rootKID |
3rd March 2013 11:44 |
Sessions and Cookies Help please...
Hello, recently i have been tried to make a new way of logging in to my own tracker code, wich i am still working on.
anyhow, im trying to make it so if the user DONT wish to login with cookies, he or her can disable that by hitting a radio/check box/button on the login screen.
and besides that i am trying to add in the same method TBdev 09 Final used, the login and logout functions used for the user.
i am trying to make a little bit change in them, but only so it can fit for the code i have myself.
anyhow, i would also like to try and add this variable:
$CURUSER
like TBdev uses it in their code, but im a little bit lost right now, and could use a new set of eyes.
so im asking here for ideas on how to proceed on from where i am.
here is my codes:
takelogin.php:
PHP Code:
<?php require_once("include/bittorrent.php"); require_once ("include/password_functions.php"); session_start(); ob_start();
$HTMLOUT .= "<center><img class='img_center' src='pics/login_loading.gif'></center>"; $HTMLOUT .= "<center>Loading...</center>";
/*==========RUN LOGIN PROCEDURE===============*/ $uname = sqlesc($_POST['username']); /*Form Names...*/ $pass = sqlesc($_POST['password']); /*Form Names...*/
if(isset($pass)) { $passhash = md_5($pass); /*Securing The Data...*/ }
$query = "SELECT * FROM users WHERE username = $uname AND passhash = '$passhash' AND enabled = 'yes' AND status = 'confirmed'";
$query_result = mysql_query($query)or die(mysql_error());//Running query to the DB...
/* $HTMLOUT .= "Username = " . $uname . ""; $HTMLOUT .= "pass = " . $pass . ""; $HTMLOUT .= "MD5 pass = " . $passhash . ""; $HTMLOUT .= "Query = " . $query . ""; $HTMLOUT .= "Query Result = " . $query_result . ""; */
$HTMLOUT .= "Username = " . $uname . ""; $HTMLOUT .= "pass = " . $pass . ""; $HTMLOUT .= "MD5 pass = " . $passhash . ""; $HTMLOUT .= "Query = " . $query . ""; $HTMLOUT .= "Query Result = " . $query_result . "";
if(mysql_num_rows($query_result) == 1)/*if the DB returns somfthing, then run...*/ { $row = mysql_fetch_array($query_result);
$_SESSION['uid'] = $row['u_id']; $_SESSION['username'] = $row['username']; $_SESSION['pass'] = $row['passhash']; $_SESSION['pass_key'] = $row['passkey']; $_SESSION['status'] = $row['status']; $_SESSION['u_avatar'] = $row['user_avatar']; $_SESSION['register_date'] = $row['added']; $_SESSION['enabled'] = $row['enabled']; $_SESSION['email'] = $row['email']; $_SESSION['ip'] = $row['ip']; $_SESSION['class'] = $row['class']; $_SESSION['time_offset'] = $row['time_offset']; $_SESSION['dst_in_use'] = $row['dst_in_use']; $_SESSION['auto_correct_dst'] = $row['auto_correct_dst']; header('Refresh: 3; url=index.php');//with time delay... } else/*Error messeage...*/ { $HTMLOUT .= "<center>Error reading login-session coding base, or a wrong username/pass inserted...</center>"; header('Refresh: 3; url=index.php');//with time delay... } /*==========RUN LOGIN PROCEDURE===============*/
print stdhead('Loggin in...','1') . $HTMLOUT . stdfoot($stdfoot); ?>
bittorrent.php file:
PHP Code:
/*LOGIN/LOGOUT FUNCTIONS...*/ function dbconn() { global $MT;
if (!@mysql_connect($MT['mysql_host'], $MT['mysql_user'], $MT['mysql_pass'])) { switch (mysql_errno()) { case 1040: case 2002: if ($_SERVER['REQUEST_METHOD'] == "GET") die("<html><head><meta http-equiv='refresh' content=\"5 $_SERVER[REQUEST_URI]\"></head><body><table border='0' width='100%' height='100%'><tr><td><h3 align='center'>The server load is very high at the moment. Retrying, please wait...</h3></td></tr></table></body></html>"); else die("Too many users. Please press the Refresh button in your browser to retry."); default: die("[" . mysql_errno() . "] dbconn: mysql_connect: " . mysql_error()); } } mysql_select_db($MT['mysql_db']) or die('dbconn: mysql_select_db: ' . mysql_error()); }
function loggedinorreturn()//check if someone is logged in... { //loggedinorreturn_cookie(); //loggedinorreturn_session();
if(isset(loggedinorreturn_session())) { loggedinorreturn_session(); } else if(!isset(loggedinorreturn_session())) { loggedinorreturn_cookie(); } }
/*=====================================*/
function userlogin_cookie() { global $MT; unset($GLOBALS["CURUSER"]);
if ( !$MT['site_online'] || !get_mycookie('uid') || !get_mycookie('pass') ) return;
$id = 0 + get_mycookie('uid');
if (!$id || strlen( get_mycookie('pass') ) != 32) return;
$res = mysql_query("SELECT * FROM users WHERE u_id = $id AND enabled='yes' AND status='confirmed'"); $row = mysql_fetch_assoc($res);
if (!$row) return;
if (get_mycookie('pass') !== $row["passhash"]) return;
mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE u_id=" . $row["id"]);
$row['ip'] = $ip; $GLOBALS["CURUSER"] = $row; }
function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff) { //setcookie("uid", $id, $expires, "/"); //setcookie("pass", $passhash, $expires, "/"); set_mycookie( "uid", $id, $expires ); set_mycookie( "pass", $passhash, $expires ); if ($updatedb) @mysql_query("UPDATE users SET last_login = ".TIME_NOW." WHERE u_id = $id"); }
function set_mycookie( $name, $value="", $expires_in=0, $sticky=1 ) { global $MT; if ( $sticky == 1 ) { $expires = time() + 60*60*24*365; } else if ( $expires_in ) { $expires = time() + ( $expires_in * 86400 ); } else { $expires = FALSE; } $MT['cookie_domain'] = $MT['cookie_domain'] == "" ? "" : $MT['cookie_domain']; $MT['cookie_path'] = $MT['cookie_path'] == "" ? "/" : $MT['cookie_path']; if ( PHP_VERSION < 5.2 ) { if ( $MT['cookie_domain'] ) { @setcookie( $MT['cookie_prefix'].$name, $value, $expires, $MT['cookie_path'], $MT['cookie_domain'] . '; HttpOnly' ); } else { @setcookie( $MT['cookie_prefix'].$name, $value, $expires, $MT['cookie_path'] ); } } else { @setcookie( $MT['cookie_prefix'].$name, $value, $expires, $MT['cookie_path'], $MT['cookie_domain'], NULL, TRUE ); } }
function get_mycookie($name) { global $MT; if ( isset($_COOKIE[$MT['cookie_prefix'].$name]) AND !empty($_COOKIE[$MT['cookie_prefix'].$name]) ) { return urldecode($_COOKIE[$MT['cookie_prefix'].$name]); } else { return FALSE; } }
function logoutcookie() { //setcookie("uid", "", 0x7fffffff, "/"); //setcookie("pass", "", 0x7fffffff, "/"); set_mycookie('uid', '-1'); set_mycookie('pass', '-1'); }
function loggedinorreturn_cookie() { if (!$CURUSER['u_id']) { header("Location: login.php"); exit(); } }
/*=====================================*/ /*=====================================*/ /*=====================================*/ function userlogin_session() { global $MT; unset($GLOBALS["CURUSER"]);
if ( !$MT['site_online'] ) { return; }
$res = mysql_query("SELECT * FROM users WHERE u_id = $id AND enabled='yes' AND status='confirmed'"); $row = mysql_fetch_assoc($res);// or die(mysql_error());
if (!$row) { return; }
mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE u_id=" . $row["id"]);
$row['ip'] = $ip; $GLOBALS["CURUSER"] = $row; }
function login_session($update_user_db = 0) { //set_my_session( "uid" ); //set_my_session();//Run this!...
if ($update_user_db == 1) { @mysql_query("UPDATE users SET last_login = ".TIME_NOW." WHERE u_id = $id"); } }
function set_my_session( $name ) { /*CODE HERE...*/ }
function unset_my_session() { unset($_SESSION['{$session_name}']); }
function logout_session($id) { //unset_my_session('VARIABLE HERE...'); //$_SESSION = array(user id here, would be most wise.); //Unsetting all of the session variables in an array... //session_destroy(); //Destroy all the sessions currently running... }
function loggedinorreturn_session() { if (!$_SESSION['u_id']) { header("Location: login.php"); exit(); } } /*=====================================*/ /*LOGIN/LOGOUT FUNCTIONS...*/
ideas would be awsome! :)...
and yes, its a little bit different, but my mind have tried to order the freaking code as good as possible, and now im in a need of help since i have met 2 crossroads on my path that i simple have no idea about wich one to take -.-'.
anyhow, the idea is simple in my head, the dbconn function will be on every site/file like tbdev files, to check the database connection, and there it will run the 2 different functions, sessions and cookie user functions, that will give me the $CURUSER variable. but have no clue on how to add it in from where i am right now, besides that, then in the takelogin.php file, you see i am right now trying to manually create the sessions from there, the idea is to add a if/else statement that says if the check-box has been applied, run cookies, else session function.
and its the functions that are running the sessions and cookies login for me, but its not working anyhow just yet.
no clue why, but every time i try to login, the sessions are not being created, and giving me a user-error.
its telling me that the pass/user are wrong, when it is not. so i have been hitting a stonewall, and besides that well, i just need a new pair of eyes and ideas. so please, any ideas on how to proceed from where i am?...
-thanks ALOT in return! X)...
|