This is my login page code, and I want your opinion on it please!
Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy
Variable uses and placement
I'm new to PL/SQL and am trying to learn about variable valid uses/placement (any pointers to any docs is appreciated...)
How to assign JS screen.width to ASP.Net variable
I've got this ASP.net routine that gets the cookie value of the screen width, but now I need to change it so that it gets the width using Javascript, in case the users don't have cookies enabled.
New Search Engine problem
Hey everyone,I have a ZIP Code Radius search engine already functional. it displays all of the ZIP codes within a specified mileage around a central ZIP code.I have an auction site that the client
convert PHP array to Javascript array
I have a page that gets a request sent from AJAX, and I am trying to convert a PHP array to a javascript array. is this possible? I tried with Json_encode but it doesn't seem to work. is there
CHMOD script
Hi,I need a script to read all files in a folder and set to 777.Can anyone help out please?
Session variable help
I'm having a very troubling issue. Maybe I'm just looking over something but I have looked at the code for several hours now, making small adjustments here and there to try to fix this problem.
insert PHP code into function
Hi,I'm having problems when trying following:I have:Code: [Select]createBar("Download: <b>$kwd</b><Br />", "100%")and I'm trying to
Problem in OnClientClick and OnClick sync
Hi,Strange and irritating problem:
upload only text files
hi guys i want to upload only text like like (pdf,note pad and ofiice files) so can any one please tell me how can i restrict that
php - xml what is the best way to do this.
IN essence I want to have a script calling the info from the database.. I have no problem thus far, next I want to take said data and write it to an xml file. no problem here either. I think I have