Jump to content
MakeWebGames

Question


Cronic

Recommended Posts

Is my Login script secured now?

 

<?
include 'nliheader.php';

if(isset($_POST['submit'])){
 $username = $_POST["username"];
 $username = addslashes($username);
 $password = $_POST["password"];
 $password = addslashes($password);


$result = mysql_query("SELECT * FROM `grpgusers` WHERE `loginame`='$username'") or die (Message("Sorry, your username and password combination are invalid."));
$worked = mysql_fetch_array($result);

$ban1 = mysql_query("SELECT * FROM `bans` WHERE `id` = '".$worked['id']."' AND (`type` = 'freeze' OR `type` = 'perm')");
$ban = mysql_num_rows($ban1);

  if ($_SESSION['AntiSpamImage'] !== $_REQUEST['anti_spam_code']) {
 // set antispam string to something random, in order to avoid reusing it once again
 $_SESSION['AntiSpamImage'] = rand(1,9999999);
echo Message('<div>The verification code you entered is invalid.</div>');

} else {

if($worked['password'] == $password) {
	if ($worked['activate'] != "0") {
	  echo Message(' Your account has not yet been activated. If you have lost the email you can have it send again by clicking <a href="sendactivate.php">here</a>.');
	  include('nlifooter.php');
	  die();
	}

	if($worked['ban/freeze'] == 1 || $ban > 0) {
	echo Message(' Your account has either been banned or frozen. Please check back in a few days to see if it has been lifted.');
	  include('nlifooter.php');
	  die();
	}

	echo Message('Please wait, you are being logged in. Do not press the back button.<br />If you still see this page after 10 seconds you may want to try re-logging in.');
	echo '<meta http-equiv="refresh" content="1;url=index.php">';
   	$_SESSION["id"] = $worked['id'];
	include('nlifooter.php');
	die();

 } else {
   echo Message('Sorry, your username and password combination are invalid.');
 }
 }
 }

?>
<div id="right_c"><div class="g_content"><h3>  Login</h3></div><div class="g_text">
<form name='login' method='post' action='login.php'>
<table width='60%' border='0' align='center' cellpadding='0' cellspacing='0'>
<tr>
<td width='35%' height='27'><font size='2' face='verdana'>Username: </font></td>
<td width='65%'><font size='2' face='verdana'>
<input name='username' type='text' size='22' value="<?php echo md5($_POST['username']); ?>">
</font></td>
</tr>

<tr>
<td height='24'><font size='2' face='verdana'>Password </font></td>
<td><font size='2' face='verdana'>
<input name='password' type='password' size='22' value="<?php echo md5($_POST['password']); ?>">
</font></td>
<tr>

<td><font size='2' face='verdana'>
<br />
<input type='submit' name='submit' value='Login'>
</font></td>
</tr>
</tr>
</table>
</form>
</div>
</div>
<?
include 'footer.php';
?>

Edited by Cronic
Link to comment
Share on other sites

  • 2 weeks later...

Hmm ok. so it would be better to make it like:

 

if(isset($_POST['sumbit'])){
$username = $_POST["username"];
$username = mysql_real_escape_string($username);
$password = $_POST["password"];
$password = myql_real_escaoe_string($password);

 

Thanks for the help by the way. :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...