<![CDATA[Code The World — Simple login form]]> https://codetheworld.com/viewtopic.php?id=77 Mon, 16 Jun 2008 04:10:59 +0000 PunBB <![CDATA[Simple login form]]> https://codetheworld.com/viewtopic.php?pid=219#p219 
function login(){
    
    switch($_GET['op']){
    
        case 'submit':
        $clean = array();
        $mysql = array();
    
        $now = time();
        $max = $now - 30;
    
        $salt = $sitekey;
    
        if (ctype_alnum($_POST['username'])){
          $clean['username'] = $_POST['username'];
        
        }else{
          
          echo $loginform;
       
        }
    
        $clean['password'] = md5($salt . md5($_POST['password'] . $salt));
        $mysql['username'] = mysql_real_escape_string($clean['username']);
    
        $sql = "SELECT last_failure, password, access_level
                FROM   users
                WHERE  username = '{$mysql['username']}'";
    
        if ($result = mysql_query($sql)){
        
          if (mysql_num_rows($result)){
          
            $record = mysql_fetch_assoc($result);
            $access = $record['access_level'];
            
            if ($record['last_failure']> $max){
              /* Less than 15 seconds since last failure */
              echo "Less than 30 seconds since last failure";
            
            }elseif ($record['password'] == $clean['password']){
                
                $user = $mysql['username'];
                session_start();
                $_SESSION['access_level'] = $access;
                $_SESSION['username'] = $user;
              
             echo "<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=index.php\">"; 
            
            }else{
            
              /* Failed Login */
    
              $sql = "UPDATE users
                      SET    last_failure = '$now'
                      WHERE  username = '{$mysql['username']}'";
    
              mysql_query($sql);
              
              echo "Login Failed Username Not Found or Wrong Password";
            }
          
          }else{
          
            /* Invalid Username */
            echo "Invalid Username!!";
          }
          
        }else{
          /* Error */
          echo "System Error!!";
        }
        
        break;
        
        default:
        echo "<blockquote><form action=\"login.php?action=login&op=submit\" method=\"post\" enctype=\"application/x-www-form-urlencoded\">
                  <label>Username<br>
                  <input type=\"text\" name=\"username\">
                  </label>
                  <br>
                  <label>Password<br>
                  <input type=\"password\" name=\"password\">
                  </label>
                  <br>
                  <label>
                  <input type=\"submit\" name=\"Submit\" value=\"Login\">
                  </label>
                </form></blockquote>";
        break;
        
    
    }
}
]]> Mon, 16 Jun 2008 04:10:59 +0000 https://codetheworld.com/viewtopic.php?pid=219#p219