PHP check script

11/26/2009 11:30 ҉ THT ҉#1
I think its wrong selection , but oke.

Where can i set limit to the user names
So ppl cant add "$, ^, %, etc"??

Code:
*/

//settings

$sleep = 1; //idle status for script if password is wrong?

//settings end

$ws_pwd=md5($_POST['pwd']);
include("_mysql.php");
include("_settings.php");

$ws_user = $_POST['ws_user'];

$check = safe_query("SELECT * FROM ".PREFIX."user WHERE username='$ws_user'");
$anz = mysql_num_rows($check);

if($anz) {

	$check = safe_query("SELECT * FROM ".PREFIX."user WHERE username='$ws_user' AND activated='1'");
	if(mysql_num_rows($check)) {

    $ds=mysql_fetch_array($check);
	
		// check password
		$login = 0;
		if($ws_pwd == $ds[password]) {

    	//session
    	session_name('ws_session');
    	session_start();
    	$_SESSION['ws_auth'] = $ds['userID'].":".$ws_pwd;
    	$_SESSION['ws_lastlogin'] = $ds[lastlogin];
    	$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
    	//cookie
			setcookie("ws_auth", $ds['userID'].":".$ws_pwd, time()+($sessionduration*60*60));
			$login = 1;
		}
		elseif(!($ws_pwd == $ds[password])) {
      if($sleep) sleep(5);
	   	 $error='You have entered an invalid password.<br><br><a href="javascript:history.back()">Go back and try it again!</a>';
		}
	}
	else $error='Your account is not activated.<br><br>
					  <a href="javascript:history.back()">Go back and try it again!</a>';

}
else $error='No user with username <b>'.htmlspecialchars($ws_user).'</b> available.<br><br>
					  <a href="javascript:history.back()">Go back and try it again!</a>';

?>
<html>
<head>
<title><? echo PAGETITLE; ?></title>
<link href="_stylesheet.css" rel="stylesheet" type="text/css">
<?php if($login) { echo '<meta http-equiv="refresh" content="1;URL=index.php?site=loginoverview">';$error = 'Login successful!'; } ?>
</head>
<body bgcolor="<?php echo PAGEBG; ?>">
<table width="100%" height="100%">
  <tr>
    <td align="center">
	  <table width="350" border="1" cellpadding="10" cellspacing="0" bordercolor="<?php echo BORDER; ?>" bgcolor="<?php echo BG_1; ?>">
	    <tr>
		  <td align="center"><? echo $error; ?></td>
		</tr>
	  </table>
    </td>
  </tr>
</table>
</body>
</html>
11/26/2009 12:16 janvier123#2
PHP Code:
    if(!preg_match("/^[0-9a-zA-Z]{3,15}$/i"$_POST[username])) $errors[]="You are only alowed to use uppper and lower cases in English in your username."
PHP Code:
    if(strlen($_POST[username])<3$errors[] = "The length of your username can't be less than 3 characters";
    if(strlen($_POST[username])>15$errors[]= "The length of your username can't be more than 15 characters"
PHP Code:
    if(sizeof($errors)>0){
       $errorStr .= "<br><font>";
       $errorStr .= "You have the following error(s):";
       foreach($errors as $error)
               $errorStr .= "<li>$error</li>";
       $errorStr .= "</font><br><br>";
    } 
11/26/2009 13:55 ҉ THT ҉#3
Am gonna try it soon
11/26/2009 14:45 janvier123#4
what are you trying to create anyway ?
register page with odbc crap ?
11/26/2009 17:32 ҉ THT ҉#5
No its for me friend XD
he got a website ,, but you can make names like $user_&^#4eblalbla
:D
------------------------
And it work +can close
11/26/2009 17:54 janvier123#6
use

PHP Code:
[0-9a-zA-Z