Jump to content

PHP Login - Banned Not working?

MarkT

By MarkT
in PHP

 Share

Recommended Posts

MarkT Member

MarkT

Posted
Posted

Hello,I'm creating a login for my new website,I've set up all the db, however I've added a bans table. with the following structure;iduser_idreasonissue_dateexpiry_date and I want the login to check whether the user that wishes to log in, is banned or not. I have the below code, but when I ban myself in the database, it still lets me log in and says "You are now logged in" 

if(isset($_POST['submit'])){   $mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers!   $name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers!   $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry!   $user_id = mysql_query("SELECT id FROM users where name= '{$name}'");   $banned = mysql_query("SELECT * FROM bans WHERE user_id = '{$user_id}'");   $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password.   if(mysql_num_rows($mysql) < 1)   {	 die("Incorrect Login Details");   } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!   if(($banned) == '1' )   {   die ("You are currently banned from PitchIT");   }   $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!   $_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email']   $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']   die("You are now logged in!   <a href='logged.html'> Go</a>"); // Kill the script here so it doesn't show the login form after you are logged in!} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VVecho "<form type='index.html' method='POST'>Name: <br><input type='text' name='name'><br>Email: <br><input type='email' name='email'><br>Password: <br><input type='password' name='password'><br><input type='submit' name='submit' value='Login'></form>";?>

Any help appreciated!

Link to comment
Share on other sites
thescientist w3schools Guru

thescientist

Posted
Posted

you aren't doing anything with the result from mysql query, you are testing against a result. http://php.net/manual/en/function.mysql-query.phphttp://www.tizag.com/mysqlTutorial/mysqlquery.php you should use something like fetch_arrayhttp://www.php.net/manual/en/function.mysql-fetch-array.phphttp://www.w3schools.com/php/func_mysql_fetch_array.asp that can check the count (length of) to see if it returned N number of results.

Link to comment
Share on other sites
MarkT Member

MarkT

Posted
  • Author
Posted (edited)
you aren't doing anything with the result from mysql query, you are testing against a result.http://php.net/manua...mysql-query.phphttp://www.tizag.com.../mysqlquery.php you should use something like fetch_arrayhttp://www.php.net/m...fetch-array.phphttp://www.w3schools...fetch_array.asp that can check the count (length of) to see if it returned N number of results.
My new code is;
if(isset($_POST['submit'])){   $mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers!   $name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers!   $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry!   $user_id = mysql_query("SELECT 'id' FROM 'users' where 'name' = '{$name}'");   $row1 = mysql_fetch_array( $user_id );   $banned = mysql_query("SELECT * FROM 'bans' WHERE 'user_id' = '{$row1}'");   $row2 = mysql_fetch_array( $banned );   $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password.   if(mysql_num_rows($mysql) < 1)   {	 die("Incorrect Login Details");   } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!   if(mysql_num_rows($row2) == 1 )   {   die ("You are currently banned from PitchIT");   }   $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!   $_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email']   $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']   die("You are now logged in!   <a href='logged.html'> Go</a>"); // Kill the script here so it doesn't show the login form after you are logged in!} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VVecho "<form type='index.html' method='POST'>Name: <br><input type='text' name='name'><br>Email: <br><input type='email' name='email'><br>Password: <br><input type='password' name='password'><br><input type='submit' name='submit' value='Login'></form>";?>

But still not working,Can you explain what I should do with examples of my code please?

Edited by MarkT
Link to comment
Share on other sites
MarkT Member

MarkT

Posted
  • Author
Posted
Check mysql_num_rows($banned), that function works on a result set, not an array of a single row.
New code; 
if(isset($_POST['submit'])){   $mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers!   $name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers!   $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry!   $user_id = mysql_query("SELECT 'id' FROM 'users' where 'name' = '{$name}'");LINE 69 -   $row1 = mysql_num_rows( $user_id );   $banned = mysql_query("SELECT * FROM 'bans' WHERE 'user_id' = '{$user_id}'");LINE 71 -   $row2 = mysql_num_rows( $banned );    $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password.  if(mysql_num_rows($mysql) < 1)   {	 die("Incorrect Login Details");   } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!   if($row2 > 0 )   {   die ("You are currently banned from PitchIT");   }   $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!   $_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email']   $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']   die("You are now logged in!   <a href='logged.html'> Go</a>"); // Kill the script here so it doesn't show the login form after you are logged in!} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VVecho "<form type='index.html' method='POST'>Name: <br><input type='text' name='name'><br>Email: <br><input type='email' name='email'><br>Password: <br><input type='password' name='password'><br><input type='submit' name='submit' value='Login'></form>";?>

Error when you log in:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/u872116037/public_html/index.html on line 69 Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/u872116037/public_html/index.html on line 71 You are now logged in! Go

Link to comment
Share on other sites
MarkT Member

MarkT

Posted
  • Author
Posted
Those errors mean that the queries failed, you can use mysql_error to check for error messages from MySQL.
$row1 = mysql_num_rows( $user_id ); Is the line left, with the error, i got rid of the other one. but this one remains, Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/u872116037/public_html/index.html on line 69 You are now logged in! Go
Link to comment
Share on other sites
MarkT Member

MarkT

Posted
  • Author
Posted
$row1 = mysql_num_rows( $user_id ); Is the line left, with the error, i got rid of the other one. but this one remains, Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/u872116037/public_html/index.html on line 69 You are now logged in! Go
Alright, I've got rid of those errors.But it's still not saying that I'm banned?
Link to comment
Share on other sites
MarkT Member

MarkT

Posted
  • Author
Posted
Post your current code.
Current Code:
if(isset($_SESSION['loggedin'])){    die("You are already logged in!<a href='logged.html'> Go</a>");} // That bit of code checks if you are logged in or not, and if you are, you can't log in again!if(isset($_POST['submit'])){   $mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers!   $name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers!   $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry!   $user_id = mysql_query("SELECT id FROM users where 'name' = '{$name}'");   $row1 = mysql_num_rows( $user_id );   $banned = mysql_query("SELECT * FROM bans WHERE 'user_id' = '{$user_id}'");   $row2 = mysql_num_rows( $banned );   $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password.  if(mysql_num_rows($mysql) < 1)   {	 die("Incorrect Login Details");   } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!   elseif(($row2) == 1 )   {   die ("You are currently banned from PitchIT");   }   $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!   $_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email']   $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']   die("You are now logged in!   <a href='logged.html'> Go</a>"); // Kill the script here so it doesn't show the login form after you are logged in!} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VVecho "<form type='index.html' method='POST'>Name: <br><input type='text' name='name'><br>Email: <br><input type='email' name='email'><br>Password: <br><input type='password' name='password'><br><input type='submit' name='submit' value='Login'></form>";?>

Link to comment
Share on other sites
MarkT Member

MarkT

Posted
  • Author
Posted (edited)

I tried printing the result of the $row2 = mysql_num_rows( $banned ); and it's not giving me anything? Anyhelp?

Edited by MarkT
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...