Fido Fido - 7 months ago 20
PHP Question

php/mysql process with user & admin privilege issue

I have this weekly countdown process and if a login user reaches the 0 weeks limit his page will be banned from the site, and that's fine, my problem is if i'm the admin i don't want this process to ban me, on this platform i have user and admin privileges like this: For admin: $user->isAdmin() and for the user : if($user->islg()

The php process is this:

if($user->islg()) {
function get_weeks_remaining($date, $expire){

$difference = strtotime($expire) - strtotime($date);
return floor($difference / 604800);

}
$link = mysqli_connect("localhost", "user", "password", "table");
$nume = $user->data->username;
$id = $user->data->id;
$date = date('m/d/Y h:i:s a', time());
$expire_date = 'May 14, 2016';
$remain = get_weeks_remaining($date, $expire_date);
$reason = 'user has been suspended';
// weeks remaining
$save=mysql_query("INSERT INTO `week-ferify`(`id`,`date`,`name`,`expire`,`remain`)VALUES('$id','$date','$name','$expire_date','$remain')");

$sql = "SELECT `id`,`remain` FROM `week-ferify`";
if($result = mysqli_query($link, $sql)){
if(mysqli_num_rows($result) > 0){
while(list($id,$remain) = mysqli_fetch_array($result)){
if($remain > 0 and $remain < 2){
echo "<div class=\"week-remain-box\"><span class='week-remain-text'>week remain</span><p class='week-remain-remain'>$remain</p></div>";
}else{
echo "<div class=\"week-remain-box\"><span class='week-remain-text'>weeks remains</span><p class='week-remain-remain'>$remain</p></div>";
//Ban process
} if ($remain > 0 and $remain < 2) {
mysql_query("UPDATE `mls_users` SET banned=0 WHERE id=$id");
} else {
mysql_query("UPDATE `mls_users` SET banned=1 WHERE id=$id");
mysql_query("INSERT INTO `mls_banned`(`id`,`until`,`by`,`reason`)VALUES('$id','1462317824','1','$reason')");
}
}
mysqli_free_result($result);
}
}
}


I don't know where to put $user->isAdmin() for not being banned by the process, and only simple users to get banned. Thanks for any advice, and sorry for my bad english.

Answer

Given that the $user->isAdmin() method returns true or false based on whether the user is an administrator:

Place an if statement before the actual ban code.

 //Ban process
 if ($remain > 0 and $remain < 2) {
    mysql_query("UPDATE `mls_users` SET banned=0 WHERE id=$id");
 } else {

   if(!$user->isAdmin()){
    mysql_query("UPDATE `mls_users` SET banned=1 WHERE id=$id");
    mysql_query("INSERT INTO `mls_banned`(`id`,`until`,`by`,`reason`)VALUES('$id','1462317824','1','$reason')");
    }
 }

However, if you can safely assume that the default setting for banned is 0. I suggest you place wrap the condition over the entire "banning code"

//Ban process
 if(!$user->isAdmin()){
    if ($remain > 0 and $remain < 2) {
    mysql_query("UPDATE `mls_users` SET banned=0 WHERE id=$id");
    } else {


    mysql_query("UPDATE `mls_users` SET banned=1 WHERE id=$id");
    mysql_query("INSERT INTO `mls_banned`(`id`,`until`,`by`,`reason`)VALUES('$id','1462317824','1','$reason')");

    }
 }

And also you should probably modify the counter too.