Am o tabela cu useri,se numeste users tabela si am o coloana cu user_status ma chinui ca userii care au "banned" in user_status sa fac tot posibilul sa nu aibe acces la site
Codul login.php
<?php session_start();
if(isset($_COOKIE["usNick"]) && isset($_COOKIE["usPass"])){ ?>
<META HTTP-EQUIV="REFRESH" CONTENT="0;URL=myaccount.php">
<?php
exit();
}
$display_error = "";
$username = "";
if ($_POST['username']) {
$username = $_POST['username'];
if( strtolower($_POST['code'])!= strtolower($_SESSION['texto'])){
$display_error = "* Security Code Error"; // error language
include ('error.php');
exit();
}else{
include('includes/config.inc.php');
$username=uc($_POST['username']);
$pass=uc($_POST['password']);
$password = sha1($pass);
if ($password==NULL) {
$display_error = "* All fields are required"; // error language
include ('error.php');
exit();
}else{
$myDb->connect();
$query = mysql_query("SELECT username,password FROM yob_users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($query);
$myDb->close();
if($data['password'] != $password) {
$display_error = "* Please, Check your username/password."; // error language
include ('error.php');
exit();
}else{
$myDb->connect();
$query = mysql_query("SELECT username,password FROM yob_users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$myDb->close();
$nicke=$row['username'];
$passe=$row['password'];
setcookie("usNick",$nicke,time()+7776000);
setcookie("usPass",$passe,time()+7776000);
$lastlogdate = date("F j, Y - g:i a");
$lastip = getRealIP();
$myDb->connect();
$querybt = "UPDATE yob_users SET lastlogdate='$lastlogdate', lastiplog='$lastip' WHERE username='$nicke'";
mysql_query($querybt) or die(mysql_error());
$myDb->close(); ?>
<META HTTP-EQUIV="REFRESH" CONTENT="0;URL=myaccount.php">
<?
}
}
}
}else{
include ('header.php');
?>
<div id="content1">
<p class="error"><?php echo $display_error;?></p>
<form action="login.php" method="post" class="f-wrap-1">
<div class="req"><a href="signup.php">Not Registered?</a><br /><a href="recoverpass.php">Forgot your Password?</a></div>
<fieldset>
<h3>Member Login</h3>
<label for="firstname"><b>Username:</b>
<input id="username" name="username" type="text" class="f-name" autocomplete="off" tabindex="1" /><br />
</label>
<label for="password"><b>Password:</b>
<input id="password" name="password" type="password" class="f-name" autocomplete="off" tabindex="2" /><br />
</label>
<label for="code"><b>Security Code:</b>
<input id="code" name="code" type="text" class="f-name" autocomplete="off" tabindex="3" /><br />
</label>
<label for="code2"><b> </b>
<img src="image.php?<?php echo $res; ?>" /><br />
</label>
<div class="f-submit-wrap">
<p>
<input type="submit" value="Submit" class="f-submit" tabindex="4" />
<br />
</p>
<p> </p>
</div>
</fieldset>
</form>
<p> </p>
<p> </p>
<p> </p>
<?php
include ('footer.php');
}
Restrictie login pt banati
Moderatori: Moderatori, Start Moderator
-
sergiu4995
- New Member
- Mesaje: 4
- Membru din: Mie Iul 06, 2016 10:21 pm
-
marianmp
- Average Member
- Mesaje: 190
- Membru din: Mie Noi 09, 2011 1:12 pm
- Localitate: https://micul-programator.ro
- Contact:
Re: Restrictie login pt banati
Te rog indenteaza codul, este foarte greu de urmarit, asa ca o sa iti explic doar logica.
Pentru utilizatorii deja logati ar trebui sa ai un query care sa le verifice statusul daca sunt banati atunci le dai un header location catre ceva sau le afisezi mesaj de eroare.
Pentru utilizatorii nelogati, in cazul de login trebuie sa fie o simpla verificare daca au statusul diferit de "banat" ii loghezi daca nu ca mai sus ii trimiti undeva sau mesaj de eroare
Pentru utilizatorii deja logati ar trebui sa ai un query care sa le verifice statusul daca sunt banati atunci le dai un header location catre ceva sau le afisezi mesaj de eroare.
Pentru utilizatorii nelogati, in cazul de login trebuie sa fie o simpla verificare daca au statusul diferit de "banat" ii loghezi daca nu ca mai sus ii trimiti undeva sau mesaj de eroare
-
sergiu4995
- New Member
- Mesaje: 4
- Membru din: Mie Iul 06, 2016 10:21 pm
Re: Restrictie login pt banati
Pana la urma tot i-am dat de capat
else{
$myDb->connect();
$query = mysql_query("SELECT username,password,user_status FROM yob_users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$myDb->close();
$is_admin = $row['user_status'];
if($is_admin == "banned") { $display_error = "* Your account has been banned!.";
include ('error.php');
exit();
} elseif($is_admin != "user" && $is_admin != "admin") {
$display_error = "* Your account has been banned!.";
include ('error.php');
exit();}
Iar pt cei deja logati la la paginile importante
Am facut acest cod
<?php include('includes/config.inc.php');
if(isset($_COOKIE["usNick"]) && isset($_COOKIE["usPass"])){ $user = $_COOKIE["usNick"];
$myDb->connect();
$sql = "SELECT * FROM yob_users WHERE username='$user'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$myDb->close();
$is_admin = $row['user_status'];
if($is_admin == "banned")
{ $display_error = "* Your account has been banned";
include ('error.php');
exit();
} }else{ $display_error = "* Your account has been banned";
include ('error.php');
exit();
}?>
else{
$myDb->connect();
$query = mysql_query("SELECT username,password,user_status FROM yob_users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$myDb->close();
$is_admin = $row['user_status'];
if($is_admin == "banned") { $display_error = "* Your account has been banned!.";
include ('error.php');
exit();
} elseif($is_admin != "user" && $is_admin != "admin") {
$display_error = "* Your account has been banned!.";
include ('error.php');
exit();}
Iar pt cei deja logati la la paginile importante
Am facut acest cod
<?php include('includes/config.inc.php');
if(isset($_COOKIE["usNick"]) && isset($_COOKIE["usPass"])){ $user = $_COOKIE["usNick"];
$myDb->connect();
$sql = "SELECT * FROM yob_users WHERE username='$user'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$myDb->close();
$is_admin = $row['user_status'];
if($is_admin == "banned")
{ $display_error = "* Your account has been banned";
include ('error.php');
exit();
} }else{ $display_error = "* Your account has been banned";
include ('error.php');
exit();
}?>
-
nevvermind
- Senior Member
- Mesaje: 1264
- Membru din: Mar Iun 22, 2010 3:17 pm
Re: Restrictie login pt banati
O fi, dar tot n-ai inteles , sa fie citite mai usor.
PS: Nu lua date din COOKIES sa fie folosite direct in mysql. Risti sa-ti fie compromisa aplicatia. Cauta "sql injection".
Cod: Selectaţi tot
sa-ti pui snippet-urile in tag-uri de codPS: Nu lua date din COOKIES sa fie folosite direct in mysql. Risti sa-ti fie compromisa aplicatia. Cauta "sql injection".
Facusi un canal de php pe freenode - ##php-ro : https://webchat.freenode.net/
-
sergiu4995
- New Member
- Mesaje: 4
- Membru din: Mie Iul 06, 2016 10:21 pm
Re: Restrictie login pt banati
Adica in loc de COOKIES sa pun SESSION?
-
marianmp
- Average Member
- Mesaje: 190
- Membru din: Mie Noi 09, 2011 1:12 pm
- Localitate: https://micul-programator.ro
- Contact:
Re: Restrictie login pt banati
vezi http://php.net/manual/ro/function.mysql ... string.php si o sa intelegi la ce sa referit nevvermind. Ti-am dat link la asta avand in vedere ca folosesti mysql, ar trebui sa faci upgrade fie la mysqli fie la pdo.
-
sergiu4995
- New Member
- Mesaje: 4
- Membru din: Mie Iul 06, 2016 10:21 pm
Re: Restrictie login pt banati
Multumesc pentru timpul acordat 
Cine este conectat
Utilizatori ce ce navighează pe acest forum: Niciun utilizator înregistrat și 55 vizitatori