OPINIONS WANTED
Posted on
16th Feb 2014 07:03 pm by
admin
This is my login page code, and I want your opinion on it please!
Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy
No comments posted yet
Your Answer:
Login to answer
344 
5 
Other forums
AUTONUMBER PROBLEM
Hello Everyone,
My name is Jones and i am new to this forum and to oracle. I am using ora
Check something, wait, check again, do something!
Hi guys.
I wonder if someone can help me with this.
Basically, what I want to do is (
MS are the best!!!
Visit http://www.microsoft.com/australia/windows/default.aspx?h=watch-a-demo and click the massive '
my code does not work.
I have a code problem.
Quote"<a href=index.php?gogo=ureticidetay&'?l={$le
Is it possible to stop reservation creation in PM Order?
Hi All,
Is it possible to stop reservation creation in PM Order?
Thanks in adv
Loop Through Date Range
Hi guys,
I have date range as parameter like 01/JAN/2009 TO 16/JAN/2009 now i want to loop thro
User feedback after MySQL query has been executed
Hi all, I've just registered on PHPFreaks because I've got a question that I simply can't work out b
Undefined Variable: PHP_SELF, pls help
Hi,
Im a newbie on PHP / MySQL programming and Im running a script to search one field on my
Convert .fdf to .pdf
I currently have a web form that uploads the form data to an .fdf file and emails it.
However
Files in current folder. Should be an easy fix.
Never mind. I've asked about this before and just found my answer. Anyway to delete this?
