OPINIONS WANTED


Posted on 16th Feb 2014 07:03 pm by admin

This is my login page code, and I want your opinion on it please!

Code: // Login ~ CHECKS THE (USERNAME/PASSWORD) ENTERED BY THE USER THEN EITHER GRANTS ACCESS OR DENIEDS ACCESS
case "Login":
Did you know?Explore Trending and Topic pages for more stories like this.
if(!preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Username"]) || !preg_match("/^[a-z0-9]{2,20}$/i", $_POST["F_1_Login_Password"])){
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
if(!$Login_Error){
$Login_Username = $DB->real_escape_string($_POST["F_1_Login_Username"]);
$Login_Password = $DB->real_escape_string(md5($_POST["F_1_Login_Password"]));
$Login_Check = $DB->query("SELECT id,username,account_status,suspended_timestamp FROM members WHERE username='$Login_Username' && password='$Login_Password'");
$Login_Status = $Login_Check->num_rows;
$Login_Information = $Login_Check->fetch_object();
if($Login_Status){
if($Login_Information->account_status == 0){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}elseif($Login_Information->account_status == 1){
if($Login_Information->suspended_timestamp < $TIMESTAMP){
if(!QUICK_STATUS_CHECK($DB,$Login_Information->id,$TIMESTAMP)){
$_SESSION["USER_ID"] = $Login_Information->id;
$USER_ID = $Login_Information->id;
$DB->query("UPDATE members SET account_status='0' WHERE id='$USER_ID'");
$DB->query("UPDATE members SET last_action='$TIMESTAMP' WHERE id='$USER_ID'");
}else{
$Login_Error = "YOU ARE CURRENTLY LOGGED IN ALREADY";
}
}else{
$Login_Error = "ACCOUNT SUSPENDED FOR 24 HOURS";
}
}else{
$Login_Error = "ACCOUNT BANNED";
}
}else{
$Login_Error = "INCORRECT ACCOUNT INFORMATION";
}
}
if($USER_ID){
TEMPLATE(0,0);
SMOOTH_REDIRECT("Redirecting","index.php");
TEMPLATE(1,0);
}else{
LOGIN_FORCE($USER_ID, $Login_Error);
}
break;
The code above works 100%, I just want to see if I missed any security things or programmed it crappy
No comments posted yet

Your Answer:

Login to answer
344 Like 5 Dislike
Previous forums Next forums
Other forums

Help pulling in 'id' with "read more" link
I'm trying to create snippets of my articles in the cms I'm creating, and then have them redirect to

PHP and Javascript
Hi Guys,

Im trying to load the contents of an html file into a text area for editing, this is

Changes to hosting company's server has affected web contact form
I started a thread a couple of months ago about the contact forms on my client's website. Basically

How to display value in drop down list after form has been reloaded
Please bear with me as I am very new to php and html.

I have a form with several drop down me

How to read CSS message data
Hi,
I have a requirement here. When working as a Dev angel for multiple customers its really di

Paypal
Hi all,

I have an advanced basic knowledge of php

I want to try something new for a s

Pspell with my own dictionary
Hello!
I've tested two cases using pspell functions.
1)
Code: $dictionary_link = pspell_new

How to pass parameter to tag query?
Hi,
I want to get the value of a tag at a specific time (like 10/27/09 15:29:59), I need to giv

validating url
im trying to validate url's sent to me by a form
the url's im collecting are for placing banners

my login script page is not working on remote computers
hi my login is working on my computer, but when i tried 2 computers from 2 different locations, they

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash