OPINIONS WANTED
Posted on
16th Feb 2014 07:03 pm by
admin
This is my login page code, and I want your opinion on it please!
Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy
No comments posted yet
Your Answer:
Login to answer
344 
5 
Other forums
Uploading Filetypes and placing them in seperate folders.
Hello,
first post , and asking for help im afraid. Very new to PHP, was making good progress
curl javascript problem
Hi Experts.
I'm new curl and wanna to get some info from this http://www.amadeus.net/
when
connect() succeeds but accept() does not?
Please help me with this problem. I'm working on a time-sensitive project where I'm using TCP socket
IIS7 and getimagesize() problem
I have just discovered after hrs of trying to fix a problem where it's coming from. It's to do with
php automatically escaping single quotes
I'm trying to test out my security a bit and I've noticed that php is escaping my single quotes. For
undefined offset help
Hi All,
I kept getting undefined offset PHP notice for a simple for loop. For eg
$va = arr
update post issues
I am trying to create an update to a post function, while the update does occur, the page routing an
am I using this for loop correctly
Dear buddies!
Right now I am generating a report with some details for all the dealers.Help on Order Entry Form/System Where is best to begin.
I have a dilema and a very short amount of time at this point and I'm looking for some help on decid
preg-match with a string and numbers
Hi, I can't get the expression to work for my preg_match, what I'd like is for it to match the strin
