|
-
Apr 5th, 2007, 04:05 PM
#1
Thread Starter
Addicted Member
Best way to do a login? [Advice Needed, Not Help]
Hi, I have been working on one of my more harder PHP applications for the last few weeks and I am nearing the finality of it and it is almost ready to be handed over to the people I am developing it for. However, I wanted to make sure that I was doing my login script to the best of security and speed.
Any advice would be nice as I do want this to make great turnout for me.
(PS: The MYSQL_SERVER caps is not a bleep, those are defines in the config file)
PHP Code:
<?
include('includes/config.php');
$r_username = $_POST['username'];
$r_password = $_POST['password'];
if (!mysql_connect(MYSQL_SERVER, MYSQL_USERNAME, MYSQL_PASSWORD))
{
echo "Error connecting to mysql server!";
}
else
{
mysql_select_db(MYSQL_DATABASE);
}
$query = sprintf("SELECT * FROM Users WHERE Username='$r_username' AND ASCII(Password='$r_password')", mysql_real_escape_string($r_username),
mysql_real_escape_string($r_password));
$result = mysql_query($query);
if (!$result)
{
$num = "This Username or Password is Invalid";
}
else
{
$num = mysql_num_rows($result);
}
if ($num == "This Username or Password is Invalid")
{
echo "Error! You can not proceed with an invalid account!";
}
elseif($num != 0)
{
if (MAINTENANCE == true)
{
if ($r_username == ROOT_USERNAME and $r_password == ROOT_PASSWORD)
{
setcookie("admin_MMM", "true");
setcookie("account", $r_username);
setcookie("account_password", $r_password);
setcookie("MECHNET_LOGGED_IN", "true");
echo "Welcome back Administrator $r_username! Redirecting...";
?>
<script type="text/javascript">
<!--
setTimeout("location.href='<? echo MODEL_URL; ?>'",5000)
//-->
</script>
<?
}
else
{
echo "Error, the application is currently in MAINTENANCE MODE, non-admins are not allowed to login at this time";
}
}
else
{
if ($r_username == ROOT_USERNAME and $r_password == ROOT_PASSWORD)
{
setcookie("admin_MMM", "false");
setcookie("account", $r_username);
setcookie("account_password", $r_password);
setcookie("MECHNET_LOGGED_IN", "true");
echo "Welcome back Administrator $r_username! Redirecting...";
?>
<script type="text/javascript">
<!--
setTimeout("location.href='<? echo MODEL_URL; ?>'",5000)
//-->
</script>
<?
}
else
{
setcookie("admin", false);
setcookie("account", $r_username);
setcookie("account_password", $r_password);
echo "Welcome back $r_username, redirecting...";
?>
<script type="text/javascript">
<!--
setTimeout("location.href='<? echo MODEL_URL; ?>'",5000);
//-->
</script>
<?
}
}
}
else
{
echo "There was an error in accessing account information";
}
?>
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote