<?php
include('session.php');
?>
<?php
require_once('mysql_connect.php');
$query2 ="SELECT id, username, banned FROM login WHERE username ='$login_session'";
$result2 = mysql_query($query2) OR die($mysql_error());
$row = mysql_num_rows($result2);
if($row['banned'] == 1) {
die();
}
?>
Session.php
<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "", "");
// Selecting Database
$db = mysql_select_db("", $connection);
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysql_query("select username from login where username='$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);
$login_session =$row['username'];
if(!isset($login_session)){
mysql_close($connection); // Closing Connection
header('Location: login.php'); // Redirecting To Home Page
}
?>
As you can see , im trying to stop people who are banned from loading profile.php
it doesnt stop the profile page from loading
As per the OP's wish:
You're using the wrong function for
$row
. Either use one that will fetch a row as an array, or changeif($row['banned'] == 1)
toif($row == 1)
to work withmysql_num_rows
.Footnotes:
Your present code is open to SQL injection. Use
mysqli
with prepared statements, or PDO with prepared statements, they're much safer.Example pulled from https://stackoverflow.com/a/6620252/
Edit:
If your
banned
row contains1
or0
to check if they're banned, then add another parameter to yourwhere
clause. I.e.:WHERE username ='$login_session' AND banned !=1
if banned column is anint
type. If not, wrap1
in quotes.0
, it's your choice.