I can't make this script work...

Hello guys, i want to made some “Ban restrictions” on my panel.
So i made this script to show an error that the user is banned on my panel:

[code]<?php
if($_SESSION[‘userid’]==$id)
{

$ban = mysql_query(‘select blevel from users’);
$bann(mysql_fetch_array($ban);

if($bann[‘blevel’]==“Banned”) {
?>

You're banned on this panel.

		<?php

} }
?>
[/code]
But it seems that is not working… What i wrote wrong ?

I tried this with but still no effect, it shows me blank page.

[code]<?php
if($_SESSION[‘userid’]==$id)
{

$ban = mysql_query(‘select blevel from users’);
while($bann(mysql_fetch_array($ban))
{
if($bann[‘blevel’]==“Banned”) {
?>

You're banned on this panel.

		<?php

} } }
?>
[/code]

You need to be using MySQLi or PDO for your queries.

As per your question, you’re not matching it against anything, your query should be something like:

This query is in PDO:

[PHP]

<?php $statement = $dbconn->prepare(" SELECT belevel FROM users WHERE userid = :userid "); $statement->execute([ ":userid" => $_SESSION['SESS_USERID'] ]); $result = $statement->fetchAll(PDO::FETCH_ASSOC); if ($result){ echo 'You are banned from this panel'; }else { showPanel(); } ?>

[/PHP]

I just want to add a quick note (My opinion) that a user should never be told they were banned or don’t have access to a webpage, simply redirect them to a non-restricted page. As a matter of fact, on my website a person has to be logged in and if they don’t have high enough access they don’t even see the page(s) that people who do have the higher access. Even if they do stumble across they would still be redirected to a non-restricted page.

I would also rethink you logic with your script, for you should have the access level the part of your login.

For example I have this in my utilities file:
[php]// Check for a user in the session:
$user = (isset($_SESSION[“user”])) ? $_SESSION[“user”] : NULL;[/php]

Then on my about.php page I have it where only I can edit the text by having this at the start of my cms:
[php]if (isset($user) && $user->isSysop())[/php]

Of course this was done using OOP, but it can easily been done the procedural way.

In my opinion having the access level on login would make things much easier.

I solved it

I should use this script:

[code]<?php $req = mysql_query('select blevel from users where username="'.$_SESSION['username'].'"'); while($ban = mysql_fetch_array($req)) { ?>

<?php if($ban['blevel']=="Banned") { ?> <?php } } ?>[/code]

Thank’s guys for advices

Well no, you shouldn’t really use that script unless you want your entire website to be insecure and probably fail when your host upgrades to the next release of PHP.

mysql_query:

Source: http://php.net/manual/en/function.mysql-query.php

Well, when te script will fail, i will know that my mysql have an error

In the meantime all the script kiddies will be having a field day with the website. :o

Seriously though there is a reason why PHP is switching over to mysqli or PDO other than it is just going to be obsolete. An one of those reasons is[size=24pt] Security.[/size]

You’re wasting your time. If he wants to leave his website open to attack and face a possible £500,000 data protection fine it’s his choice. We can only advise, and advise those willing to listen.

Today i was forced to learn some pdo, so i switched the whole script.