OPINIONS WANTED
Posted on
16th Feb 2014 07:03 pm by
admin
This is my login page code, and I want your opinion on it please!
Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy
No comments posted yet
Your Answer:
Login to answer
344 
5 
Other forums
How to form a xml form table with a single sql statement..?
Hi everyone,
I don't know if this is going to be a duplicate thread but i couldn't
How to kill asynchronous postback / current postback?
Hi,here is my problem:I have a web site with many pages of which some may take time to process resul
Writting a script to arrange images........ need some help
Ok so here is the link
http://hmtotc.com/dev/projects/vrassociates/jeweler_dev/admin/index.ph
Format timestamp from mysql
When I tried this:
Code: date("m/d/Y H:i A", $row['timestamp'])
I got 12/31/1969 18:
Fatal error: Call to a member function fetchrow() on a non-object in C:xamppht
okay i have this query and everytime i add `item_id`=? to it... it gives me the error in the title..
Undefined Variable: PHP_SELF, pls help
Hi,
Im a newbie on PHP / MySQL programming and Im running a script to search one field on my
Production Order Enterprise Service to Manufacturing Exctn Sys (MES) ???
Hello Experts,
In our current landscape SAP ECC 5.0 is integrated to MES system via PI 7.
upload photo limits
ive got a upload photo script and im just trying to make more secure currently it limits size and as
need help in dynamic select menu in php
hi i have created a dynamic select menu using php. i have a problem in that which is when the user s
urldecode question
How would I format this line of code properly?
<?php echo urldecode($_GET['Title']); ?
