So I'm just editing a website but I need a code that when you try to log in, it checks to see if your banned or not, if you are it shows a message saying your banned but if your not UGrade 253 it lets you go as normal.
Cheers.
Printable View
So I'm just editing a website but I need a code that when you try to log in, it checks to see if your banned or not, if you are it shows a message saying your banned but if your not UGrade 253 it lets you go as normal.
Cheers.
You can do something like this, in mssql_* functions style.
Replace clean function with your own clean function.
PHP Code:<?php
$q = mssql_query("SELECT UGradeID FROM Account WHERE UserID = '" . clean($_POST['userid']) . "'");
$grade = mssql_result($q, 0, 'UGradeID');
if($grade != 253){
// Continue
}else{
// Banned
}
?>
Dave, what do you mean by replace your clean function with my own, the website I am using don't have one.
You need to use a function to prevent SQL injection.
If you don't, it's rather easy to exploit.
This is my index.php, what do you recommend I do, maybe I'm missing something.
PHP Code:<?
session_start();
header('Cache-control: private');
header('Content-Type: text/html; charset=utf-8');
include 'secure/config.inc.php';
include 'secure/functions.inc.php';
if($_SESSION[Language] <> "")
{ $_LANGUAGE = $_SESSION[Language]; }
else
{ $_LANGUAGE = $_MODE[LANG]; }
if(file_exists("lang/{$_LANGUAGE}.php"))
{ include "lang/{$_LANGUAGE}.php"; }
else
{ $_SESSION[Language] = $_MODE[LANG]; $_SESSION[LANG] = $_MODE[LANGSHORT]; redirect("{$_SERVER['HTTP_REFERER']}"); }
if($_MODE[URI] == 0)
{ $URLLINK = $_LINK[LOCAL]; }
else
{ $URLLINK = $_LINK[GUNZ]; }
if(isset($_GET['gunz']))
{ $do = $_GET['gunz']; }
else
{ $do = "index"; }
$_ACCOUNT = mssql_fetch_row(mssql_query("SELECT
AID, UserID, UGradeID, RegDate, Name, Email, Age, Sex, ZipCode, Address, Country, Cert, Question, Answer, Coins, ECoins, Tokens, ImgURL, BirthYear, BirthMonth, BirthDay
FROM Account WHERE AID = '{$_SESSION[AID]}'"));
include 'others/bbcodes.php';
echo
'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<base href="'.$_URLLINK.'" />
<link rel="shortcut icon" href="'.$_LINK[FAVICO].'" type="image/x-icon"/>
<title>'.$_GUNZ[NAME].' » /Title/</title>
<style type="text/css">
<!--
@import \'css/style.css\';
@import \'css/main.css\';
@import \'css/header.css\';
@import \'css/footer.css\';
@import \'css/block.css\';
@import \'css/navigation.css\';';
echo ($_GET['gunz'] == 'account') ? "@import 'css/account.css'; @import 'css/checkpass.css';" : '';
echo ($_GET['gunz'] == 'clan') ? "@import 'css/rankings.css'; @import 'css/clan.css';" : '';
echo ($_GET['gunz'] == 'donate') ? "@import 'css/donate.css';" : '';
echo ($_GET['gunz'] == 'downloads') ? "@import 'css/downloads.css';" : '';
echo ($_GET['gunz'] == 'emblems') ? "@import 'css/emblem.css';" : '';
echo ($_GET['gunz'] == 'event' ||
$_GET['gunz'] == 'vip' ||
$_GET['gunz'] == 'rebirth') ? "@import 'css/account.css'; @import 'css/shop.css';" : '';
echo ($_GET['gunz'] == 'forums') ? "@import 'css/forum.css';" : '';
echo ($_GET['gunz'] == 'guilds') ? "@import 'css/guilds.css';" : '';
echo ($_GET['gunz'] == 'individuals') ? "@import 'css/individuals.css';" : '';
echo ($_GET['gunz'] == 'legends') ? "@import 'css/legends.css';" : '';
echo ($_GET['gunz'] == 'members') ? "@import 'css/members.css';" : '';
echo ($_GET['gunz'] == 'order') ? "@import 'css/account.css'; @import 'css/donate.css';" : '';
echo ($_GET['gunz'] == 'player') ? "@import 'css/rankings.css'; @import 'css/player.css';" : '';
echo ($_GET['gunz'] == 'profile') ? "@import 'css/rankings.css'; @import 'css/profile.css';" : '';
echo ($_GET['gunz'] == 'rankings') ? "@import 'css/rankings.css';" : '';
echo ($_GET['gunz'] == 'recover') ? "@import 'css/recover.css';" : '';
echo ($_GET['gunz'] == 'register') ? "@import 'css/register.css'; @import 'css/checkpass.css';" : '';
echo ($_GET['gunz'] == 'status') ? "@import 'css/status.css';" : '';
echo ($_GET['gunz'] == 'store') ? "@import 'css/store.css';" : '';
echo ($_GET['gunz'] == 'tags') ? "@import 'css/account.css'; @import 'css/tag.css';" : '';
echo ($_GET['gunz'] == 'user') ? "@import 'css/account.css'; @import 'css/user.css';" : '';
echo ' -->
</style>
<!--[if gte IE 9]><script type="text/javascript" src="scripts/jquery-2.0.3.min.js"></script><![endif]-->
<!--[if lte IE 8]><script type="text/javascript" src="scripts/jquery-1.10.2.min.js"></script><![endif]-->';
echo ($_GET['gunz'] == 'register') ? '<script type="text/javascript" src="scripts/jquery-1.3.2.min.js"></script>' :
'<script type="text/javascript" src="scripts/jquery-1.9.1.min.js"></script>';
echo ($_GET['gunz'] == 'forums') ? "<script type=\"text/javascript\" src=\"jscolor/jscolor.js\"></script>
<script type=\"text/javascript\" src=\"scripts/forum.min.js\"></script>" : '';
echo ($_GET['gunz'] == 'rebirth' ||
$_GET['gunz'] == 'event' ||
$_GET['gunz'] == 'vip' ||
$_GET['gunz'] == 'store') ? "<script type=\"text/javascript\" src=\"scripts/change.min.js\"></script>" : '';
echo '</head>
<body>
<center>';
include "include/header.php";
echo '<div class="main">';
include "include/navigation.php";
if($_SESSION[AID] <> "") { include "include/block.php"; }
if($_MODE[WEB] == 1)
{
if(file_exists("pages/gunz_".$do.".php"))
{
include "pages/gunz_".$do.".php";
} else
{
include "pages/gunz_unavailable.php";
}
} elseif($_MODE[WEB] == 0)
{
if(!isset($_GET['gunz']))
{
include "pages/gunz_index.php";
} else
{
include "pages/gunz_maintenance.php";
}
}
echo '
</div>';
include "include/footer.php";
echo '</center>
</body>
</html>';
?>
gunz_login.php
You're using the website that I released, so it's easy to do something like that.PHP Code:if($_SESSION[UGradeID] == 253)
{
//ban message or whatever
}
Yeah, thats exactly what I wrote and added the setmsg inbetween but it didn't work, come on Skype..Quote:
Originally Posted by Anju
Anju's has SQL Protection o.o
But yeah, you just add what Anju said and boom, banned users can't login.
PHP: Arrays - ManualQuote:
Originally Posted by Anju
Scroll down to Array do's and don'ts.