simple. but urgent thanks - mysql basics

mrxxlphp

Ok here my problem. I have users registered in a MySql database. Now what I need to do is, when a user logs in I need to check if the banned column next to there username is set to 1. If it is then I want to redirect to another page, if not go to loggedon.php.

So how do I do this, oh and one more question how do I get a standard $variable out of a mysql database.

Thanks in advance.

P.S. I need to connection script in it as well.

dbchip2000

mysql_pconnect("DB_HOST","DB_USER","DB_PASS");
mysql_select_db("DB_NAME");

$user=mysql_query("SELECT * FROM users WHERE username='".stripslashes$_POST["username"])."' LIMIT 0,1");
$user=mysql_fetch_array($user);
if ($user["banned"]=="1") {
     header("Location: another_page.php");
} else {
     header("Location: loggedon.php");
}

Also, you will have to make sure they submitted the form before it queries.
I'm not sure what you mean about a standard $variable though

mrxxlphp

Thanks for that, by standard variable i meen like this

$message = "$welcome_message";

so lets say that $welcome_message was held in a databse, how would i get it out.

Thanks

dbchip2000

Oh, okay, just a sample DB Table, but mysql_fetch_array, gets an array of the record with the keys as the field name, so I am making message the field that has the welcome message

# assume database connection

$welcome_message=mysql_fetch_array(mysql_query("SELECT * FROM messages WHERE name='welcome_message' LIMIT 0,1"));
# assuming it is for sure in there
$message=$welcome_message["message"];

mrxxlphp

Ok, im getting a few errors:

mysql_pconnect("localhost","master","password"); 
mysql_select_db("tcomuk_pchat4"); 

$user=mysql_query("SELECT * FROM users WHERE username='".stripslashes$_POST["username"])."' LIMIT 0,1"); 
$user=mysql_fetch_array($user); 
if ($user["banned"]=="1") { 
     header("Location: another_page.php"); 
} else { 
     header("Location: loggedon.php"); 
}

now my username colum is called username and my table and my table is called c_reg_users.

Thnk you can help me

thanks,

mrxxlphp

oh and the variable $username is coming from a cooke not post

thanks

dbchip2000

$_COOKIE["username"] - "username" is the name of the cookie
You should also be careful with your authentication. Someone could potentially create their own cookie and this means would give them access, you should add an encrypted password or and MD5 hash of their password to confirm (if that is how you are developing this).

I suggest you use $_COOKIE["username"] method instead of $username and have register globals on in php.ini. Otherwise, someone could add a ?username=Admin to the end of this php file, just a though

mysql_pconnect("localhost","master","password");  

mysql_select_db("tcomuk_pchat4");  

$user=mysql_query("SELECT * FROM c_reg_users WHERE username='".stripslashes($_COOKIE["username"])."' LIMIT 0,1");  

$user=mysql_fetch_array($user);  

if ($user["banned"]=="1") {  

     header("Location: another_page.php");  

} else {  

     header("Location: loggedon.php");  

}

mrxxlphp

Thanks for all your help so far, just one last thing.

I have a table in my username colum, now when a user hits my index.php file i want it to check for a cookie called userid.

if this cokie is not there then the sctipy should do nothing, if it is there it should check in a colum called 'go'. If the colum 'go' i empty again the sctipy shoudl do nothing but if it has a value you in it i want the user to be taken to that location.

i.e http://www.hotmail.com

thuis would be handy if i needed to redirect only a certain user to a certain page.

Thanks

dbchip2000

Sure, this may take some customization on your side

# index.php
# assume DB connection

$go="";
if ($_COOKIE["userid"]!="") {
# I don't know what column the $_COOKIE["userid"] should refer with, I'll use the username field again
     $user=mysql_fetch_array(mysql_query("SELECT * FROM c_reg_users WHERE username='".stripslashes($_COOKIE["userid"])."' LIMIT 0,1"));
     $go=$user["go"];
}
if ($go!="") {
     header("Location: ".$go);
}

dbchip2000

I've made a mistake in my suggestions that can cause a security flaw on your side :-( very sorry! But it should be addslashes instead of stripslashes.