Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder Troy297's Avatar
    Join Date
    Oct 2006
    Location
    Earth
    Posts
    314
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Question If Row Doesn't Exist

    Hey,

    I am making a script that requires the user to login, but I am having a problem where if the user is logged in when you delete them from the database then they can continue to browse around the protected area until they logout, very bad. So my question is, in the code below that checks their session against the db using "WHERE username = '$username'" how can I make it so if their username doesn't match anything in the database they get redirected to the login (index.php) page?

    PHP Code:
    <?php
    session_start
    ();
    require(
    'connect.php');
    if(
    $_SESSION['rp_logged'] == "TRUE") { 
    $username $_SESSION['rp_username']; 
    $passwrd $_SESSION['rp_passwrd']; 
    $rank $_SESSION['rp_rank']; 
    $check mysql_query("SELECT username, passwrd FROM rp_users WHERE username = '$username'")or die(mysql_error()); 
    while(
    $info mysql_fetch_array$check )) { 
    if(
    $passwrd != $info['passwrd']) { 
    unset(
    $_SESSION['rp_logged']); 
    unset(
    $_SESSION['rp_username']); 
    unset(
    $_SESSION['rp_passwrd']); 
    unset(
    $_SESSION['rp_djname']); 
    unset(
    $_SESSION['rp_email']); 
    unset(
    $_SESSION['rp_rank']); 
    header("Location: index.php"); 

    if(
    $password == "NULL"|$username == "NULL") {
    unset(
    $_SESSION['rp_logged']); 
    unset(
    $_SESSION['rp_username']); 
    unset(
    $_SESSION['rp_passwrd']); 
    unset(
    $_SESSION['rp_djname']); 
    unset(
    $_SESSION['rp_email']); 
    unset(
    $_SESSION['rp_rank']); 
    header("Location: index.php"); 
    }
    if(
    $_SESSION['rp_rank'] == "Suspended") {
    header("Location: contact_public.php");
    }
    $query mysql_query("SELECT username,djname,passwrd,rank,email FROM rp_users WHERE username = '$username'") or die(mysql_error());
    $row mysql_fetch_array($query);
    $_SESSION["rp_logged"] = TRUE;
    $_SESSION["rp_username"] = $row['username'];
    $_SESSION["rp_passwrd"] = $row['passwrd'];
    $_SESSION["rp_djname"] = $row['djname'];
    $_SESSION["rp_email"] = $row['email'];
    $_SESSION["rp_rank"] = $row['rank'];
    }
    }
    else { 
    header("Location: index.php"); 

    ?>
    Any help is great thanks!
    Everyone hears what you say, friends listen to what you say, best friends listen to what you don't say.
    Radio DJ Panel v3 - It's Here!

  • #2
    Regular Coder
    Join Date
    Oct 2005
    Location
    Right Here
    Posts
    654
    Thanks
    1
    Thanked 0 Times in 0 Posts
    If a username doesnt exist then it won't loop in the while. For example:

    PHP Code:
    $check mysql_query("SELECT username, passwrd FROM rp_users WHERE username = '$username'")or die(mysql_error()); 
    while(
    $info mysql_fetch_array$check )) {  

    //if username doesn't match or doesnt exist this code WILL NOT HAPPEN


    What you need to do is check the count, like so:

    PHP Code:
    $check mysql_query("SELECT username, passwrd FROM rp_users WHERE username = '$username'")or die(mysql_error()); 
    if(
    mysql_num_rows($check) != 1) {
    //do logout stuff

    Side note, I would compare username AND session_id in the database.

    -Dennis

  • #3
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    You can check the number of rows in the query results using mysql_num_rows(). If mysql_num_rows() == 0, that user is not in the user table.

    Also, to make sure a session gets completely cleaned out, you should do these three steps:
    PHP Code:
    // Unset all of the session variables.
    $_SESSION = array();

    // If it's desired to kill the session, also delete the session cookie.
    // Note: This will destroy the session, and not just the session data!
    if (isset($_COOKIE[session_name()])) {
       
    setcookie(session_name(), ''time()-42000'/');
    }

    // Finally, destroy the session.
    session_destroy(); 

  • #4
    Regular Coder Troy297's Avatar
    Join Date
    Oct 2006
    Location
    Earth
    Posts
    314
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Wow! Thanks for the fast and helpful responses. Haven't tried them yet but I will let you know if they don't work.

    +Rep For Both Of You!
    Everyone hears what you say, friends listen to what you say, best friends listen to what you don't say.
    Radio DJ Panel v3 - It's Here!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •