Okay I'm making progress earlier i made post similar to this after people trying to help i decided to re-write my code so it's cleaner and less dis-functioned and messy.
But the problem is my Ban Line
echo '<div class="alert alert-block alert-danger fade in"><button type="button" class="close close-sm" data-dismiss="alert"><i class="fa fa-times"></i></button><strong>Oops!</strong> Your account has been banned. '.$ban.'</div>';
Doesn't echo when user is banned i log into my site with a test banned account it say's.
Oops! Incorrect username or password entered!
Can someone help me fix this one little issue my code is below and a lot cleaner to get your head around.
<?php
if (!($user -> LoggedIn()))
{
if (isset($_POST['logINBoss']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$errors = array();
if (empty($username) || empty($password))
{
$errors[] = 'Please enter your username and password.';
}
if (!ctype_alnum($username) || strlen($username) < 4 || strlen($username) > 15)
{
$errors[] = 'Username must be 4-15 characters and alphanumeric only!';
}
if (empty($errors))
{
$captcha = htmlspecialchars($_POST["g-recaptcha-response"]);
$secret = $odb->query("SELECT `google_secret` FROM `admin` LIMIT 1")->fetchColumn(0);
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secret."&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
$response = json_decode($response);
if (!$captcha || $response->success == false)
{
echo '<center><div class="alert alert-icon alert-danger alert-dismissible fade in" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button><i class="mdi mdi-check-all"></i>Invalid Captcha Code Entered!</div></center>';
} else {
$SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
$SQLCheckLogin -> execute(array(':username' => $username, ':password' => SHA1($password)));
$countLogin = $SQLCheckLogin -> fetchColumn(0);
if ($countLogin == 1)
{
$SQLGetInfo = $odb -> prepare("SELECT `username`, `ID`,`status` FROM `users` WHERE `username` = :username AND `password` = :password");
$SQLGetInfo -> execute(array(':username' => $username, ':password' => SHA1($password)));
$userInfo = $SQLGetInfo -> fetch(PDO::FETCH_ASSOC);
$status = $userInfo['status'];
$userid = $userInfo['ID'];
$userip = $_SERVER['REMOTE_ADDR'];
if ($status == 1)
{
$SQL = $odb->prepare("SELECT `reason` FROM `bans` WHERE `username` = :username");
$SQL->execute(array(':username' => $username));
$ban = $SQL->fetchColumn(0);
echo '<div class="alert alert-block alert-danger fade in"><button type="button" class="close close-sm" data-dismiss="alert"><i class="fa fa-times"></i></button><strong>Oops!</strong> Your account has been banned. '.$ban.'</div>';
}
elseif ($status == 0)
{
$username = $userInfo['username'];
$logAddr = $odb->prepare("INSERT INTO `loginip` (`username`,`ip`,`date`,`http_agent`) VALUES (:user, :ip, UNIX_TIMESTAMP(NOW()), :agent);");
$logAddr->execute(array( ":user" => $username, ":ip" => $_SERVER['REMOTE_ADDR'], ":agent" => $_SERVER['HTTP_USER_AGENT']));
$_SESSION['username'] = $userInfo['username'];
$_SESSION['username'] = $userInfo['username'];
$_SESSION['ID'] = $userInfo['ID'];
echo '<div class="alert alert-block alert-success fade in"><button type="button" class="close close-sm" data-dismiss="alert"><i class="fa fa-times"></i></button><strong>Success!</strong> You have logged in successfully. Redirecting..
</div><meta http-equiv="refresh" content="3;url=index.php">';
}
}
else
{
echo '<div class="alert alert-block alert-danger fade in"><button type="button" class="close close-sm" data-dismiss="alert"><i class="fa fa-times"></i></button><strong>Oops!</strong><br>Incorrect username or password entered!</div>';
}
}
}
}
}
?>
Aucun commentaire:
Enregistrer un commentaire