Logincheck Update

Author: rgajendran

admin.php

@@ -19,7 +19,7 @@
 		<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
 		<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script>
 		<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
-		<link href="https://fonts.googleapis.com/css?family=Iceland|Orbitron" rel="stylesheet">
+		<link href="https://fonts.googleapis.com/css?family=Iceland|Orbitron" rel="stylesheet"> 
 		<link href="css/admin.css" type="text/css" rel="stylesheet" />
 </head>
 <body style="background:url('images/bgadmin.png');">

index.php

@@ -6,7 +6,7 @@
 		<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
 		<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script>
 		<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
-		<link href="https://fonts.googleapis.com/css?family=Iceland|Orbitron" rel="stylesheet">
+		<link href="https://fonts.googleapis.com/css?family=Iceland|Orbitron" rel="stylesheet"> 
 		<link rel="stylesheet" href="css/login.css" type="text/css"/>
 		<link rel="stylesheet" href="css/index.css" type="text/css"/>
 		<link rel="stylesheet" href="css/map.css" type="text/css"/>

main.php

@@ -13,7 +13,7 @@
 		<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
 		<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script>
 		<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
-		<link href="https://fonts.googleapis.com/css?family=Iceland|Orbitron" rel="stylesheet"> 	
+		<link href="https://fonts.googleapis.com/css?family=Iceland|Orbitron" rel="stylesheet"> 
 		<link href="css/secgen.css" rel="stylesheet" type="text/css">
 		<link href="css/map.css" rel="stylesheet" type="text/css">
 	<script>

template/logincheck.php

@@ -5,41 +5,47 @@
 	$username = stripslashes(htmlspecialchars(htmlentities(trim(filter_var($_POST['uname']), FILTER_SANITIZE_STRING))));
 	$password = stripslashes(htmlspecialchars(htmlentities(trim(filter_var(($_POST['psw']), FILTER_SANITIZE_STRING)))));
 
-	$hash = md5($password . "CTF");
-
 	include 'connection.php';
-	$result = mysqli_query($connection, "SELECT * FROM users WHERE USERNAME='$username' AND PASSWORD='$hash'");
-	$num = mysqli_num_rows($result);
-	$LoginCheck = mysqli_query($connection, "SELECT value FROM options WHERE name='LOGIN'");
-	foreach (mysqli_fetch_assoc($LoginCheck) as $val) {
-		$permission = $val;
-	}
-	if ($num === 1) {
-		while ($row = mysqli_fetch_assoc($result)) {
-			$user = $row['USERNAME'];
-			$auth = $row['TEAM'];
-			$level = $row['TYPE'];
-
-			if ($level == "A") {
-				$_SESSION['USERNAME'] = $user;
-				$_SESSION['TEAM'] = $auth;
-				$_SESSION['TYPE'] = $level;
-				echo "<h3 style='color:green;'>Admin Login</h3>";
-			} else {
-				if ($permission == "ALLOW") {
-					$_SESSION['USERNAME'] = $user;
-					$_SESSION['TEAM'] = $auth;
-					$_SESSION['TYPE'] = $level;
-					echo "<h3 style='color:green;'>Login Success</h3>";
-				} else {
-					echo "<h3 style='color:orange;'>Please wait for the game to start</h3>";
+	if(strlen($username) >= 5 && strlen($username) <=10){
+		if(strlen($password) >= 5 && strlen($password) <= 10){
+			$hash = md5($password . "CTF");
+			$result = mysqli_query($connection, "SELECT * FROM users WHERE USERNAME='$username' AND PASSWORD='$hash'");
+			$num = mysqli_num_rows($result);
+			$LoginCheck = mysqli_query($connection, "SELECT value FROM options WHERE name='LOGIN'");
+			foreach (mysqli_fetch_assoc($LoginCheck) as $val) {
+				$permission = $val;
+			}
+			if ($num === 1) {
+				while ($row = mysqli_fetch_assoc($result)) {
+					$user = $row['USERNAME'];
+					$auth = $row['TEAM'];
+					$level = $row['TYPE'];
+		
+					if ($level == "A") {
+						$_SESSION['USERNAME'] = $user;
+						$_SESSION['TEAM'] = $auth;
+						$_SESSION['TYPE'] = $level;
+						echo "<h3 style='color:green;'>Admin Login</h3>";
+					} else {
+						if ($permission == "ALLOW") {
+							$_SESSION['USERNAME'] = $user;
+							$_SESSION['TEAM'] = $auth;
+							$_SESSION['TYPE'] = $level;
+							echo "<h3 style='color:green;'>Login Success</h3>";
+						} else {
+							echo "<h3 style='color:orange;'>Please wait for the game to start</h3>";
+						}
+					}
 				}
+		
+			} else {
+				echo "<h3 style='color:orange;'>Login Fail</h3>";
 			}
+		}else{
+			echo "<h3 style='color:orange;'>Login Fail</h3>";
 		}
-
-	} else {
+	}else{
 		echo "<h3 style='color:orange;'>Login Fail</h3>";
 	}
-
 }
 ?>