OPINIONS WANTED


Posted on 16th Feb 2014 07:03 pm by admin

This is my login page code, and I want your opinion on it please!

Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
Did you know?Explore Trending and Topic pages for more stories like this.
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy
No comments posted yet

Your Answer:

Login to answer
344 Like 5 Dislike
Previous forums Next forums
Other forums

Filtering Tables
Hello Thanks for any help any one can give Im very new to PHP..

I need to pull data for clien

Problem with DB connection
Hello there! I'm new to this forum and I'm new to PHP coding also. I wrote something that doesn't ma

Protecting forms
Alright, I want to protect some forms of mine from SQL Injections, because I had someone earlier spa

Sequre login with cookies.
I want to build secure login with cookies. I just want your ideas about this, your suggestions. What

getting rid of quotes in strings
sick of trying to deal with them in multiple ways (entering in and taking from database, echoing, ec

Curl & sessions PLS HELP
Hello,

I have a problem with curl and sessions and i will try to explain the best i could.

Port scanner problem
Hai
recently i developed one app through which u can check the opened and closed ports under an

Problems with strings containing
Hey all,

I have encountered something strange in a script. I am trying to write an XML heade

Standard DES encryption script?
Can anybody point me to a tutorial or a short script that shows how to encrypt some text with salt i

Calling variables
I want to call this to my website but it doesn't display what I want it to,

Code: <h5&

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash