Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 5 of 5
  1. #1
    Junior Member
    Join Date
    Mar 2012
    Posts
    1
    Member #
    31262
    PHP Code:

    <?php
    session_start
    ();

    include (
    "connection.php");
    if (
    $_SESSION['banned'] == 1)
    die (
    "Your Account Has Been Disabled, Please Contact An Administrator!");
     
    ?>
    Can someone modfi this from using sessions to something more better, when i ban a user they wont be banned untill they login again so the session can be set, Need something that will say if theres 1 = in the database (1 means your banned) for that user then kill the script, Next time they refresh the page, It be alot easier and better, or something that can destroy the sessions if it == 1 so they have to login again to apply the sessions.

  2.  

  3. #2
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,716
    Member #
    5580
    Liked
    718 times
    This will involve two steps:

    1) When they are banned, you set a 1 in the 'ban' column.
    When they try to log-in, it sees that 1 and doesn't let them login.

    2) They might already be logged in when they get banned.
    So, on every page where to test the login SESSION, you'll need to also
    query the database to check for the 1 in the 'ban' column. I imagine
    it's possible to destroy their SESSION specifically, but I think it's harder
    to determine which SESSION is theirs. You don't want to kill everyone.

    Querying each time (each refresh) to check for that '1' in the table column
    will add processing time. Maybe someone (not myself) knows a lot about
    SESSION storage on the server. Meanwhile, I would query the database
    for that '1' at the same time you're checking to see if they are logged-in.


  4. #3
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    Doesn't php have a session timeout setting ? I think that the term "banned" might not be the appropriate word... If I'm reading this correctly, he's just wanting to check to see if the session is still active and if it's not, bounce them to a login...

    It that's the case, instead of reading and checking the DB, in asp I set a session variable called. "check"... To ok, then on every page theres a simple check to see if session("check") ="ok"... If so page loads, if not, either the visitors session has died ( based on timeout ), and the user is redirected to the login page... Also keeps users from "backing" into the system.

    Session variables also are destroyed when a browser is closed ( why most banks request you close your browser when you're done banking )... Especially if you happen to be on a system that other people have access to.

  5. #4
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,716
    Member #
    5580
    Liked
    718 times
    The session checking is done as I mentioned in my "step 1".

    Step 2 is the questionable thing ...

    I thought he was concerned that a person was logged-in and using the site.
    During that time, they did something offensive that caused a moderator to ban them.
    The very next time the person refreshes or navigates to another page, they are finished.

    The session will not have timed-out yet even though the moderator has banned them.
    So, my thought is to not only check the session (as normal), but also check their
    row in the database table to see if the moderator has put a '1' in the ban column.
    That query would happen for everyone. I'm not sure what impact that would have
    on CPU time, memory, bandwidth, etc.


  6. #5
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    Yeah, not quite sure about the term banned in this instance...

    I use IP Blocking... I don't have to kill the session... In asp I just insert a response.end if I detect something, write their ip to the running list... I set their ip as a session variable as well when they login... The do something wrong, move their ip address from a session variable to a block list, kill their session, force them back to a login page... Since their ip address is now in the block list, they can login, but see nothing.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 03:06 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com