Basic question here.
I have a MySQL database full of usernames, passwords, and ID's. To log in, they use a form that checks data in the database, and if it matches, it sets 2 cookies - clanid set to their ID, and clanname set to their name. Theoretically, to check to see if they're logged in or not, all I would need to do is either have an !isset($cookie) code at the top of every restricted page.
Anyways, here's my question...if you delete a user, but they still have the cookie on their computer, how would I keep that user from being able to access the restricted areas? I'm thinking maybe add a "restricted" setting to the table, and when the user accesses the site, it checks the database with their user id to see if restricted=1 or something, and deletes their cookie, then deletes their info from the database.
I'd appreciate any help.