OPINIONS WANTED

Posted on 16th Feb 2014 07:03 pm by admin

This is my login page code, and I want your opinion on it please!

Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy

Your Answer:

Login to answer

Other forums

Thread in PHP
Thread in PHP
Some basic use and basic code for thread in php
This is my question?

My query is being run with no results.
I have this.

Code: function DropUser($duser_id, $user_email, $user_username) {

Mouseover to edit (Ajax)
hi friends, can anyone help with the code behind to get this application working, please in VB (new

Server side $_SESSION
how does one keep the session completely server side. no cookies to the browser at all. i need this

Any decent php formatter/beautifier/pretty printer?
Any decent php formatter/beautifier/pretty printer class/function?

I found the following whil

difference between datetimes
($row['totime']-$row['fromtime'])/60

this is giving me 0

example of totime and fromtim

do while conditions
i want to display 6 images in a 2x3 table
now what would be the correct logic to
count that th

Inserting multiple records from single form
I've found a number of threads that deal with this issue, but I'm new to php and coding language so

Beginner PHP code help
Hi I'm new to php but if someone could please read the question below and help it would be great.

need help about
i store the value of my select statement result to an array and stored it to a variable named $fname