OPINIONS WANTED
Posted on
16th Feb 2014 07:03 pm by
admin
This is my login page code, and I want your opinion on it please!
Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy
No comments posted yet
Your Answer:
Login to answer
344 
5 
Other forums
How to Create a Dynamic table
col1 col2 date1 date2 date3 date4..........
a b v1 v2 v3 v4
Header is not working in IE
Hi ! header function is not working in IE but it works in FF, Safari, Chrome. any help please. :
my sql select id and then update problem.
I need to select some auto incremented ids out of a database and then use those id in a where statem
Navigation include for all site directories
Hi,
I need a navigation include that can deal with directories at different levels on a site.
Display search result
Hi!
I have a SQL database with information about albums and track (music).
This is wh
Select question
Hi,
First I would like to say that php is pretty new for me..
so please don't shoot me if
How to calculate days from variable date?
This will be easy for one of you gurus. I want to fetch the date from a variable date, for example:<
How to convert this array to string
I am having problems converting this array to a string
using print_r($val[1]); I get:
Code: [
BSP Ext - tableView - Sort - NEWBIE
Hi,
I have been trying to get the sort to work. I have defined the column definitions by fillin
login box shows up again after logging in 2nd login works
Hello,
I am having trouble on my site Lockerz.rack111.com where when you login the login box
