0

I am attempting to create a script which checks to see if the user has a warning level of less than 3.

Basicaly, I want to automatically deny any account which has a Warning Level (stored in the Database) of 3 or more from logging in but whenever I attempt to run it I always get denyed regardless of what level I set myself to.

This is what I have so far:

<?php
    session_start();

    $Connection = mysql_connect("localhost","root","password") or die ("Login Fail");
    mysql_select_db("database") or die ("Cannot Find DB");

    if(isset($_SESSION['Logged']))
    {
        die(header ('Location: ../Pages/Members.php'));
    }

        $Username   = strip_tags(strtolower($_POST['Username']));
        $Password   = strip_tags(md5($_POST['Password']));

       $mysql = mysql_query("SELECT * FROM Member_Data WHERE Username = '$Username' AND Password = '$Password'");
       if(mysql_num_rows($mysql) < 1)
       {
         die(header('Location: Errors/Password.php'));
       }

        $Ban_Check = mysql_query("SELECT Warning_Level FROM Member_Data WHERE Username = '$Username'");
        if($Warning_Level > 3)
        {

           $_SESSION['Logged'] = "YES";
           $_SESSION['Username'] = $Username;

           die(header('Location: ../Pages/Members.php'));

        }

        die("BAN LEVEL");

?>

I am sure this is something that's very simple but I just cannot get it to work... as I say, I always get the 'BAN LEVEL' message at the end.

Edited by Octet

1
Contributor
1
Reply
3
Views
5 Years
Discussion Span
Last Post by Octet
0

Never mind, made a stupid mistake:

<?php
    session_start();

    $Connection = mysql_connect("localhost","root","password") or die ("Login Fail");
    mysql_select_db("database") or die ("Cannot Find DB");

    if(isset($_SESSION['Logged']))
    {
        die(header ('Location: ../Pages/Members.php'));
    }

        $Username   = strip_tags(strtolower($_POST['Username']));
        $Password   = strip_tags(md5($_POST['Password']));

       $mysql = mysql_query("SELECT * FROM Member_Data WHERE Username = '$Username' AND Password = '$Password'");
       if(mysql_num_rows($mysql) < 1)
       {
         die(header('Location: Errors/Password.php'));
       }

        $Ban_Check = mysql_query("SELECT Warning_Level FROM Member_Data WHERE Username = '$Username'");
        while($Warning_Level = mysql_fetch_array($Ban_Check)){
        if($Warning_Level['Warning_Level'] < 3)
        {

           $_SESSION['Logged'] = "YES";
           $_SESSION['Username'] = $Username;

           die(header('Location: ../Pages/Members.php'));

        }

        die("BAN LEVEL");

        }

?>
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.