Login system (error when banned)

Asked

Viewed 124 times

0

I have a login system and I wanted it to appear ERROR if the user is banned. The SQL name in the table is "ban", if "ban" equals "0" the user will not be banned, and if "ban" equals "1" the user will be banned and cannot log in.

Code:

<?php
  @$username = $_POST['username'];
  @$password = $_POST['password'];
  $passwordcrip = md5($password);

  if((!$username) || (!$password)) {
    echo "";
  } else {
    $passwordcrip = md5($password);

    $sql = mysql_query("SELECT * FROM usr_users WHERE username='{$username}' AND password='{$passwordcrip}'");
    $login_check = mysql_num_rows($sql);

    if($login_check > 0){

      while($row = mysql_fetch_array($sql)){

        foreach( $row AS $key => $val ){
          $key = stripslashes( $val );
          echo "";
        }

          $_SESSION['id'] = $id;
          $_SESSION['username'] = $username;
          $_SESSION['email'] = $email;
          $_SESSION['credits'] = $credits;

          mysql_query("UPDATE usr_users SET ultimo_log = now() WHERE id ='{$id}'");
          header("Location: index.php");
      }

    } else {
        echo  "<div class='right' style='background: rgb(173, 2, 2);width: 100%;height: 50px;line-height: 50px;background-repeat: no-repeat;padding-left: 30px;color: white;'>
                Dados incorretos, tente novamente.
              </div>";
    }
  }
?>
php html mysql

2 answers

1

I gave myself the freedom to make some improvements to your script, here are some of them:

Treat errors instead of deleting them:

$username = (empty($_POST['username']) ? NULL : $_POST['username']);
$password = (empty($_POST['password']) ? NULL : $_POST['password']);

Remove while, because theoretically we will only have one username for each:

$row = mysql_fetch_assoc($sql);

Remove loop unnecessary and use the arrays:

$_SESSION['id']        =  $row['id'];
$_SESSION['username']  =  $row['username'];
$_SESSION['email']     =  $row['email'];
$_SESSION['credits']   =  $row['credits'];

Segue Script:

<?php

// Não é bom suprimir erros, pois erros deixam o script lento
// é melhor trata-los
$username = (empty($_POST['username']) ? NULL : $_POST['username']);
$password = (empty($_POST['password']) ? NULL : $_POST['password']);

$erro = FALSE;

if( !$username || !$password){
  $erro = TRUE;
  $msg = "Usuário e senha não devem ficar em branco";
} else {

   $passwordcrip = md5($password);

   $sql = mysql_query("SELECT * FROM usr_users WHERE username='{$username}'");
   $login_check = mysql_num_rows($sql);



   if($login_check > 0){

      // Teóricamente só terá um usuário, não precisara de while
      $row = mysql_fetch_assoc($sql);

      // Verifica senha
      if ($row['password'] != $passwordcrip) {
         $erro = TRUE;
         $msg  = 'Senha incorreta.';
      }

      // Verifica se usuário banido
      if ($row['ban']){
         $erro = TRUE;
         $msg  = 'Conta banida.';
      }


      // Se não houve erro prossegue
      if (!$erro){
         $_SESSION['id']        =  $row['id'];
         $_SESSION['username']  =  $row['username'];
         $_SESSION['email']     =  $row['email'];
         $_SESSION['credits']   =  $row['credits'];

         mysql_query("UPDATE usr_users SET ultimo_log = now() WHERE id ='{$id}'");

         header("Location: index.php");
         exit;
      }

  } else {
      $erro = TRUE;
      $msg = "Nenhum usuário encontrado.";
  }

}


   if ($erro)
      echo "<div class='right' style='background: rgb(173, 2, 2);width: 100%;height: 50px;line-height: 50px;background-repeat: no-repeat;padding-left: 30px;color: white;'>{$msg}</div>";

?>

0

You can take the return of mysql and find the ban and make a if checking if he is banned to perform an action.

         if($row[0]['ban'] === '1'){
            echo 'usuário está banido e não pode logar.';
         }

Browser other questions tagged php html mysql

You are not signed in. Login or sign up in order to post.