OPINIONS WANTED


Posted on 16th Feb 2014 07:03 pm by admin

This is my login page code, and I want your opinion on it please!

Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy

No comments posted yet

Your Answer:

Login to answer
344 Like 5 Dislike
Previous forums Next forums
Other forums

Count of reciepients in php mailer
How can i sent a mail to large no of reciepients say 10,00,00 Using PHP MAILER

Alterar a hora do servidor
Se alguém souber, ajude-me a adicionar 6 horas, obrigado
<tr>
&

DATEDIFF Question
First time post, and of course it is a help question.

I am using a WP plug-in to display prev

Error in Configure System Landscape Directory phase
Hi

We are getting the error in Configure SLD phase ( 41 of 44 phase).

Please f

'grab_files', multiple extension?
hey guys,

can anyone suggest a way to make to following line of code look for files with more

Help on query replacing the date
Hi Pals,

i want to replace the current date in a column to some value say C or D or any n

CURL XML Request [From C to PHP]
Hi,

I need some help converting this into something that will work with PHP.

Code: #

Placing and array within an array then sorting it!
I have a page that runs two large mysql queries and saves the results into arrays, in php I then per

Advice on how to delete a mysql row using my form
Hi,

I am very new to php and am struggling to work out how to delete a portfolio item (a row

Issues: PHP Forms -Clearing
I've tried looking online before actually asking for help, but I've been looking for about the past

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash