OPINIONS WANTED
Posted on
16th Feb 2014 07:03 pm by
admin
This is my login page code, and I want your opinion on it please!
Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy
No comments posted yet
Your Answer:
Login to answer
344
5
Other forums
Little problem with form insertion in MySQL, Please help!!!
Hi!,
I'm a little bit new with php and I have a little issue here. I created a webform to ins
pls clear my confusion
Hi friends,
Pls solve my query .
what is the exact use of Scope Resolution Operator( i
How to use Ajax to verify data on a DB ?
Hello everyone, well i want to know how to check a value if it exists or not on a Data base and capt
Production Order Enterprise Service to Manufacturing Exctn Sys (MES) ???
Hello Experts,
In our current landscape SAP ECC 5.0 is integrated to MES system via PI 7.
a function to check directory depth
I'm working on a php script to upload files in to a set directory.
the user can select to upload
Displaying image pathname instead of image
Hello
Im trying to upload and then display images from a mysql database - Its only basic and
New to Arrays
Hi I am new to PHP (a week and a half now) and I am just beginning to read about arrays. I understan
Display error above the login forum help!
Hi guys. just so you know im not asking for someone to do this for me I just need to be pointed in t
Procedural to OOP
ohn Kleijn said that to avoid writing "crappy code", we should learn OOP and common OO pri
How to display value in drop down list after form has been reloaded
Please bear with me as I am very new to php and html.
I have a form with several drop down me