Jump to content

Improving this login function?

TeddyKiller

By TeddyKiller
in PHP Coding Help

Recommended Posts

TeddyKiller Advanced Member

TeddyKiller

Posted
Posted

I have a function which works. Although I'm looking for a cleaner method of dealing with it.

Perhaps with returns, and a function to handle errors.. ?

 

I'm grouping the login pieces together, including registration etc. Different functions of course. So just wanting it as clean and awesome as possible..

You'll probably be noticing this "function" buisness alot. Probs with classes and everything else I can get my head around.

 

The function works, as it was a copy and paste with some things. In my form I have.. 

if(isset($_POST['submit'])) { handle_login($_POST); }

feel free to change it though if nessecary.

 

Function

function handle_login($_POST) {
    $username = clean($_POST['username'],1,0,2);
    $password = clean($_POST['password'],1,0,0);
    
    $pwd = md5(strtolower($username).$password);
    
    if(empty($username) || empty($password) || $username == 'username' || $password == 'password'){
        $errors[] = 'You have left empty fields. Please fill them in.';
    } else {    
        $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$pwd' LIMIT 1");
        if(mysql_num_rows($query) == 0){
               $errors[] = 'Your username or password is incorrect. Please try again.';
        } else {
            $logged = mysql_fetch_array($query);
            
            if($row['activated'] == 0){
                $errors[] = 'Your account is not activated.';
            }
            
            // We then check if the user is banned
            $query = mysql_query("SELECT expiredate FROM banned WHERE username = '$username'");
            if(mysql_num_rows($query) == 1){
                $row = mysql_fetch_array($q);
                if($row['expires'] > time()){ 
                    $errors[] = 'You are banned until '.date("d/m/Y H:i:s", $row['ExpireDate']).'!';
                } else { 
                    $query = mysql_query("DELETE FROM banned WHERE username = '$username'");
                }
            }

            if(!isset($errors)){
                $used = $logged['times_logged'] + 1;
                $loggedn = time();
                   $query = mysql_query("UPDATE users SET times_logged='$used', last_login='$loggedn' WHERE username = '$username'");

                $_SESSION['uid'] = $row['id'];
                $hash = sha1($row['id'] . $_SERVER['REMOTE_ADDR'] . $secret_key);
                $_SESSION['hash'] = $hash;
        
                if(isset($_POST['keep']) == checked){
                    $time = time() + 60*60*24*1000;
                    setcookie(HSC5739487932, $hash, $time); 
                }
                
                header("location: /main.php");
            } else {
                echo '<style>#error{display:block;}</style><center>';
                foreach($errors as $error) { echo $error; }
                echo '</center>';
            }
        } 
    } 
}

Link to comment
https://forums.phpfreaks.com/topic/199273-improving-this-login-function/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.