I am using xxdashxx's ban script. Everything works well but when an ip got banned that user can ban anybody who he/she knows the ID of the user. Because the procedure is not checking if the password is correct or not ,it is just checking IP and ID if one of them matches it is banning the account.
procedure is :
Code:
--Check for IP ban, if so set the status of the user to banned. IF(SELECT COUNT(*) FROM [GM_Stuff].[dbo].[BannedIP] where [IP1] = @UserIP) > 0 BEGIN SET @Status = -2 UPDATE PS_UserData.dbo.Users_Master SET [Status] = @Status WHERE UserID = @UserID END IF(SELECT COUNT(*) FROM PS_UserData.dbo.Users_Master where [UserIp] = @UserIP and [Status] = '-2') > 0 BEGIN -- if previous section returns results witch means the ip is attatched to an account previously ip banned IF(SELECT COUNT(*) FROM [GM_Stuff].[dbo].[BannedIP] where [UserID] = @UserID) > 0 UPDATE [GM_Stuff].[dbo].[BannedIP] SET [LogAtempt] = 'TRUE' WHERE UserID = @UserID Else INSERT INTO [GM_Stuff].[dbo].[BannedIP] (UserID,BanDate,IP1,StaffID,StaffIP,[LogAtempt]) Values (@UserID,GETDATE(),@UserIP,'Log','127.0.0.1','TRUE') END
Could anybody fix that procedure to check Passwords as well besides IP and ID it should not ban if the pasword is incorrect.
Thanks