iRawrHotel
Member
- Mar 4, 2012
- 41
- 0
Hello,
I'm coding a new website,
And i have a login system with a ban.
Below is my code;
I've banned my account, however it doesn't show that I'm banned when I try to login.
I'm coding a new website,
And i have a login system with a ban.
Below is my code;
PHP:
if(isset($_SESSION['loggedin']))
{
die("You are already logged in!
<a href='logged.html'> Go</a>");
} // That bit of code checks if you are logged in or not, and if you are, you can't log in again!
if(isset($_POST['submit']))
{
$mail = mysql_real_escape_string($_POST['email']); // The function mysql_real_escape_string() stops hackers!
$name = mysql_real_escape_string($_POST['name']); // The function mysql_real_escape_string() stops hackers!
$pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry!
$user_id = mysql_query("SELECT id FROM users where 'name' = '{$name}'");
$row1 = mysql_num_rows( $user_id );
$banned = mysql_query("SELECT * FROM bans WHERE 'user_id' = '{$user_id}'");
$row2 = mysql_num_rows( $banned );
$mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND email = '{$mail}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password.
if(mysql_num_rows($mysql) < 1)
{
die("Incorrect Login Details");
} // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!
elseif(($row2) == 1 )
{
die ("You are currently banned from PitchIT");
}
$_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!
$_SESSION['email'] = $mail; // Make it so the email can be called by $_SESSION['email']
$_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']
die("You are now logged in!
<a href='logged.html'> Go</a>"); // Kill the script here so it doesn't show the login form after you are logged in!
} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VV
echo "<form type='index.html' method='POST'>
Name: <br>
<input type='text' name='name'><br>
Email: <br>
<input type='email' name='email'><br>
Password: <br>
<input type='password' name='password'><br>
<input type='submit' name='submit' value='Login'>
</form>";
?>
I've banned my account, however it doesn't show that I'm banned when I try to login.