PHP Code

**Chrisss** · 05-11-13

So I'm just editing a website but I need a code that when you try to log in, it checks to see if your banned or not, if you are it shows a message saying your banned but if your not UGrade 253 it lets you go as normal.

Cheers.

**MentaL**

**Dave** · 05-11-13

You can do something like this, in mssql_* functions style.
Replace clean function with your own clean function.

PHP Code:


<?php



$q = mssql_query("SELECT UGradeID FROM Account WHERE UserID = '" . clean($_POST['userid']) . "'");

$grade = mssql_result($q, 0, 'UGradeID');



if($grade != 253){

    // Continue

}else{

    // Banned

}



?>

**Chrisss** · 05-11-13

Dave, what do you mean by replace your clean function with my own, the website I am using don't have one.

**Dave** · 05-11-13

You need to use a function to prevent SQL injection.
If you don't, it's rather easy to exploit.

**Chrisss** · 05-11-13

This is my index.php, what do you recommend I do, maybe I'm missing something.

PHP Code:


<?
session_start();
header('Cache-control: private');
header('Content-Type: text/html; charset=utf-8');


include 'secure/config.inc.php';
include 'secure/functions.inc.php';


if($_SESSION[Language] <> "") 
    { $_LANGUAGE = $_SESSION[Language]; } 
else 
    { $_LANGUAGE = $_MODE[LANG]; }
    
if(file_exists("lang/{$_LANGUAGE}.php")) 
    { include "lang/{$_LANGUAGE}.php"; } 
else 
    { $_SESSION[Language] = $_MODE[LANG]; $_SESSION[LANG] = $_MODE[LANGSHORT]; redirect("{$_SERVER['HTTP_REFERER']}"); }
    
if($_MODE[URI] == 0) 
    { $URLLINK = $_LINK[LOCAL]; } 
else 
    { $URLLINK = $_LINK[GUNZ]; }
    
if(isset($_GET['gunz'])) 
    { $do = $_GET['gunz']; } 
else 
    { $do = "index"; }


$_ACCOUNT = mssql_fetch_row(mssql_query("SELECT 
        AID, UserID, UGradeID, RegDate, Name, Email, Age, Sex, ZipCode, Address, Country, Cert, Question, Answer, Coins, ECoins, Tokens, ImgURL, BirthYear, BirthMonth, BirthDay 
            FROM Account WHERE AID = '{$_SESSION[AID]}'"));


include 'others/bbcodes.php';
            
echo 
    '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
        <html>
            <head>
                <base href="'.$_URLLINK.'" />
                <link rel="shortcut icon" href="'.$_LINK[FAVICO].'" type="image/x-icon"/>
                <title>'.$_GUNZ[NAME].' » /Title/</title>
                <style type="text/css">
                <!--
                    @import \'css/style.css\';
                    @import \'css/main.css\';
                    
                    @import \'css/header.css\';
                    @import \'css/footer.css\'; 
                    
                    @import \'css/block.css\';
                    @import \'css/navigation.css\';';
                    echo ($_GET['gunz'] == 'account')         ?     "@import 'css/account.css'; @import 'css/checkpass.css';" : '';
                    echo ($_GET['gunz'] == 'clan')             ?     "@import 'css/rankings.css'; @import 'css/clan.css';" : '';
                    echo ($_GET['gunz'] == 'donate')         ?     "@import 'css/donate.css';" : '';
                    echo ($_GET['gunz'] == 'downloads')        ?    "@import 'css/downloads.css';" : '';
                    echo ($_GET['gunz'] == 'emblems')        ?    "@import 'css/emblem.css';" : '';
                    echo ($_GET['gunz'] == 'event' || 
                            $_GET['gunz'] == 'vip' || 
                            $_GET['gunz'] == 'rebirth')        ?    "@import 'css/account.css'; @import 'css/shop.css';" : '';
                    echo ($_GET['gunz'] == 'forums')        ?    "@import 'css/forum.css';" : '';
                    echo ($_GET['gunz'] == 'guilds')        ?    "@import 'css/guilds.css';" : '';
                    echo ($_GET['gunz'] == 'individuals')    ?    "@import 'css/individuals.css';" : '';
                    echo ($_GET['gunz'] == 'legends')        ?    "@import 'css/legends.css';" : '';
                    echo ($_GET['gunz'] == 'members')        ?    "@import 'css/members.css';" : '';
                    echo ($_GET['gunz'] == 'order')            ?    "@import 'css/account.css'; @import 'css/donate.css';" : '';
                    echo ($_GET['gunz'] == 'player')        ?    "@import 'css/rankings.css'; @import 'css/player.css';" : '';
                    echo ($_GET['gunz'] == 'profile')        ?    "@import 'css/rankings.css'; @import 'css/profile.css';" : '';
                    echo ($_GET['gunz'] == 'rankings')        ?    "@import 'css/rankings.css';" : '';
                    echo ($_GET['gunz'] == 'recover')        ?    "@import 'css/recover.css';" : '';
                    echo ($_GET['gunz'] == 'register')         ?     "@import 'css/register.css'; @import 'css/checkpass.css';" : '';
                    echo ($_GET['gunz'] == 'status')        ?    "@import 'css/status.css';" : '';
                    echo ($_GET['gunz'] == 'store')            ?    "@import 'css/store.css';" : '';
                    echo ($_GET['gunz'] == 'tags')            ?    "@import 'css/account.css'; @import 'css/tag.css';" : '';
                    echo ($_GET['gunz'] == 'user')            ?    "@import 'css/account.css'; @import 'css/user.css';" : '';
                echo ' -->
                </style>
                <!--[if gte IE 9]><script type="text/javascript" src="scripts/jquery-2.0.3.min.js"></script><![endif]-->
                <!--[if lte IE 8]><script type="text/javascript" src="scripts/jquery-1.10.2.min.js"></script><![endif]-->';
                
                
                echo ($_GET['gunz'] == 'register')        ?    '<script type="text/javascript" src="scripts/jquery-1.3.2.min.js"></script>' : 
                                                            '<script type="text/javascript" src="scripts/jquery-1.9.1.min.js"></script>';
                
                echo ($_GET['gunz'] == 'forums')        ?    "<script type=\"text/javascript\" src=\"jscolor/jscolor.js\"></script>
                                                            <script type=\"text/javascript\" src=\"scripts/forum.min.js\"></script>" : '';
                echo ($_GET['gunz'] == 'rebirth' || 
                        $_GET['gunz'] == 'event' || 
                        $_GET['gunz'] == 'vip' ||
                        $_GET['gunz'] == 'store')        ?    "<script type=\"text/javascript\" src=\"scripts/change.min.js\"></script>" : '';
            echo '</head>
            
            <body>
                <center>';
                    include "include/header.php";
                    echo '<div class="main">';
                            include "include/navigation.php";
                            if($_SESSION[AID] <> "") { include "include/block.php"; }
                            if($_MODE[WEB] == 1) 
                            {
                                if(file_exists("pages/gunz_".$do.".php"))
                                {
                                    include "pages/gunz_".$do.".php";
                                } else 
                                {
                                    include "pages/gunz_unavailable.php";
                                }                    
                            } elseif($_MODE[WEB] == 0)
                            {
                                if(!isset($_GET['gunz']))
                                {
                                    include "pages/gunz_index.php";
                                } else
                                {
                                    include "pages/gunz_maintenance.php";
                                }
                            }
                            echo '
                        </div>';
                    include "include/footer.php";
                echo '</center>
            </body>
        </html>';
?>

**Anju** · 05-11-13

gunz_login.php

PHP Code:


if($_SESSION[UGradeID] == 253)
{
 //ban message or whatever
}

You're using the website that I released, so it's easy to do something like that.

**Chrisss** · 05-11-13

Originally Posted by Anju

gunz_login.php

PHP Code:


if($_SESSION[UGradeID] == 253)
{
 //ban message or whatever
}

You're using the website that I released, so it's easy to do something like that.

Yeah, thats exactly what I wrote and added the setmsg inbetween but it didn't work, come on Skype..

**wesman2232** · 06-11-13

Anju's has SQL Protection o.o

But yeah, you just add what Anju said and boom, banned users can't login.

**Solaire** · 06-11-13

Originally Posted by Anju

gunz_login.php

PHP Code:


if($_SESSION[UGradeID] == 253)
{
 //ban message or whatever
}

You're using the website that I released, so it's easy to do something like that.

PHP: Arrays - Manual

Scroll down to Array do's and don'ts.

PHP Code

Thread Tools

Search Thread

PHP Code

Re: PHP Code

Re: PHP Code

Re: PHP Code

Re: PHP Code

Re: PHP Code

Re: PHP Code

Re: PHP Code

Re: PHP Code

Advertisement