EDIT:
here is my bittorrent.php login functions:
PHP Code:
/*LOGIN FUNCTIONS*/
function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff)
{
set_mycookie( "uid", $id, $expires );
set_mycookie( "pass", $passhash, $expires );
if ($updatedb)
@mysql_query("UPDATE users SET last_login = ".TIME_NOW." WHERE id = $id");
}
function set_mycookie( $name, $value="", $expires_in=0, $sticky=1 )
{
global $SS;
if ( $sticky == 1 )
{
$expires = time() + 60*60*24*365;
}
else if ( $expires_in )
{
$expires = time() + ( $expires_in * 86400 );
}
else
{
$expires = FALSE;
}
$SS['cookie_domain'] = $SS['cookie_domain'] == "" ? "" : $SS['cookie_domain'];
$SS['cookie_path'] = $SS['cookie_path'] == "" ? "/" : $SS['cookie_path'];
if ( PHP_VERSION < 5.2 )
{
if ( $SS['cookie_domain'] )
{
@setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'], $SS['cookie_domain'] . '; HttpOnly' );
}
else
{
@setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'] );
}
}
else
{
@setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'], $SS['cookie_domain'], NULL, TRUE );
}
}
function logoutcookie() {
set_mycookie('uid', '-1');
set_mycookie('pass', '-1');
}
function loggedinorreturn() {
global $CURUSER, $SS;
if (!$CURUSER)
{
header("Location: {$SS['baseurl']}/login.php?returnto=" . urlencode($_SERVER["REQUEST_URI"]));
exit();
}
}
function get_mycookie($name)
{
global $SS;
if (isset($_COOKIE[$SS['cookie_prefix'].$name]) AND !empty($_COOKIE[$SS['cookie_prefix'].$name]))
{
return urldecode($_COOKIE[$SS['cookie_prefix'].$name]);
}
else
{
return FALSE;
}
}
function userlogin() {
global $SS;
unset($GLOBALS["CURUSER"]);
$ip = getip();
$nip = ip2long($ip);
require_once "cache/bans_cache.php";
if(count($bans) > 0)
{
foreach($bans as $k) {
if($nip >= $k['first'] && $nip <= $k['last']) {
header("HTTP/1.0 403 Forbidden");
print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address. Please, piss off... you had your chance.</body></html>\n";
exit();
}
}
unset($bans);
}
if (!$SS['site_online'] || !get_mycookie('uid') || !get_mycookie('pass'))
return;
$id = 0 + get_mycookie('uid');
if (!$id || strlen( get_mycookie('pass') ) != 32)
return;
$res = mysql_query("SELECT * FROM users WHERE id = $id AND enabled='yes' AND status = 'confirmed'");// or die(mysql_error());
$row = mysql_fetch_assoc($res);
if (!$row)
return;
if (get_mycookie('pass') !== $row["passhash"])
return;
mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE id=" . $row["id"]);// or die(mysql_error());
$row['ip'] = $ip;
$GLOBALS["CURUSER"] = $row;
}
function mkglobal($vars) {
if (!is_array($vars))
$vars = explode(":", $vars);
foreach ($vars as $v) {
if (isset($_GET[$v]))
$GLOBALS[$v] = unesc($_GET[$v]);
elseif (isset($_POST[$v]))
$GLOBALS[$v] = unesc($_POST[$v]);
else
return 0;
}
return 1;
}
function sqlesc($x) {
return "'".mysql_real_escape_string($x)."'";
}
/*LOGIN FUNCTIONS*/
and here is my login.php file:
PHP Code:
<?php
require_once("include/bittorrent.php");
echo stdhead("Login");
?>
<form method="post" action="takelogin.php">
<table class="login_table" align="center" border="1">
<tr>
<td>Username</td>
<td><input type="text" name="username" id="username" size="35" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" id="password" size="35" /></td>
</tr>
<tr>
<td align="center" colspan="2"><input type="submit" name="login_submit" value="Login Now!" /></td>
</tr>
</table>
</form>
<?php
echo stdfooter();
?>
and this is my takelogin.php file:
PHP Code:
<?php
require_once 'include/bittorrent.php';
require_once "include/password_functions.php";
echo stdhead("Login");
if (!mkglobal('username:password'))
die();
$lang = array_merge(load_language('takelogin'));
$res = mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirmed'");
$row = mysql_fetch_assoc($res);
if (!$row)
stderr($lang['tlogin_failed'], 'Username or password incorrect');
if ($row['passhash'] != make_passhash($row['secret'], md5($password)))
stderr($lang['tlogin_failed'], 'Username or password incorrect');
if ($row['enabled'] == 'no')
stderr($lang['tlogin_failed'], $lang['tlogin_disabled']);
logincookie($row['id'], $row['passhash']);
header("Location: {$SS['baseurl']}/index.php");
echo stdfooter();
?>
and at last, then this is my password_functions.php file:
PHP Code:
<?php
function mksecret($len=5)
{
$salt = '';
for ( $i = 0; $i < $len; $i++ )
{
$num = rand(33, 126);
if ( $num == '92' )
{
$num = 93;
}
$salt .= chr( $num );
}
return $salt;
}
function make_passhash_login_key($len=60)
{
$pass = mksecret( $len );
return md5($pass);
}
function make_passhash($salt, $md5_once_password)
{
return md5( md5( $salt ) . $md5_once_password );
}
function make_password()
{
$pass = "";
$unique_id = uniqid( mt_rand(), TRUE );
$prefix = mksecret();
$unique_id .= md5( $prefix );
usleep( mt_rand(15000,1000000) );
mt_srand( (double)microtime()*1000000 );
$new_uniqueid = uniqid( mt_rand(), TRUE );
$final_rand = md5( $unique_id.$new_uniqueid );
mt_srand();
for ($i = 0; $i < 15; $i++)
{
$pass .= $final_rand{ mt_rand(0, 31) };
}
return $pass;
}
?>
can you help me understand this a little bit... i mean, i do understand what you are doing and meaning with what you said to me... but i still can't think this one out on how to fix :/...
thanks in advance...
Bump: seriously... no one?...
i have can you at least tell me if i need somfthing...
just that i think i have it all, and still wont work -.-'...
Bump: hello again, a test can be viewed here: http://www.speed-scene.com/personal_sites/ssv1/speedscene/login.php
:)...