I'm having a bit of bad luck with sessions. In the past they have worked fine for me, but this time around I'm having terrible luck. Basically, I made the crappiest login system ever. I'm using sessions to store three bits of information: 1) metadata which consists of the username, password, and salt; 2) database row id; 3) username.
Here is my code to login/out the user:
<?php
/**
* Copyright 2009 Steven
*/
session_start();
session_regenerate_id();
define('IN_VOCAB',true);
require('init.php');
// Get POST values
foreach( $_POST as $key => $value )
{
$$key = clean($value,true);
}
switch( $_SERVER['QUERY_STRING'] )
{
case 'login':
// MD5 password
$password = md5($password);
// Validate user exists
$user_val_query = $db->query("SELECT * FROM `users` WHERE `username`='{$username}' AND `password`='{$password}' LIMIT 1");
if( mysql_num_rows($user_val_query) > 0 )
{
// User exists; set sessions
$salt = substr(md5(date('F')),8);
$user = mysql_fetch_assoc($user_val_query);
$_SESSION['steven_vocab.user.meta'] = $username.$password.$salt;
$_SESSION['steven_vocab.user.id'] = $user['id'];
$_SESSION['steven_vocab.user.name'] = $user['username'];
// Logged in
echo message('You have been successfully logged in as '.$username.'!','success');
echo '<a href="',$site_url,'">Go to main site</a>.';
show('footer.php');
}
else
{
fatal_error('Incorrect username and/or password. <a href="'.$site_url.'">Please try again</a>.');
}
break;
case 'logout':
// Make sure user is logged in
require($sys_inc_path.'user_check.php');
// Unset session vars
unset($_SESSION['steven_vocab.user.meta'],$_SESSION['steven_vocab.user.id'],$_SESSION['steven_vocab.user.name']);
echo message('You have been successfully logged out.','success');
echo '<a href="',$site_url,'">Go to main site</a>.';
show('footer.php');
break;
default:
fatal_error('Invalid request.');
}
?>
And here is my code to check and validate the user:
<?php
/**
* Copyright 2009 Steven
*/
if( !defined('IN_VOCAB') )
{
echo 'Direct access to this file is not allowed.';
exit;
}
// Check for session
if( !isset($_SESSION['steven_vocab.user.meta']) || !isset($_SESSION['steven_vocab.user.id']) || !isset($_SESSION['steven_vocab.user.name']) )
{
show('login_form.html',null,true);
}
// Session exists; validate
$salt = substr(md5(date('F')),8);
$id = $_SESSION['steven_vocab.user.id'];
$meta = $_SESSION['steven_vocab.user.meta'];
$user_info_query = $db->query("SELECT * FROM `users` WHERE `id`='{$id}' LIMIT 1");
if( mysql_num_rows($user_info_query) > 0 )
{
// User exists, check username and password
$user = mysql_fetch_assoc($user_info_query);
if( ($user['username'].$user['password'].$salt) != $meta )
{
// User invalid; unset session and exit
unset($_SESSION['steven_vocab.user.meta'],$_SESSION['steven_vocab.user.id'],$_SESSION['steven_vocab.user.name']);
fatal_error('Invalid session metadata. <a href="'.$site_url.'">Please login again</a>.');
}
}
else
{
// User invalid; unset session and exit
unset($_SESSION['steven_vocab.user.meta'],$_SESSION['steven_vocab.user.id'],$_SESSION['steven_vocab.user.name']);
fatal_error('User cannot be found. <a href="'.$site_url.'">Please login again</a>.');
}
// The user is logged in and validated; check IP address
$user_ip = $_SERVER['REMOTE_ADDR'];
$check_ip_query = $db->query("SELECT `ip` FROM `users` WHERE `id`='{$user['id']}' LIMIT 1");
if( mysql_num_rows($check_ip_query) > 0 )
{
$stored_ip = mysql_result($check_ip_query,0,'ip');
// Check if empty
if( empty($stored_ip) )
{
// Update IP
$ip_update_query = $db->query("UPDATE `users` SET `ip`='{$user_ip}' WHERE `id`='{$user['id']}' LIMIT 1");
}
else
{
// Check if current IP is same
if( $stored_ip != $user_ip )
{
// Send me a text and log it
$ip_log_data = time().' - Username "'.$user['username'].'" accessed site from IP "'.$user_ip.'" while stored IP is "'.$stored_ip.'" : ID'.$user['id'];
file_put_contents($sys_inc_path_admin.'ip_log.txt',$ip_log_data."nn",FILE_APPEND);
@mail('5555555555@vtext.com','IP Confliction: Vocab',$ip_log_data);
}
}
}
// Output info
$username = $_SESSION['steven_vocab.user.name'];
echo '<div id="user_meta">Welcome back, ',$username,'!<br />» <a href="',$site_url,'user.php?logout">Logout</a> «</div>';
?>
When I log in, everything runs smoothly and it works perfectly. I can log in as anyone and I always have the proper access level, etc. However, when anyone else tries to log in, he or she gets the Invalid metadata message (check code). I've been swapping code in and out all day and nothing seems to fix their problems, except it works fine for me. Can anyone see anything blatantly obvious in the above code?
php multiple action on submit
I have a form which says:<form enctype='multipart/form-data' method='post' action='process.php' target='_blank'>I need to call process.php on submit or on clicking submit button. Now
Which PHP-Editor do you think is the best?
Hi everyone, Myself Brian Anderson. For the last 2 years i have been working as a php-professional. I would like to conduct a poll for knowing which PHP-Editor you guys think is the
php unable to sent email
Hi, guys, I try to send a email through php but unfortunately the mail unable to sent. Here is my code, any configuration that I need to change in order to send the email ? Anyone who know please help
PHP arrays into arrays need help
HelloI am trying to highlight the days on my calendar based on the dates that i have in my database. Currently I can only get it to display the last element in the database which leads me to believe
I didnt code this but I need help with it
I'm sorry. i'm not a coder. I have this script for forcing download and previewing mp3. The guy that coded it made it so It took the spaces out of the filename when its downloaded. When you download a
Character Sets/Collations Stuff
Can someone please give me a check list of things I must do to setup all the charset stuff for my php/mysql social site*only for a USA town doesn't require non english characters*
Referential Integrity problem when inserting into 2 tables at same time
Hello Everyone,Im relativity new to PHP and MySQL and i have come up against a problem. i have 2 tables that are linked via foreign key constraints.Code: ---- Table structure for table
PHP error. Need help urgently
Hi,I am programming a php site and have a problem that i just cant find out how to fix. When i run it i get this error "Parse error: syntax error, unexpected $end in
Progress bar for webpage
Hi,I want to implement a progress/waiting bar on my webpage - exactly the same thing that the Microsoft Update web page uses when your PC is being searched for available updates (the green bar that
Uploading Filetypes and placing them in seperate folders.
Hello, first post , and asking for help im afraid. Very new to PHP, was making good progress I thought , but im stuck with this part. I have a uploading form that works perfectly and uploads
