Make suspended user unable to login?

[phpSensei]

$rows=mysql_fetch_row($res); << forgot ";" and remove ")"

[djfox]

Now it tells everyone that the login failed. 

[phpSensei]

It logs in successfully...

 

You are including the login_failed in a wrong way. The else/if conditions are wrong...

[phpSensei]

Alright, check if you are closing the brackets correctly...

 

 

<?php

  if($numRows == 1){
                                   if($row[6] == '1'){
                                         die('Your account is suspended');
                                   } else{
                                       if ($rows=mysql_fetch_row($res)) {
		   $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $rows[0];
			$_SESSION['mail'] = $rows[2];
			$_SESSION['level2'] = $rows[1];	
			$_SESSION['echos'] = $rows[3];
			$_SESSION['status'] = $rows[4];
		   $_SESSION['magic'] = SESSION_MAGIC;
		   $_SESSION['rows'] = $rows; /* stupid stupid hack */
		   $nmsg = CountMessages($rows[0]);
		   $ok=true;
	  } else {
		  include('login_failed.php');
	  }
	  mysql_free_result($res);
	  }
  return($ok);
                                   }
                             }


?>

[djfox]

It logs in successfully...

 

It`s not really logging in successfully. Log in with an account, the message "Login Failed" will appear along with what looks like a successful log (sorry this confusion comes up, the other programmer guy who originally made all this made things weird and for years afterwards I`ve been trying to fix his errors [lost contact with him long ago so I can`t ask him to fix it] but log in stuff is a world I know nothing off despite I was able to fix the other stuff he did). Then try navigating to another page. Your log in stuff is gone and back to having the log in form there instead.

[djfox]

phpSensei

 

I copied and pasted what you had (inside the php marks) and am getting the same result.

[phpSensei]

I wish I can just jump over to your site, and take over that keyboard lol.

[Fadion]

If u are passing the right arguments to the function($user, $pass) then the code should show login error if the username doesnt exist or password is wrong. Thats why i suggested counting the rows with mysql_num_rows(). There no point to me, really. It should work the way it is as we dont have rocket science here, just two nested if statements.

[Fadion]

I wish I can just jump over to your site, and take over that keyboard lol.

 

haha i pretty have this feeling too.

[djfox]

I wish I can just jump over to your site, and take over that keyboard lol.

 

haha i pretty have this feeling too.

 

Well, if one of ya`s willing to re-code the log in entirely that could still function with what I`ve got with my site...

[phpSensei]

<?php
   	
$query=mysql_query("SELECT * FROM userdata WHERE login='$username' AND password='$password'");

$row=mysql_fetch_array($query);

if(($row['login']==$username)&&($row['password'])){
     if($row['isHold'] == '1'){
              die('Your account is suspended');
		  }
             elseif($row['isHold']!= '1'){
               
		    $_SESSION['sess_name'] = $username;
			$_SESSION['pass'] = $password;
			$_SESSION['gal'] = $row['']; /////////////////CHANGE
			$_SESSION['mail'] = $row['']; /////////////////CHANGE
			$_SESSION['level2'] = $row[''];	 /////////////////CHANGE
			$_SESSION['echos'] = $row['']; /////////////////CHANGE
			$_SESSION['status'] = $row['']; /////////////////CHANGE
		    $_SESSION['magic'] = SESSION_MAGIC;
		    $_SESSION['rows'] = $row; /* stupid stupid hack */
		    $nmsg = CountMessages($row['']);/////////////////CHANGE
		    $ok=true;
	   } 
   
	   ///////////If login is not correct, we include this..
	   else {
		   include('login_failed.php');
	   }
	   mysql_free_result($res);
		   return($ok);
	   
  
   }

?>

 

change all the fields marked in the quote...

 

this works perfectly for me.

[Fadion]

if(($row['login']==$username)&&($row['password'])){

 

mysql_num_rows() is a way better alternative to me. If u make a query where u select username and password, whats the need for then checking if those are equal. Its just overdone.

[phpSensei]

Who cares...(lol your right, i know)

 

Just use the script i gave you.

[djfox]

I get this:

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/secrett1/public_html/auth.php on line 100

 

Line 100:

mysql_free_result($res);

[phpSensei]

change that to $row

[phpSensei]

mysql_free_result($row);

 

[djfox]

It still wants to say this:

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/secrett1/public_html/auth.php on line 100

 

But going to another page still keeps me logged in (and keeps the suspended account from logging in). The error goes away after moving to another page (and some pages it looks like I gotta re-code because I`m getting new error messages, I`m assuming is due to the change in how the log in works).

[phpSensei]

edit:nvm

[Fadion]

phpSensei, u mean mysql_free_result($query) ??

 

djfox try debuging code a bit by yourself. It was an obvious mistake...

 

I think im passing this thread over. This is the fifth page and we havent resolved nothing. Djfox as i said before, u really need to learn php & mysql before starting a real script.

[phpSensei]

try chaning the $row to $result...

 

then we will fix the suspended user...I think i found the problem.

 

-Change the isHold  - > to suspend

 

-Now change this line  if($row['isHold'] == '1'){ to  if($row['access'] == "YES"){

 

 

also, go to browse in your phpmyadmin, and change the coloumn suspend coloumn to YES

[djfox]

I`ll keep at it and see what happens. Thanks for the input, guys, and for trying to help me. I do appreciate the time you both put into this.

[phpSensei]

No problem, and Guilty Guitar anyone could have made that mistake.