How to disable a user’s account in PHP/MySQL

@newuserphpFeb 26.2015

Hi,

I’m in a bit of a pickle.

My website needs to be able to “~~[B]~~disable[/B]” or “~~[B]~~de-activate[/B]” a user’s account (as per the user’s request, of course)

Actually, the link I put in my website is to “~~[B]~~Delete[/B]” the account completely.

But, from experience, I know that it is simply good practice to never completely erase a user’s account from your database. It’s best to simply disable it somehow, so the user can no longer log-in. But, the account itself should remain in the database archives, for various obvious reasons.

And, therein lies my dilemma.

I know how to delete an account using my PHP code (a simple MySQL Delete Query is all that’s needed). This is easy.

However, I have no idea how to disable/deactivate an account in a MySQL database, so that the user is no longer able to log into my website.

Extensive online searched have yielded nothing.

The only thing I was able to find was something about : ~~[B]~~REVOKE PRIVILEGES for user “login”.[/B]……….etc, etC

But, I wasn’t surprised when this did not work. It’s only server-side. It’s not possible to revoke privileges that were never ~~[B]~~GRANTED [/B]in the first place.

Any idea what sort of code I would need to disable/de-activate a user’s account in PHP ?

Thanks

to post a comment

PHP

11 Comments(s) _↴

@ginerjmFeb 26.2015 — #Not sure what you are trying to do. Do you have remote users with access to your system, ie, database privileges, and not just access to your application? Are you trying to remove those privileges? Or are you just trying to remove an ordinary appl user so he can't sign in to that appl?

If you don't want to delete a record why not add a status field to your table and mark him inactive and always check that field when someone attempts to sign in? Of course - once you remove someone/inactivate them, how would they get re-activated? Manually through you?

@NogDogFeb 26.2015 — #I'm pretty sure the "revoke privileges" stuff would be for database users, i.e. the user(s) you use to connect to the database, which would be different from web site users that your web application tracks, versus web host users that you use to do maintenance and configuration on your web host, versus FTP users, and so forth. At this point I'm guessing you mean web site users, in which case the above suggestion about a status field in the users table would be the most common solution.

@newuserphpauthorFeb 26.2015 — #I'm pretty sure the "revoke privileges" stuff would be for database users, i.e. the user(s) you use to connect to the database, which would be different from web site users that your web application tracks, versus web host users that you use to do maintenance and configuration on your web host, versus FTP users, and so forth. At this point I'm guessing you mean web site users, in which case the above suggestion about a status field in the users table would be the most common solution.[/QUOTE]

Thanks, NogDog

That would indeed appear to be the best solution

@newuserphpauthorFeb 26.2015 — #Not sure what you are trying to do. Do you have remote users with access to your system, ie, database privileges, and not just access to your application? Are you trying to remove those privileges? Or are you just trying to remove an ordinary appl user so he can't sign in to that appl?

If you don't want to delete a record why not add a status field to your table and mark him inactive and always check that field when someone attempts to sign in? Of course - once you remove someone/inactivate them, how would they get re-activated? Manually through you?[/QUOTE]

Thanks for the response

The idea is not to de-activate. It would only be that way to me, the website creator

to the user, the account would be "deleted"

@ginerjmFeb 26.2015 — #So? Same thing - you just have to write some code to do whatever you want to be done.

@rootFeb 26.2015 — #Don't you have a field in the DB that you can use to indicate that the account is dormant / deleted?

Perhaps a date joined field could have an invalid date like 00/00/0000 or 99/99/9999 and when reactivated is set to the new date.

If you feel like altering a table, maybe add a field called active and apply a -1 for deavtivated, 1 for active and 0 could represent a banned user...

@LandslydeFeb 27.2015 — #Set another field in your user account called 'active' and set it to false (T or F) when the user (or you) wants his account deactivated. That way no information is lost. Put a line of code in that checks this new field to determine if they get to login or not. And you can easily go in with phpAdmin or (my personal favorite) Adminer and make the changes to this field as needed.

@LandslydeFeb 27.2015 — #Sorry, I missed ginerjm's response. He gave you the answer before me.

@newuserphpauthorFeb 27.2015 — #Sorry, I missed ginerjm's response. He gave you the answer before me.[/QUOTE]

Yep, he already did ?

@Vikas_PatelFeb 28.2015 — #MySQL. The world's most popular open source database. Contact MySQL ... To remove an account, use the DROP USER statement, which is described in Section 13.7.1.2, “DROP USER Syntax”.

@newuserphpauthorFeb 28.2015 — #MySQL. The world's most popular open source database. Contact MySQL ... To remove an account, use the DROP USER statement, which is described in Section 13.7.1.2, “DROP USER Syntax”.[/QUOTE]

You should probably read the [B]WHOLE THREAD[/B] before posting a reply.

You'd be surprised how less silly your response would be.

Also in #PHP _↴

PHP css switcher [RESOLVED] variable not passed to included file ? on veiwing files and automailer/cron

Success!

Help @newuserphp spread the word by sharing this article on Twitter...

Tweet This

How to disable a user’s account in PHP/MySQL

11 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

How to disable a user’s account in PHP/MySQL

11 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

11 Comments(s) _↴

Also in #PHP _↴