i already make it but need help to improve code
i am not professional i only use my little experience to make this code , i need someone to help me to make professional code
this is my code
Code: Select all
function logInMember() {
if($_POST['Code1'] != '') {
if($_POST['username'] != '' && $_POST['password'] != '') {
$username = makeSafe(strtolower($_POST['username']));
$password = $_POST['password'];
$hash = sqlValue("select passMD5 from membership_users where lcase(memberID)='{$username}' and isApproved=1 and isBanned=0");
if(password_match($password, $hash)) {
$key = mt_rand(100000,999999);
$ts1 = date("Y-m-d H:i:s");
sql("INSERT INTO `auth` (`email`, `key`, `expDate`)VALUES ('".$username."', '".$key."', '".$ts1."');", $eo);
} else {
echo "Wrong Password";
}
}
}
$redir = 'index.php';
if($_POST['signIn'] != '') {
if($_POST['username'] != '' && $_POST['password'] != '' && $_POST['Code'] != '') {
$Code = $_POST['Code'];
$username = makeSafe(strtolower($_POST['username']));
$hash = sqlValue("select passMD5 from membership_users where lcase(memberID)='{$username}' and isApproved=1 and isBanned=0");
$password = $_POST['password'];
$key = sqlValue("select `key` from auth where email ='{$username}' ORDER BY id DESC LIMIT 1");
if(password_match($password, $hash) && $Code == $key) {
$_SESSION['memberID'] = $username;
$_SESSION['memberGroupID'] = sqlValue("SELECT `groupID` FROM `membership_users` WHERE LCASE(`memberID`)='{$username}'");
if($_POST['rememberMe'] == 1) {
RememberMe::login($username);
}else{
RememberMe::delete();
}
// harden user's password hash
password_harden($username, $password, $hash);
// hook: login_ok
if(function_exists('login_ok')) {
$args=array();
if(!$redir=login_ok(getMemberInfo(), $args)) {
$redir='index.php';
}
}
sql("DELETE from auth where email ='{$username}'", $eo);
redirect($redir);
exit;
}
}