...

View Full Version : If Row Doesn't Exist



Troy297
03-25-2007, 02:46 AM
Hey,

I am making a script that requires the user to login, but I am having a problem where if the user is logged in when you delete them from the database then they can continue to browse around the protected area until they logout, very bad. So my question is, in the code below that checks their session against the db using "WHERE username = '$username'" how can I make it so if their username doesn't match anything in the database they get redirected to the login (index.php) page?


<?php
session_start();
require('connect.php');
if($_SESSION['rp_logged'] == "TRUE") {
$username = $_SESSION['rp_username'];
$passwrd = $_SESSION['rp_passwrd'];
$rank = $_SESSION['rp_rank'];
$check = mysql_query("SELECT username, passwrd FROM rp_users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) {
if($passwrd != $info['passwrd']) {
unset($_SESSION['rp_logged']);
unset($_SESSION['rp_username']);
unset($_SESSION['rp_passwrd']);
unset($_SESSION['rp_djname']);
unset($_SESSION['rp_email']);
unset($_SESSION['rp_rank']);
header("Location: index.php");
}
if($password == "NULL"|$username == "NULL") {
unset($_SESSION['rp_logged']);
unset($_SESSION['rp_username']);
unset($_SESSION['rp_passwrd']);
unset($_SESSION['rp_djname']);
unset($_SESSION['rp_email']);
unset($_SESSION['rp_rank']);
header("Location: index.php");
}
if($_SESSION['rp_rank'] == "Suspended") {
header("Location: contact_public.php");
}
$query = mysql_query("SELECT username,djname,passwrd,rank,email FROM rp_users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$_SESSION["rp_logged"] = TRUE;
$_SESSION["rp_username"] = $row['username'];
$_SESSION["rp_passwrd"] = $row['passwrd'];
$_SESSION["rp_djname"] = $row['djname'];
$_SESSION["rp_email"] = $row['email'];
$_SESSION["rp_rank"] = $row['rank'];
}
}
else {
header("Location: index.php");
}
?>

Any help is great thanks!

iLLin
03-25-2007, 03:08 AM
If a username doesnt exist then it won't loop in the while. For example:



$check = mysql_query("SELECT username, passwrd FROM rp_users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) {

//if username doesn't match or doesnt exist this code WILL NOT HAPPEN

}


What you need to do is check the count, like so:



$check = mysql_query("SELECT username, passwrd FROM rp_users WHERE username = '$username'")or die(mysql_error());
if(mysql_num_rows($check) != 1) {
//do logout stuff
}


Side note, I would compare username AND session_id in the database.

-Dennis

Fumigator
03-25-2007, 03:10 AM
You can check the number of rows in the query results using mysql_num_rows() (http://us2.php.net/manual/en/function.mysql-num-rows.php). If mysql_num_rows() == 0, that user is not in the user table.

Also, to make sure a session gets completely cleaned out, you should do these three steps:


// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}

// Finally, destroy the session.
session_destroy();

Troy297
03-25-2007, 03:25 AM
Wow! Thanks for the fast and helpful responses. Haven't tried them yet but I will let you know if they don't work.

+Rep For Both Of You!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum