></b>     Echos <b>$echos</b>     ";
   echo "<a href='index.php?logout=1'>Logout</a>";
   echo "<tr><td background='boxback.png'>";
   ?>
   <?
   require_once "loggedmenu.php";
   ?>
   <?php
   echo "</table>";	
}

/*
==========================================================================
Main
==========================================================================
*/

/* check if we are logging out */
if (isset($_REQUEST['logout'])) {
Logout();
}

/* check if already logged in */
if (isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)) {   
   ShowLoggedInBar();
} else {

/* not logged in, is it a form post? */
if (isset($_REQUEST['log']) && isset($_REQUEST['pass'])) {
	$log = $_REQUEST['log'];
	$pass = crypt($_REQUEST['pass'],$log);
	Login($log,$pass);
	ShowLoggedInBar();
} else {
	require "login.php";
}
}


?>

 

Just in case it`s needed, here`s auth.php:

<?
	// Defines

	DEFINE('SESSION_MAGIC','sadhjasklsad2342');

	// Initialization
	@session_start();
	@ob_start();
  

    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 

     /*
        Deletes existing session
    */
function RemoveSession() {
	$_SESSION = array();
	if (isset($_COOKIE[session_name()])) {
	   @setcookie(session_name(), '', time()-42000, '/');
	}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

	return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}

    /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }

    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
   {
	   $count=mysql_num_rows($res);
	   mysql_free_result($res);	   
	   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;	
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['status'] = $rows[4];
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $rows; /* stupid stupid hack */
		    $nmsg = CountMessages($rows[0]);
		    $ok=true;
	   } else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
   }
   return($ok);
   }

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
	    foreach($arr as $k => $v) {
	        if (is_array($v)) {
	            Escape($arr[$k]);
	        }
	        else {
	            if (function_exists('get_magic_quotes')) {
	                if(!get_magic_quotes_gpc()) {
	                    $arr[$k] = stripslashes($v);
	                }
	            }
	            $arr[$k] = mysql_real_escape_string($v);
	        }
	   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>

 

By no means am I professional, I`m still learning all about php. These codes were done by other programmers (all whom I do not have any way to contact them again so I can`t ask them to do it) by about 90%.

 

I`ve seen sites have the function where if your account is suspended, they don`t let you log in and they give you a message that says your account is suspended. But I`ve no clue on how to do it. And I couldn`t find any example scripts to look over.

Link to comment
Share on other sites

  • Replies 71
  • Created
  • Last Reply

To make it easy modify this line in the login function:

 

if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status FROM userdata WHERE login='$username' AND password='$password'")){

 

to

 

if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status FROM userdata WHERE login='$username' AND password='$password' AND isHold='0'")){

 

If that query return 0 rows then its either an invalid account or its suspended. Another way to also keep better error handling:

 

if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
                                   if($rows[isHold_column] == '1'){
                                         die('Your account is suspended');
                                   } else{
                                         //code code
                                   }
                             }

Link to comment
Share on other sites

I must have done something wrong somewhere while implementing the second code you displayed:

 

function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;	
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
                                   if($rows[isHold_column] == '1'){
                                         die('Your account is suspended');
                                   } else{
                                       if ($rows=mysql_fetch_row($res)) {
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['status'] = $rows[4];
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $rows; /* stupid stupid hack */
		    $nmsg = CountMessages($rows[0]);
		    $ok=true;
	   } else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
	   }
   return($ok);
                                   }
                             }
	   
	   
  
   }

 

It disallows everyone from logging in. Where did I mess up?

Link to comment
Share on other sites

the isHold_column i wrote was just a placeholder as i dont know its column name. It should be:

 

if($rows[5] == '1'){

 

or

 

if($rows['isHold'] == '1'){

 

The idea is to check the isHold field of that row. $rows[5] means it is the sixth column of your users table.

Also in the select query add isHold:

 

$res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold FROM userdata WHERE login='$username' AND password='$password'")

 

Link to comment
Share on other sites

Probably u still havent the right column for isHold. Try echoing $rows[5] or whatever u put to it, normally after u make the query :). Try different values to see which one echos the right isHold column. Ex:

 

echo $row[5]; //ex it doesnt print nothing
echo $row[6]; //ex it prints 1, so this is what u need
echo $row[7]; //ex it doesnt print nothing

Link to comment
Share on other sites

pocobueno1388

 

Here is the updated code:

 

<?
	// Defines

	DEFINE('SESSION_MAGIC','sadhjasklsad2342');

	// Initialization
	@session_start();
	@ob_start();
  

    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 

     /*
        Deletes existing session
    */
function RemoveSession() {
	$_SESSION = array();
	if (isset($_COOKIE[session_name()])) {
	   @setcookie(session_name(), '', time()-42000, '/');
	}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

	return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}

    /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }

    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
   {
	   $count=mysql_num_rows($res);
	   mysql_free_result($res);	   
	   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;	
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
                                   if($rows[5] == '1'){
                                         die('Your account is suspended');
                                   } else{
                                       if ($rows=mysql_fetch_row($res)) {
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['status'] = $rows[4];
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $rows; /* stupid stupid hack */
		    $nmsg = CountMessages($rows[0]);
		    $ok=true;
	   } else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
	   }
   return($ok);
                                   }
                             }
	   
	   
  
   }

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
	    foreach($arr as $k => $v) {
	        if (is_array($v)) {
	            Escape($arr[$k]);
	        }
	        else {
	            if (function_exists('get_magic_quotes')) {
	                if(!get_magic_quotes_gpc()) {
	                    $arr[$k] = stripslashes($v);
	                }
	            }
	            $arr[$k] = mysql_real_escape_string($v);
	        }
	   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>

Link to comment
Share on other sites

phpSensei

 

That still gives me the same result. Even though the person`s account is not suspended, the code doesn`t let the person log in. (Love the name, btw. ;) )

 

lol thanks...

 

suggestions: Then make like this

 

 


if($row['YOUR SUSPENDED COLOUMN'] != '0'){

///////DIEE!!!!

 

One more thing, I suggest you use letters instead of numbers. Just try making A for suspended and B for not suspended.

Link to comment
Share on other sites

suggestions: Then make like this

 

if($row['YOUR SUSPENDED COLOUMN'] != '0'){
///////DIEE!!!!

 

One more thing, I suggest you use letters instead of numbers. Just try making A for suspended and B for not suspended.

 

"$var == 1" and "$var != 0" will produce exactly the same in this case. And whats the point of using A and B instead of 0 and 1?? Ideally he could use boolean, but 0 and 1, 100 and 293, ABC and BCA are the same, again in this case.

Link to comment
Share on other sites

Yep, here ya go:

 

<?
	// Defines

	DEFINE('SESSION_MAGIC','sadhjasklsad2342');

	// Initialization
	@session_start();
	@ob_start();
  

    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 

     /*
        Deletes existing session
    */
function RemoveSession() {
	$_SESSION = array();
	if (isset($_COOKIE[session_name()])) {
	   @setcookie(session_name(), '', time()-42000, '/');
	}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

	return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}

    /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }

    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
   {
	   $count=mysql_num_rows($res);
	   mysql_free_result($res);	   
	   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;	
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
                                   if($row[6] == '1'){
                                         die('Your account is suspended');
                                   } else{
                                       if ($rows=mysql_fetch_row($res)) {
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['status'] = $rows[4];
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $rows; /* stupid stupid hack */
		    $nmsg = CountMessages($rows[0]);
		    $ok=true;
	   } else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
	   }
   return($ok);
                                   }
                             }
	   
	   
  
}

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
	    foreach($arr as $k => $v) {
	        if (is_array($v)) {
	            Escape($arr[$k]);
	        }
	        else {
	            if (function_exists('get_magic_quotes')) {
	                if(!get_magic_quotes_gpc()) {
	                    $arr[$k] = stripslashes($v);
	                }
	            }
	            $arr[$k] = mysql_real_escape_string($v);
	        }
	   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>

 

I tried $rows[5] and $rows[6] in which neither had any sort of effect. I left 6 in there because that was in there last. Putting in 5 (which is what I`m sure it should be) didn`t make any difference in the code`s performance.

Link to comment
Share on other sites

Yep, here ya go:

 

<?
	// Defines

	DEFINE('SESSION_MAGIC','sadhjasklsad2342');

	// Initialization
	@session_start();
	@ob_start();
  

    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 

     /*
        Deletes existing session
    */
function RemoveSession() {
	$_SESSION = array();
	if (isset($_COOKIE[session_name()])) {
	   @setcookie(session_name(), '', time()-42000, '/');
	}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

	return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}

    /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }

    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
   {
	   $count=mysql_num_rows($res);
	   mysql_free_result($res);	   
	   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
   
    global $nmsg, $rows;
   
   $ok=false;	
   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold FROM userdata WHERE login='$username' AND password='$password'"))
   {
	   if ($rows=mysql_fetch_row($res)) {
                                   if($row[6] == '1'){
                                         die('Your account is suspended');
                                   } else{
                                       if ($rows=mysql_fetch_row($res)) {
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['status'] = $rows[4];
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $rows; /* stupid stupid hack */
		    $nmsg = CountMessages($rows[0]);
		    $ok=true;
	   } else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
	   }
   return($ok);
                                   }
                             }
	   
	   
  
}

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
	    foreach($arr as $k => $v) {
	        if (is_array($v)) {
	            Escape($arr[$k]);
	        }
	        else {
	            if (function_exists('get_magic_quotes')) {
	                if(!get_magic_quotes_gpc()) {
	                    $arr[$k] = stripslashes($v);
	                }
	            }
	            $arr[$k] = mysql_real_escape_string($v);
	        }
	   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>

 

woudlnt Id be row[0], and ishold row[5]??

Link to comment
Share on other sites

phpSensei

 

Just because I edited my post after your post:

I tried $rows[5] and $rows[6] in which neither had any sort of effect. I left 6 in there because that was in there last. Putting in 5 (which is what I`m sure it should be) didn`t make any difference in the code`s performance.

Link to comment
Share on other sites

@phpsensei:

 

0 => id

1 => login

2 => password

3 => level

4 => gallnum

5 => mailnum

6 => ishold

 

Those are the columns and those are the index keys. U would be right only if the indexes are for selected columns, which i doubt. Anyway im used to mysql_fetch_array() so maybe im wrong.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.