OPINIONS WANTED


Posted on 16th Feb 2014 07:03 pm by admin

This is my login page code, and I want your opinion on it please!

Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
Did you know?Explore Trending and Topic pages for more stories like this.
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy
No comments posted yet

Your Answer:

Login to answer
344 Like 5 Dislike
Previous forums Next forums
Other forums

Remove letter from numeric textbox
I have a textbox that will search the employee database by entering in the employee ID and it will r

Uploading/Downloading files stored in MySQL database
Hey all,

This problem just came up in my website and I'm having a hard time figuring out what

PHP code for a proxy
I was wondering which function I could use to create an online proxy tool. I was thinking cURL would

simplexml and xpath - Need some help
Hello,

I am trying to parse an xml which comes back from Amazon and I am trying to know how m

Inter Company -- Resources Related Billing (Services Industry)
Hello,

My company has a scenario where:
Company A bills Company C for INTER (cross

PHP / MySQL Associative Multidimensional Array:
Hello.

I have data in a MySQL Table that adheres to the below: (note, no index, could add if

CE 7.1 and External GIS integration
Hi All,

We want to develop an application on CE 7.1 which uses GIS features from an exter

Adding Outlook 2007 items via file upload
I am looking for a way to be able to attach an Outlook item (an email message) in an ASP.NET 3.5 app

how to configure ADS in ABAP instance
Hi All,

I am working on r/3 4.7 ABAP system.Can we configure ADS(adobe document services)

Problem with coding MySQL query
I'm having heaps of trouble getting one of my PHP/MySQL queries to work for some reason (and the fun

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash