Picking up where we left off last time.
(still a part of the file ban_user.php)
Form Validation

We're going to create a JavaScript function called tooShort() to make sure that the staff member gives a ban reason of decent length. Since JavaScript is client-side, there's no page reload necessary.


<head>
<script type='text/javascript'>
function tooShort(elem, min){
var uInput = elem.value;
if(uInput.length > min){
return true;
}else{
alert("Please enter a reason that is at least " +min+ " characters long.";
elem.focus();
return false;
}
}
</script>
</head>


Now, let's modify the submit button we created previously to work with this new function:

<input type='submit'
onclick="tooShort(document.getElementById('reason', 7)"
value='Submit' />


That small bit of JavaScript code will keep your site's staff from posting a ban reason that isn't of decent length.
Now, we'll get on to using PHP to insert the submitted data into the table we created.
Also, since I don't know whether your log in system uses cookies or session, we'll just pretend that you're storing the cookie or session in a variable called $user and that your table is called 'members'.


<?php
if(isset($_POST['submit']) > ""{
//further form length validation

$sql=mysql_query("SELECT * FROM members WHERE `username`='$_POST[username]'";
$rows=mysql_fetch_array($sql);
//setting variables equal to the table info (optional)
$user=$rows[username];

//cleanse input, even on a Mod/Admin only page

$ban_time=mysql_real_escape_string(time()+$_POST[ban_time]);
/*Here we add the time they were banned on to the current time via the PHP time() function*/

$username=mysql_real_escape_string($_POST[username]);
$reason=mysql_real_escape_string($_POST[reason]);

$banned_by=mysql_real_escape_string($_POST[banned_by]);
//date the user was banned
$date = mysql_real_escape_string(date("m/d/y");

/* Here, we're setting up a switch statement to alter what value is held by the variable $ban_length based on how long they were banned for. All this variable will be is a phrase telling the banned user how long they were banned. If you selected 1 Hour as there ban time, 1 hour is inserted into the length field.
*/
switch ($_POST[ban_time]){

case 3600:
$ban_length='1 hour';
break;

case 10800:
$ban_length='3 hours';
break;

case 43200:
$ban_length='12 hours';
break;

case 86400:
$ban_length='1 day';
break;

case 259200:
$ban_length='3 days';
break;

case 1814400:
$ban_length='1 week';
break;

case unban:
$ban_length='unban';
break;
}

//Deletes the user from the bans table if unban is selected
if($ban_length=='unban'{
mysql_query("DELETE FROM `bans` WHERE`username`='$_POST[username]'";
echo '$username successfully unbanned.';
}
else {
//Checks if the selected user is banned
$dupecheck = "SELECT * FROM bans WHERE username = '". $username."'";

//If they aren't in the bans table, put them in it if(mysql_num_rows(mysql_query($dupecheck))==0)
{
//Inserts submitted data with the values in the variables
mysql_query("INSERT INTO bans(`username`,`time`,`reason`,`banned_by`,`date`,`length`)
VALUES ('$username','$ban_time','$reason','$banned_by','$date','$ban_length'";
echo "$username banned successfully.";
}

//If the user is already banned
elseif(mysql_num_rows(mysql_query($sqlCheckForDuplicate)) >=1){
echo '$username has already been banned.';
}
}
?>

All of this is useless unless we set something to happen if the user is in the ban table. The last thing we'll do in this ban_user.php file is include the file we're about to make inside of the <?php tag.

include 'check.php';

Ban Function
Now, for the final part of this tutorial, we'll create a file containing a PHP function that will check to the bans table for the user(s) accessing the page. Remember, I'm assuming that on EVERY page you're holding the username in the variable $user:
check.php


function check($user){
//add database connection info here
//current time
$now = time();
$info="SELECT * FROM bans";
$r=mysql_fetch_array(mysql_query($info));
//if the user exists in the bans table, redirect them to a certain file
if(mysql_num_rows(mysql_query("SELECT * FROM bans WHERE username='$user' AND time>$now")>0){

header("location:banned.php";
if(time()-$r[time]>='$now'{
/*If the current time is greater than or equal to the ban time in the database, delete that user from the bans table*/

/*deletes your info from the ban table if the current time is greater than the time in the table*/
mysql_query("DELETE FROM bans WHERE `username`='$user' AND `time`<='$now'";
}
}
//Deletes any expired ban
mysql_query("DELETE FROM bans WHERE `time`<='$now+$r[time]'";
}
/* This makes everything work. This executes the banCheck function. For every file that you want to keep banned users away from (likely all of them), just use the PHP include function to include the file with the check() function*/
check($user);


In the banned.php file, you can have it tell the user all of their ban info. banned.php:

<?php
//include the file with the check() function
include 'check.php';


<?php
/* Displays who you were banned by, the reason for your banning, the date you were banned, and the length you were for.*/

$check=mysql_query("SELECT * FROM bans WHERE username='$user'";
$nums=mysql_num_rows($check);
if($nums>0){
$rows=mysql_fetch_array($check);
$username=$rows['username'];
$reason=$rows['reason'];
$banned_by=$rows['banned_by'];
$date=$rows['date'];
$length=$rows['length'];

echo "
<font size=1>You are banned.</font><br>
<center><font size=1><font color=red>Ban Details</font></font></center>
<br>
<font size=1>Banned By: <center>$banned_by</center></font>
<br>
<font size=1>Banned on: <center>$date</center></font>
<br>
<font size=1>Banned until: <center>$length</center></font>
<br>
<font size=1>Banned Reason: <center>$reason</center></font>
";
}
else{
//kills the file if a non-banned user accesses the page
die();
}
?>


And that's about it! Yes, there are flaws with this ban system and definite improvements that could be made, such as checking for the IP of the current page viewer in the bans table. However, made this as a proof of concept and was meant to be a simple example. Feel free to voice your opinions. I'm sure I messed up somewhere.