OPINIONS WANTED

Posted on 16th Feb 2014 07:03 pm by admin

This is my login page code, and I want your opinion on it please!

Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy

Your Answer:

Login to answer

Other forums

Simpler method of getting variables from mysql
Hi Guys,

I'm trying to streamline my CMS's code and as I was writing a new page it occured to

Company Code for Vendors created through Business Partners
Hi, experts!

I'm trying to set up the integration between Business Partner (BP) and Vendo

please hep to get values from a table row
can anyone tel me how I can select and get data from one row by pressing an Edit button in that row

confused between ' ' and " "
there is a php i set:
$begin_date_query = mysql_query( "SELECT SUBDATE(due_date, INTERVAL $d

Is it possible to stop reservation creation in PM Order?
Hi All,

Is it possible to stop reservation creation in PM Order?

Thanks in adv

empty() error
Why does

Code: empty($USER_ID = $_SESSION["USER_ID"])
create this error...

Checkbox info wont include in Mailto
Hey, im new to php.
Basically I have made a form to request which type of job(s) are needed, whic

PEAR in appliactiond development
When I was picking up PHP I went from procedural programming, fairly quickly into OOP, then after wr

Including calander to page - will not show other months than current??
im trying to add an existaing calander onto a profile page by using Code: <?php include "

Onclick problem in Firefox
Hi,
I am using a . It doesn't seem to