Loading for a very, very long time

[eluser]miauksius[/eluser]
Hi,

I added users_model to auto loading models array. In users_model constructor:

Code:

public function __construct ( )
    {
        parent :: __construct ( );
        $this -> updateUser ( );
    }

In updateUser:

Code:

if ( $this -> session -> userdata ( 'logged_in' ) == false )
            return;
        
        $this -> checkBan ( $this -> session -> userdata ( 'id' ) );

In checkBan:

Code:

public function checkBan ( $user_id )
    {
        $query = "SELECT users.username, bans.ban_reason
        FROM bans
        LEFT JOIN users ON users.user_id = bans.banned_by
        WHERE bans.ban_time > NOW()
        AND bans.banned_user =" . $user_id;
        $query = $this -> db -> query ( $query );
        
        if ( $query -> num_rows ( ) == 1 )
        {
            $query = $query -> result_array ( );
            $query = $query [ 0 ];
            
            $this -> session -> sess_destroy ();
            $this -> session -> set_flashdata ( 'error', 'Youre banned! Reason: ' . $query [ 'ban_reason' ] . '. Banned by: ' . $query [ 'username' ] );
            header ( 'Location: /m/index.php' );
            return true;
        }
        
        return false;
    }

When user is banned, page loads for about 10 seconds, but {elapsed_time} shows only about 0.1..., maybe someone understands why? And one more interesting thing: session is not being destroyed

[eluser]timtheelephant[/eluser]
I'm not sure on the actual issue's solution, but one thing I highly recommend you consider is using parameterized queries. It's not a big risk, but it is good practice.

Code:

$query = "SELECT users.username, bans.ban_reason
        FROM bans
        LEFT JOIN users ON users.user_id = bans.banned_by
        WHERE bans.ban_time > NOW()
        AND bans.banned_user =?";
$query = $this -> db -> query ( $query, Array($user_id) );

You also may want to consider a more efficient method for checking if someone's banned, such as a file that holds a list of names or some sort of broadcast that your client listens for, rather than querying every time the user does something (which is how I assume this implementation is supposed to work). Your database is a large bottleneck, and the less queries you have to run against it, the quicker your application will run.

Also, did you mean to do

Code:

LEFT JOIN users ON users.user_id = bans.banned_by

It seems like that would not be how you'd want to join those tables. Could be as simple as a wrong field name on your right table.

[eluser]miauksius[/eluser]
I think I found what causes that long loading time: header(); but I don't understand why. It works fine in other controllers. I will use from now on parametrized queries, but are those values being sanitized?
About queries: i thought I will check if user is banned once a minute, but I just started building this and got this problem, so this is not finished yet.

[eluser]timtheelephant[/eluser]
Yes, parameterized queries are sanitized. You might also want to make absolutely sure that your query is working correctly when run in your SQL client. That would be the most likely culprit to me. Header shouldn't take that long to run.

[eluser]miauksius[/eluser]
I first write query in phpmyadmin, see if it works, and then put it in php. I commented header() and it runs normally. Something strange is going on

[eluser]timtheelephant[/eluser]
Using this code with two small (100 rows) test tables it works fine for me

Code:

<?php

class Test extends CI_Controller {
public function __construct()
{
  parent::__construct();
  
  $this->session->set_userdata(Array('logged_in'=>TRUE,'id'=>1));
}

public function index()
{
  $this->update_user();
}

private function update_user()
{
  if (FALSE === $this->session->userdata('logged_in'))
   return;
  
  if (!$this->check_ban($this->session->userdata('id')))
   echo 'You\'re not banned!';
}

public function check_ban($uid)
{
  $query = 'SELECT users.username FROM bans
   LEFT JOIN users ON users.user_id = bans.banned_user
   WHERE bans.ban_time > NOW(*) AND bans.banned_user=?';
  
  $res = $this->db->query($query, Array($uid));
  
  if ($res->num_rows() == 1)
  {
   $res = $res->result_array();
   $res = $res[0];
  
   $this->session->sess_destroy();
   //$this->session->set_flashdata('error', 'Blah blah blah');
   redirect(base_url());
  }
  
  return false;
}
}

Notice redirect instead of header, and not using flashdata. Your session was not being destroyed because it has to hit the browser before any other session data is set. It was just adding the flash data and leaving the session alone.
As for the header stuff, it may be something in your configuration. Try redirect and see if that makes a difference (though I'm pretty sure that's basically just using header anyway). It's in the URL helper.

[eluser]miauksius[/eluser]

Code:

public function updateUser ( )
    {
        if ( $this -> session -> userdata ( 'logged_in' ) == false )
            return;
        
        if ( $this -> checkBan ( $this -> session -> userdata ( 'id' ) ) )
        {
            $this -> session -> unset_userdata ( 'logged_in' );
            $this -> session -> set_flashdata ( 'error', 'Banned' );
            header ( 'Location: /m/index.php' );
            return;
        }
    }
    
    public function checkBan ( $user_id )
    {
        $this -> db -> select ( 'users.username, bans.ban_reason' );
        $this -> db -> from ( 'bans' );
        $this -> db -> join ( 'users', 'users.user_id = bans.banned_by', 'left' );
        $this -> db -> where ( 'bans.ban_time >', date ( 'Y-m-d H:i:s' ) );
        $this -> db -> where ( 'bans.banned_user', $user_id );
        $query = $this -> db -> get ( );
        
        return $query -> num_rows ( );
    }

this seems to work fine now, after i changed sess_destroy() to unset_userdata();. So thank you, I think