I need some help with my code. I need to have it do a couple of things when they try to login.
I am going to copy the code i currently have
Code: Select all
if($error != TRUE) {
//look for user and pass
$r = mysql_query("SELECT * FROM members WHERE username='$user' AND password='$pass' AND login_ip='".$_SERVER['REMOTE_ADDR']."' AND status='Active' LIMIT 1") or error_out("Unable to process login; please try again later.");
if(@mysql_num_rows($r) > 0) {
$row = mysql_fetch_array($r, MYSQL_ASSOC);
$_SESSION['admin_id'] = $row['id'];
$_SESSION['admin_acctno'] = $row['acct_num'];
$_SESSION['admin_user'] = $row['username'];
$_SESSION['admin_pass'] = $row['password'];
$date_login = escape_data(date('Y-m-d H:i:s'), $dbc);
$ip_login = escape_data($_SERVER['REMOTE_ADDR'], $dbc);
//update ip upon login
@mysql_query("UPDATE members SET login_ip='$ip_login', last_logged='$date_login' WHERE id='{$row['id']}' LIMIT 1");
$LOGIN = TRUE;
unset($row);
} else {
$error = TRUE;
$error_msg .= 'Oops! You have either enter an incorrect username or password or your account has been suspened!';
}
header("Location: verification.php");
}
}
Here is the things I need to do
Check for user and pass to see if it exists if it does not exist or if the user and or pass is wrong then show msg on the login form
Check to see if account status is Active. If its suspended then show msg on the login form
When they try to log in have it check their IP address being logged in from against the Banned_ips table if its in the table show msg on login form
I need it to chk the Ip they are logging in from against the Ip_address field in members table and if they are different send them to verification.php otherwise allow the login.
I hope someone can help. I know my code isnt the best but I can fix it once i see how to do it.