Where can i set limit to the user names
So ppl cant add "$, ^, %, etc"??
Code:
*/
//settings
$sleep = 1; //idle status for script if password is wrong?
//settings end
$ws_pwd=md5($_POST['pwd']);
include("_mysql.php");
include("_settings.php");
$ws_user = $_POST['ws_user'];
$check = safe_query("SELECT * FROM ".PREFIX."user WHERE username='$ws_user'");
$anz = mysql_num_rows($check);
if($anz) {
$check = safe_query("SELECT * FROM ".PREFIX."user WHERE username='$ws_user' AND activated='1'");
if(mysql_num_rows($check)) {
$ds=mysql_fetch_array($check);
// check password
$login = 0;
if($ws_pwd == $ds[password]) {
//session
session_name('ws_session');
session_start();
$_SESSION['ws_auth'] = $ds['userID'].":".$ws_pwd;
$_SESSION['ws_lastlogin'] = $ds[lastlogin];
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
//cookie
setcookie("ws_auth", $ds['userID'].":".$ws_pwd, time()+($sessionduration*60*60));
$login = 1;
}
elseif(!($ws_pwd == $ds[password])) {
if($sleep) sleep(5);
$error='You have entered an invalid password.<br><br><a href="javascript:history.back()">Go back and try it again!</a>';
}
}
else $error='Your account is not activated.<br><br>
<a href="javascript:history.back()">Go back and try it again!</a>';
}
else $error='No user with username <b>'.htmlspecialchars($ws_user).'</b> available.<br><br>
<a href="javascript:history.back()">Go back and try it again!</a>';
?>
<html>
<head>
<title><? echo PAGETITLE; ?></title>
<link href="_stylesheet.css" rel="stylesheet" type="text/css">
<?php if($login) { echo '<meta http-equiv="refresh" content="1;URL=index.php?site=loginoverview">';$error = 'Login successful!'; } ?>
</head>
<body bgcolor="<?php echo PAGEBG; ?>">
<table width="100%" height="100%">
<tr>
<td align="center">
<table width="350" border="1" cellpadding="10" cellspacing="0" bordercolor="<?php echo BORDER; ?>" bgcolor="<?php echo BG_1; ?>">
<tr>
<td align="center"><? echo $error; ?></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
