1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do you temporarily ban a user?

Discussion in 'PHP & Perl' started by sfidirectory, Aug 23, 2011.

  1. sfidirectory

    sfidirectory Senior Member

    Joined:
    Mar 29, 2010
    Messages:
    899
    Likes Received:
    483
    Occupation:
    Web developer/BTC enthusiast
    Location:
    php artisan make:migration
    Home Page:
    Hi everyone,

    So I am nearly finished stage 1 of an auction site... At the moment the login/register and logout functions work as they are supposed to, the user can edit/update their details, and in my admin section I can edit and delete users. The only thing I really have left to do is to implement something that would temporarily block a user, which is where I am stuck... I am thinking of putting another column in my MySQL database and doing a query that checks to see if the row of a particular user has a value that designates them as being a blocked user. If anyone could help me out that would be brilliant, and I am able to upload source code if need be :).
     
  2. Mosquera

    Mosquera Newbie

    Joined:
    Feb 24, 2009
    Messages:
    32
    Likes Received:
    18
    Create two new columns on the mySQL database: a boolean one, bBanned; and an integer one, iBannedUntil.

    When you want to ban someone, get the time with time() and put in the database in the integer one, and set bBanned to true(1).
    Then on every login (or session checking) you can check with the boolean if he's banned. In case he is, get times values with time() again and compare. When time() is >= to iBannedUntil, set that and bBanned to 0.

    Hope you understand the logic.
     
    Last edited: Aug 23, 2011
  3. ``Yousef

    ``Yousef Power Member

    Joined:
    Oct 16, 2009
    Messages:
    534
    Likes Received:
    286
    Location:
    Cooking up the medicine.
    Home Page:
    Create a table with the following values;

    (I'm not sure if there is a BOOLEAN datatype, in which case use TINYINT(1))

    Now your ban script, integrate it of course to your current architecture:

    Script to ban user:

    PHP:
    $ban_user $_POST['ban_user'];
    $hrs $_POST['hrs'];
    $ban_time time() + ($hrs*(60*60));

    $conn mysql_connect(parameters); mysql_select_db(parameter);
    $query "INSERT INTO table_name (ban_user,banned_status,ban_time) VALUES ('$ban_user','1','$ban_time') ON DUPLICATE KEY UPDATE banned_status = '1', ban_time = '$ban_time'";

    $result mysql_query($query);

    mysql_close($conn);
    Script to check whether user is banned on login, should be placed at the top of your current login script:

    PHP:
    $conn mysql_connect(parameters); mysql_select_db(parameter);
    $query "SELECT * FROM table_name WHERE ban_user='$user_name'";
    $result mysql_query($query);
    $row mysql_fetch_assoc($result);

    if(
    $row['banned_status'] == 1) {
    if(
    $row['ban_time'] < time()) {
    $query "UPDATE table_name SET banned_status = '0', ban_time = '0' WHERE ban_user = '$username' ";
    $result mysql_query($query);
    mysql_close($conn);
    } else { 
    mysql_close($conn);
    header("Location: http://yourebannedpage.com"); }
    }
    I'm mad tired, and this is untested - and it's probably not the most efficient way to carry this out. But, if it doesn't work straight away, it's definitely close to what you're looking for.

    Obviously $username = the username that's posted when a user logs in, $ban_user = the username that's posted by you, $ban_time = the current time plus a posted amount of time ($hrs) in hours that you would like the user to be banned for, $banned_status = the status of a users ban, 0 or 1.

    I think it's actually possible to knock out the banned_status variable/column, but it saves an extra database query.

    Again, I'm mad tired ;).
     
    • Thanks Thanks x 2
  4. Mosquera

    Mosquera Newbie

    Joined:
    Feb 24, 2009
    Messages:
    32
    Likes Received:
    18
    You're right. I believe there was no BOOL datatype but tinyint(1) was the correct one.

    pd: only thing I would somehow change from your scheme is removing the banned_status column since if it's in the table it's probably it's already banned :p In which you could just delete the row (if I read alright, you're right about the hour heh)
     
    Last edited: Aug 23, 2011
  5. sfidirectory

    sfidirectory Senior Member

    Joined:
    Mar 29, 2010
    Messages:
    899
    Likes Received:
    483
    Occupation:
    Web developer/BTC enthusiast
    Location:
    php artisan make:migration
    Home Page:
    Hey everyone,

    Thanks for your help :) I created a new row called "blocked" in my db which was of type char(3) and made some php script that just updates that row for the user to 'yes' to block them (and 'no' to unblock them). I just adapted the ideas I used for my add and delete scripts (MySQL's "UPDATE..." statements are very useful :)).

    As for completely banning a user, I like Yousef's script and will test it out. It is not required for Stage 1 although I will like to do that for Stage 2. I had a minute to think and am thinking that to block a user for a set amount of time then have that block automatically removed (like being banned from a forum for a few days), I would tweak Yousef's solution a bit (not completely sure but at a glance it looks relatively straightforward to do).

    So for now Stage One is finished and all I have to do is to submit it for marking in 2 days time and hope I done good (there will most likely be bugs that I havn't noticed, but I took care of the ones I know that can occur). Can't wait to do Stage 2 as thats when the automation etc truly starts (eg bidding on auctions, auctions expiring, paying for an auction etc etc).

    Previously I used to just grab scripts off here and not take much notice of how they really work. Now I have a true appreciation and understanding of the amount of work that goes into something like this. You gain so much from doing something like this from scratch :D.
     
  6. ``Yousef

    ``Yousef Power Member

    Joined:
    Oct 16, 2009
    Messages:
    534
    Likes Received:
    286
    Location:
    Cooking up the medicine.
    Home Page:
    Glad your happy with it!

    Also, if you want to ban by days instead of hours you could use:

    PHP:
    $hours $_POST['hours'];
    $days $_POST['days'];

    if(!empty(
    $days)) {$hours 24}

    $ban_time time() + ($days*$hours*(60*60));
    That basically allows you to ban via either days or hours, and if you ban by days, automatically sets the hours to 24 (otherwise you'd have 7*60*60) which would be 7 hours instead of 7 days (if you had $days = 7; with no $hours value).
     
    Last edited: Aug 24, 2011
  7. xenon2010

    xenon2010 Regular Member

    Joined:
    Apr 27, 2010
    Messages:
    231
    Likes Received:
    48
    Occupation:
    web and desktop apps programmer
    Location:
    prison
    Home Page:
    you need new fields in your DB such as "isBanned = true or false", "BanDuration = date of the ban will be lifted", "BanReason = why the user was banned"...
    once the user logs in the script should check for those 3 fields from your DB.
    if there was a match you just transfer the banned user to banned.php page or disable certain functions on the website etc...
     
  8. akiaki

    akiaki Registered Member

    Joined:
    Aug 8, 2011
    Messages:
    87
    Likes Received:
    10
    You could adapt this to Mosquera's idea and make this column numeric and store a time value in it if you want it to be a temporary ban (that's what you said, right?). That way, the solution is still relative simple (0 or -1 is NOT banned, anything else is either the time of ban or the time to unban) even though the other ones suggested here are more fun and flexible.

    Just delete the account. ;) If your site doesn't have a pretty serious incentive for users to keep their original accounts or a way for you to identify them if they come back, they'll just sign up for another account. Pretty much the only way I can think of to prevent that is if you have their credit card, bank account or maybe phone number on file.