MarkT Posted May 30, 2013 Share Posted May 30, 2013 Hello,I'm creating a login for my new website,I've set up all the db, however I've added a bans table. with the following structure;iduser_idreasonissue_dateexpiry_date and I want the login to check whether the user that wishes to log in, is banned or not. I have the below code, but when I ban myself in the database, it still lets me log in and says "You are now logged in" if(isset($_POST['submit'])){ $mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers! $name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers! $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry! $user_id = mysql_query("SELECT id FROM users where name= '{$name}'"); $banned = mysql_query("SELECT * FROM bans WHERE user_id = '{$user_id}'"); $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password. if(mysql_num_rows($mysql) < 1) { die("Incorrect Login Details"); } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist! if(($banned) == '1' ) { die ("You are currently banned from PitchIT"); } $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in! $_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email'] $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name'] die("You are now logged in! <a href='logged.html'> Go</a>"); // Kill the script here so it doesn't show the login form after you are logged in!} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VVecho "<form type='index.html' method='POST'>Name: <br><input type='text' name='name'><br>Email: <br><input type='email' name='email'><br>Password: <br><input type='password' name='password'><br><input type='submit' name='submit' value='Login'></form>";?> Any help appreciated! Link to comment Share on other sites More sharing options...
thescientist Posted May 30, 2013 Share Posted May 30, 2013 you aren't doing anything with the result from mysql query, you are testing against a result. http://php.net/manual/en/function.mysql-query.phphttp://www.tizag.com/mysqlTutorial/mysqlquery.php you should use something like fetch_arrayhttp://www.php.net/manual/en/function.mysql-fetch-array.phphttp://www.w3schools.com/php/func_mysql_fetch_array.asp that can check the count (length of) to see if it returned N number of results. Link to comment Share on other sites More sharing options...
MarkT Posted May 30, 2013 Author Share Posted May 30, 2013 (edited) you aren't doing anything with the result from mysql query, you are testing against a result.http://php.net/manua...mysql-query.phphttp://www.tizag.com.../mysqlquery.php you should use something like fetch_arrayhttp://www.php.net/m...fetch-array.phphttp://www.w3schools...fetch_array.asp that can check the count (length of) to see if it returned N number of results. My new code is;if(isset($_POST['submit'])){ $mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers! $name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers! $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry! $user_id = mysql_query("SELECT 'id' FROM 'users' where 'name' = '{$name}'"); $row1 = mysql_fetch_array( $user_id ); $banned = mysql_query("SELECT * FROM 'bans' WHERE 'user_id' = '{$row1}'"); $row2 = mysql_fetch_array( $banned ); $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password. if(mysql_num_rows($mysql) < 1) { die("Incorrect Login Details"); } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist! if(mysql_num_rows($row2) == 1 ) { die ("You are currently banned from PitchIT"); } $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in! $_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email'] $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name'] die("You are now logged in! <a href='logged.html'> Go</a>"); // Kill the script here so it doesn't show the login form after you are logged in!} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VVecho "<form type='index.html' method='POST'>Name: <br><input type='text' name='name'><br>Email: <br><input type='email' name='email'><br>Password: <br><input type='password' name='password'><br><input type='submit' name='submit' value='Login'></form>";?> But still not working,Can you explain what I should do with examples of my code please? Edited May 30, 2013 by MarkT Link to comment Share on other sites More sharing options...
justsomeguy Posted May 30, 2013 Share Posted May 30, 2013 Check mysql_num_rows($banned), that function works on a result set, not an array of a single row. Link to comment Share on other sites More sharing options...
MarkT Posted May 30, 2013 Author Share Posted May 30, 2013 Check mysql_num_rows($banned), that function works on a result set, not an array of a single row.New code; if(isset($_POST['submit'])){ $mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers! $name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers! $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry! $user_id = mysql_query("SELECT 'id' FROM 'users' where 'name' = '{$name}'");LINE 69 - $row1 = mysql_num_rows( $user_id ); $banned = mysql_query("SELECT * FROM 'bans' WHERE 'user_id' = '{$user_id}'");LINE 71 - $row2 = mysql_num_rows( $banned ); $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password. if(mysql_num_rows($mysql) < 1) { die("Incorrect Login Details"); } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist! if($row2 > 0 ) { die ("You are currently banned from PitchIT"); } $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in! $_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email'] $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name'] die("You are now logged in! <a href='logged.html'> Go</a>"); // Kill the script here so it doesn't show the login form after you are logged in!} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VVecho "<form type='index.html' method='POST'>Name: <br><input type='text' name='name'><br>Email: <br><input type='email' name='email'><br>Password: <br><input type='password' name='password'><br><input type='submit' name='submit' value='Login'></form>";?> Error when you log in: Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/u872116037/public_html/index.html on line 69 Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/u872116037/public_html/index.html on line 71 You are now logged in! Go Link to comment Share on other sites More sharing options...
justsomeguy Posted May 30, 2013 Share Posted May 30, 2013 Those errors mean that the queries failed, you can use mysql_error to check for error messages from MySQL. Link to comment Share on other sites More sharing options...
MarkT Posted May 30, 2013 Author Share Posted May 30, 2013 Those errors mean that the queries failed, you can use mysql_error to check for error messages from MySQL. $row1 = mysql_num_rows( $user_id ); Is the line left, with the error, i got rid of the other one. but this one remains, Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/u872116037/public_html/index.html on line 69 You are now logged in! Go Link to comment Share on other sites More sharing options...
MarkT Posted May 30, 2013 Author Share Posted May 30, 2013 $row1 = mysql_num_rows( $user_id ); Is the line left, with the error, i got rid of the other one. but this one remains, Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/u872116037/public_html/index.html on line 69 You are now logged in! Go Alright, I've got rid of those errors.But it's still not saying that I'm banned? Link to comment Share on other sites More sharing options...
justsomeguy Posted May 30, 2013 Share Posted May 30, 2013 Post your current code. Link to comment Share on other sites More sharing options...
MarkT Posted May 30, 2013 Author Share Posted May 30, 2013 Post your current code.Current Code:if(isset($_SESSION['loggedin'])){ die("You are already logged in!<a href='logged.html'> Go</a>");} // That bit of code checks if you are logged in or not, and if you are, you can't log in again!if(isset($_POST['submit'])){ $mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers! $name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers! $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry! $user_id = mysql_query("SELECT id FROM users where 'name' = '{$name}'"); $row1 = mysql_num_rows( $user_id ); $banned = mysql_query("SELECT * FROM bans WHERE 'user_id' = '{$user_id}'"); $row2 = mysql_num_rows( $banned ); $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password. if(mysql_num_rows($mysql) < 1) { die("Incorrect Login Details"); } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist! elseif(($row2) == 1 ) { die ("You are currently banned from PitchIT"); } $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in! $_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email'] $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name'] die("You are now logged in! <a href='logged.html'> Go</a>"); // Kill the script here so it doesn't show the login form after you are logged in!} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VVecho "<form type='index.html' method='POST'>Name: <br><input type='text' name='name'><br>Email: <br><input type='email' name='email'><br>Password: <br><input type='password' name='password'><br><input type='submit' name='submit' value='Login'></form>";?> Link to comment Share on other sites More sharing options...
justsomeguy Posted May 30, 2013 Share Posted May 30, 2013 If it's not saying you're banned then print the value that you're trying to check to see what it's set to. Link to comment Share on other sites More sharing options...
MarkT Posted May 31, 2013 Author Share Posted May 31, 2013 (edited) I tried printing the result of the $row2 = mysql_num_rows( $banned ); and it's not giving me anything? Anyhelp? Edited May 31, 2013 by MarkT Link to comment Share on other sites More sharing options...
MarkT Posted May 31, 2013 Author Share Posted May 31, 2013 Problem Solved... Ban now works. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now