OPINIONS WANTED
Posted on
16th Feb 2014 07:03 pm by
admin
This is my login page code, and I want your opinion on it please!
Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy
No comments posted yet
Your Answer:
Login to answer
344 
5 
Other forums
The control with ID 'ace' requires a ScriptManager on the page
I'm trying to add a simple AlwaysVisibleControlExtender to my page, but it's not working. I get the
How to generate a text file using php...?
Hi,
Can anyone give me code to generate a text file using php
Thanks in advance
How can you detect variable string in a massive string?
Ok guys, i need some help with this one.
I am going to be getting a large string, like 10-20
breaking a text file into paragraphs based on strings
I have a text file of email addresses that is all squished together. It looks like this:
abc
close site for maintenance
i get a tutorial, saying the following code can put our site offline, and only the developer can vie
Sub-domains & calling unique content
Hello,
Is there a way use something similar to the $_GET function for a sub-domain? I to be a
Ignore html and bbcode?
I've created a function to limit the amount of text according to the amount of words.
However
Putting double spaces instead of single spaces
Im looking at trying to replace all single spacing between fields with double spacing
At pres
Function
How can I make this function that once you click the link in the code it takes you to a new page wit
PHP mail() rejected by SMTP
I'm currently working on a newsletter application which is installed on a windows 2003 server runnin
