Spencer Posted February 14, 2013 Posted February 14, 2013 Hey. I'm trying to make a banned user script. I want it so if a banned user trys to enter the chatroom, it brings them to a new page. My problem is, it acts like every user is a banned user... o.O Here is the part in the php code that gets the users "rank" from the db when they login. $row = mysql_fetch_assoc($result); session_register($row['rank']=$userlevel); Then here is the part of the code for the chatroom that checks if the user is a banned user or not: <?php session_start(); if(!session_is_registered(myusername)){ header("location:/login/main_login.php"); //This is just checking if the user is logged in or not. } if(session_register($userlevel=='banned')) { header("location:../banned.html"); } So that's it. Thanks. ~ Spencer
wolstech Posted February 14, 2013 Posted February 14, 2013 Yikes. Session_register() and session_is_registered() have been deprecated for a while (since PHP 5.3 came out I think...). They're removed completely in 5.4. You should be using the $_SESSION array instead. Your main issue though is probably the following. Assuming you did a session_register(userlevel) so the value is set, try this: Replace:if(session_register($userlevel=='banned')) With:if($_SESSION['userlevel'] == 'banned')
Spencer Posted February 14, 2013 Author Posted February 14, 2013 (edited) Hm... its still not working... but when you said: "Assuming you did a session_register(userlevel) so the value is set, try this:" Do you mean make it say: $row = mysql_fetch_assoc($result); session_register($row['rank']=$userlevel); session_register($userlevel) ? ( I tried that and without it and both did not work... ) Then I added this: if($_SESSION['userlevel'] == 'banned') { header("location:../banned.html"); } It didnt work and I also tried this: if($_SESSION['$userlevel'] == 'banned') { header("location:../banned.html"); } Yeah, lol. I just don't see whats wrong with my code. Edited February 14, 2013 by Spencer
wolstech Posted February 14, 2013 Posted February 14, 2013 You're using session_register incorrectly, and it's obsolete anyway. Forget about session_register and just set the $_SESSION array directly. The easiest way is this: Replace $row = mysql_fetch_assoc($result); session_register($row['rank']=$userlevel); session_register($userlevel) With: $row = mysql_fetch_assoc($result); $_SESSION['userlevel'] = $row['rank']; Also, are you sure $row['rank'] contains the data you're expecting it to contain?
Spencer Posted February 14, 2013 Author Posted February 14, 2013 Sweet, thanks. It works fine. Now I got to go learn how to use newer sessions instead of older versions. XP
Shinryuu Posted February 14, 2013 Posted February 14, 2013 There's nothing to learn. You just assign values to arbitrary keys in the $_SESSION[] superglobal. Consider it creating semi-permanent variables in an array, you give them a name and a value, the only difference is the variable name is a string and contained in $_SESSION['varname'] = varvalue;.
millionexchange Posted February 17, 2013 Posted February 17, 2013 (edited) Hi. On my home banking system, I added a database table called "banned_users" in phpMyAdmin. However, when I test the script, the login of the customer id that I choose doesn't delete from the "login" table and insert into "banned_users". In my code, the first one is a PHP6 version and the second one about 10 lines down is a different version. Now, I rather someone edit the PHP6 version, because, the banking system I downloaded, I'm gonna eventually work on making all of the PHP version 6. Also, the "custid" comes from the "customer" table. I'm really trying to move the login, so, when I suspend a user, the user will not be able to login. I'm not even sure if I need "custid" in the "banned_users" table. I just put it there, because, on the previous page, I'm echoing the "custid" into the drop-down. When editing version 6, please feel free to remove "custid" if not needed and I will remove it from "banned_users" in phpMyAdmin. Thanks. <?php session_start(); if(isset($_SESSION['username'])) { ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title>Suspend Account Details</title> <link rel="stylesheet" href=". ./css/main1.css" type="text/css"> </head> <body> <?php require '. ./db_connect.php'; //Connect mysql database <!-- BEGIN VERSION 6 --> if (isset($_GET['custid'])) { $query = "SELECT user_name FROM login WHERE custID=\{$_GET['custid']}\"; if ($r = mysql_query($query, $link)) { if (isset($_POST['custid'])) { $query = \"DELETE user_name FROM login WHERE custID={$_POST['custid']} LIMIT 1\"; $r = mysql_query($query, $link); $query = \"INSERT INTO banned_users (custid, user_name, user_password, user_type, question, ans, suspend_date) VALUES ('$custid', '$user_name', '$pass', '$authtype', '$qns', 'ans', 'suspend_date')\"; if (@mysql_query($query, $link)) { echo \"Account Suspended Successfully\"; echo \"<p>Click <a href='admin_ban_cust_sel.php'>here</a> to suspend another\"; exit(0); } else { echo \"Could not suspend account\"; echo \"<p>Click <a href='admin_ban_cust_sel.php'>here</a> to try again\"; exit(0); } } } } $db_close=mysql_close(); <!-- END VERSION 6 --> /*$result = mysql_query("select user_name FROM login"); if(isset($_POST['Submit'])) ///forsubmit data { $user_name=$_POST['user_name']; $result = mysql_query("DELETE FROM login WHERE user_name"); $result = mysql_query("INSERT INTO banned_users(custid, user_name, user_password, user_type, question, ans, suspend_date)values('".$custid."', '".$user_name."', '".$pass."', '".$authtype."', '".$qns."', '".$ans."' '".$suspend_date."')"); /* $result = mysql_query("DELETE FROM login WHERE 'user_name', 'user_password', 'user_type', 'question', 'ans'"); $result = mysql_query("INSERT INTO banned_users(user_name, user_password, user_type, question, ans)values('".$custid."', '".$pass."', '".$authtype."', '".$qns."', '".$ans."')");*/ $db_close=mysql_close(); /* if($result) { echo "Account Suspended Successfully"; echo "<p>Click <a href='admin_ban_cust_sel.php'>here</a> to suspend another"; exit(0); } else { echo "Could not suspend account"; echo "<p>Click <a href='admin_ban_cust_sel.php'>here</a> to try again"; exit(0); } }*/ ?> </body> </html> <?php } else { echo "Please click here to login " . "<a href=index.php>Login Page</a>"; } ?> Edited February 17, 2013 by millionexchange
Shinryuu Posted February 17, 2013 Posted February 17, 2013 Notice how everything after the first query is showing up as green until way down later? you escaped (") for whatever reason at the end of your original query and that's obviously going to cause problems.
millionexchange Posted February 17, 2013 Posted February 17, 2013 Are you talking about with my script, or someone else script? If you're talking about with mine, it's not about the fact that I excaped the echos; they work. The thing is that in both PHP versions, it's not deleting from the "user_name" field of "login" table and inserting into the "banned_users" table fields. Notice how everything after the first query is showing up as green until way down later? you escaped (") for whatever reason at the end of your original query and that's obviously going to cause problems.
bayparkm Posted February 17, 2013 Posted February 17, 2013 $query = \"DELETE user_name FROM login WHERE custID={$_POST['custid']} LIMIT 1\"; Should be $query = \"DELETE FROM login WHERE custID={$_POST['custid']} LIMIT 1\"; You don't need to specify columns when you're deleting rows from a table Also in this query $query = \"INSERT INTO banned_users (custid, user_name, user_password, user_type, question, ans, suspend_date) VALUES ('$custid', '$user_name', '$pass', '$authtype', '$qns', 'ans', 'suspend_date')\"; Where are $custid, $user_name, $pass, $authtype, and $qns coming from? It also looks like you missed the '$'s on a few of the variables so the query should look like INSERT INTO banned_users(userid, user_name, user_password, user_type, question, ans, suspend_date) VALUES( '$custid', '$user_name', '$pass', '$authtype', '$qns', '$ans', '$suspend_date') You should really be using prepared statements though. Even if the data is coming from a "trusted source" they're much safer and prevent SQL-Injection attacks 1
millionexchange Posted February 22, 2013 Posted February 22, 2013 $query = \"DELETE user_name FROM login WHERE custID={$_POST['custid']} LIMIT 1\"; Should be $query = \"DELETE FROM login WHERE custID={$_POST['custid']} LIMIT 1\"; You don't need to specify columns when you're deleting rows from a table Also in this query $query = \"INSERT INTO banned_users (custid, user_name, user_password, user_type, question, ans, suspend_date) VALUES ('$custid', '$user_name', '$pass', '$authtype', '$qns', 'ans', 'suspend_date')\"; Where are $custid, $user_name, $pass, $authtype, and $qns coming from? It also looks like you missed the '$'s on a few of the variables so the query should look like INSERT INTO banned_users(userid, user_name, user_password, user_type, question, ans, suspend_date) VALUES( '$custid', '$user_name', '$pass', '$authtype', '$qns', '$ans', '$suspend_date') You should really be using prepared statements though. Even if the data is coming from a "trusted source" they're much safer and prevent SQL-Injection attacks Thanks for the help on the first part; it makes sense. Now, "user_name," "pass," "authtype," "qns," and "ans" are login table fields. "custid" is a customer table field. Now, like I said. Since, I'm suspending the login, I'm not sure if I need the following: '$custid,' '$qns', and '$ans.' I just added them for security reasons in order to keep customers or tellers from going through a back door and entering their account if I suspend them. Maybe, I just need the "user_name," "pass," "authtype," and "suspend_date" fields along with the '$user_name', '$pass', '$authtype' and '$suspend_date' variables. Also need help with making sure that the info will delete from "login" and insert into "banned_users." Thanks. I even just tried the following for the version 6 code, but it didn't work either: <?php require '. ./db_connect.php'; //Connect mysql database if (isset($_GET['custid'])) { $query = "SELECT user_name FROM login\"; if ($r = mysql_query($query, $link)) { if (isset($_POST['custid'])) { $query = \"DELETE FROM login WHERE user_name\"; $r = mysql_query($query, $link); $query = \"INSERT INTO banned_users ( user_name, user_password, user_type, question, ans, suspend_date) VALUES ( '$user_name', '$pass', '$authtype', '$qns', '$ans', '$suspend_date')\"; if (@mysql_query($query, $link)) { echo \"Account Suspended Successfully\"; echo \"<p>Click <a href='admin_ban_cust_sel.php'>here</a> to suspend another\"; exit(0); } else { echo \"Could not suspend account\"; echo \"<p>Click <a href='admin_ban_cust_sel.php'>here</a> to try again\"; exit(0); } } } } $db_close=mysql_close(); ?> Really, $custid is for echoing the info into the dropdown menu on the previous page. 1
bayparkm Posted February 23, 2013 Posted February 23, 2013 (edited) What I meant when I asked "where are they coming from?" was is there a place in your PHP code that you're defining the variables so that they have values? From looking at the code you posted, they don't seem to be defined anywhere in the code you posted, if they're defined elsewhere I apologize.If you want to insert these values from the login table, you need to store them somewhere before you delete them from the table. What to do is run the SELECT query, store the results and then pull the values you need to insert into the banned users table from the stored results. EDIT:I made a gist of the source code you posted with some edits: https://gist.github.com/awkerney/9f6e686978618bdacb8dthis way you can see what I mean (I hope) Edited February 23, 2013 by bayparkm
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now