0

I've a login system written in PHP. When you login successfully;

<?php $_SESSION[session_id()] = "yourMemberIDHere"; ?>

When you log off;

<?php unset($_SESSION[session_id()]); ?>

Here is my problem. Admin can ban members. Banned members cannot login. But when a member gets banned while he/she online, it does not log off. Because I only do control of ban state at login.

So I know that somewhere in $_SESSION[] array a value equals to "myBannedMemberID". How can I find that $_SESSION key and unset it?

I thought foreach can be useful. But what if there are thousands of members online on my system?

Improve this question
6
  • Why not have a banned flag in the database and check that?
    – MisterBla
    Commented Jan 15, 2015 at 13:49
  • why you cant just use unset($_SESSION[session_id()]);? session_id() is unique for the visitor, you dont need to check the MemberId.
    – cari
    Commented Jan 15, 2015 at 13:50
  • I already have. Like I said I check it at login. But just at login. If I do this control all the time to see if member banned while online, won't it be too much load for server?
    – Diga
    Commented Jan 15, 2015 at 13:51
  • @cari because $_SESSION[session_id()]) contains administrators session id while admin bans members...
    – Diga
    Commented Jan 15, 2015 at 13:52
  • where is your CheckIfUserIsLoggedIn function? you have to rebuild that. Could you show the fragment of code where you do condition something like if ($_SESSION[session_id]) $userHasAccess = true; else goToLoginPage(); show us what is your function?
    – Alex
    Commented Jan 15, 2015 at 13:56

5 Answers 5

Reset to default
2

You can search in all the sessions:

foreach ($_SESSION as $name => $value) {
    if ($value == 'myBannedMemberID') {
       unset($_SESSION[$name]);
    }
}
Improve this answer
2
  • Do you think foreach is faster than array_search()?
    – Diga
    Commented Jan 15, 2015 at 14:06
  • No, is better use array_search. The only advantage I can see to use foreach ($_SESSION) is than you can keep a track for all your sessions if you need to do more processes.
    – JuanSedano
    Commented Jan 15, 2015 at 14:15
0

try with php function array_search

$key = array_search($myBannedMemberID, $_SESSION);
unset($_SESSION[$key]);

Documentation: http://php.net/manual/en/function.array-search.php

Improve this answer
0
0

Try something like this: 

<?php
if(isset($_SESSION['myBannedMemberID'])){
    unset ($_SESSION['myBannedMemberID']);
}
?>

You can also see all the items in the $_SESSION array by simply printing it like this: 

 print_r($_SESSION);

Hope this helps.

Improve this answer
1
  • Hmm. It'll always return false. Because there is no such thing as $_SESSION['myBannedMemberID']. I set $_SESSION with session_id(). I need $_SESSION[X] = "myBannedMemberID" So I need to find X
    – Diga
    Commented Jan 15, 2015 at 13:54
0

My previous answer was simply an example of unsetting that $_SESSION variable. But to actually kick that user off, you should probably write a function that checks the database for blocked or banned users, and if a row is returned for that users ID, you destroy their session and have a header redirect that brings them to the home page of your site or wherever you want to take them.

You'll then need to check if that user is blocked or banned in the login script as well.

I hope this advice helps you further.

Improve this answer
4
  • you should probably write a function that checks the database for blocked or banned users, and if a row is returned for that users ID, you destroy their session and have a header redirect that brings them to the home page of your site or wherever you want to take them. This is where I start thinking. When you have thousands of users clicking around your web site, can your server handle this much query easily?
    – Diga
    Commented Jan 15, 2015 at 14:05
  • Your server will be fine. You have other functions running constantly as every user loads a different page. This wouldn't be any different.
    – Jason Bassett
    Commented Jan 15, 2015 at 14:09
  • But that functions does not execute SQL queries. This wouldn't do any difference too?
    – Diga
    Commented Jan 15, 2015 at 14:20
  • No, it wouldn't make any difference. If my answer helped you in any way, please upvote it.
    – Jason Bassett
    Commented Jan 15, 2015 at 14:22
0

So you want to force logout someone who is logged in but got banned?

You pretty much need to do that where you store the current user's session information. Therefore either by checking user validity from db (or so) on each pageload OR going through session storage one by one and just delete the entry.

If you are using default settings (file based sessions), you could scandir(session_save_path()) and check each file, until you find the correct userid from there and delete the file.

EDIT: And to read the data correctly from these files (or where ever you store your data), check out this comment in php.net: http://php.net/manual/en/function.session-decode.php#108037

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.