I'm having a bit of bad luck with sessions. In the past they have worked fine for me, but this time around I'm having terrible luck. Basically, I made the crappiest login system ever. I'm using sessions to store three bits of information: 1) metadata which consists of the username, password, and salt; 2) database row id; 3) username.
Here is my code to login/out the user:
<?php
/**
* Copyright 2009 Steven
*/
session_start();
session_regenerate_id();
define('IN_VOCAB',true);
require('init.php');
// Get POST values
foreach( $_POST as $key => $value )
{
$$key = clean($value,true);
}
switch( $_SERVER['QUERY_STRING'] )
{
case 'login':
// MD5 password
$password = md5($password);
// Validate user exists
$user_val_query = $db->query("SELECT * FROM `users` WHERE `username`='{$username}' AND `password`='{$password}' LIMIT 1");
if( mysql_num_rows($user_val_query) > 0 )
{
// User exists; set sessions
$salt = substr(md5(date('F')),8);
$user = mysql_fetch_assoc($user_val_query);
$_SESSION['steven_vocab.user.meta'] = $username.$password.$salt;
$_SESSION['steven_vocab.user.id'] = $user['id'];
$_SESSION['steven_vocab.user.name'] = $user['username'];
// Logged in
echo message('You have been successfully logged in as '.$username.'!','success');
echo '<a href="',$site_url,'">Go to main site</a>.';
show('footer.php');
}
else
{
fatal_error('Incorrect username and/or password. <a href="'.$site_url.'">Please try again</a>.');
}
break;
case 'logout':
// Make sure user is logged in
require($sys_inc_path.'user_check.php');
// Unset session vars
unset($_SESSION['steven_vocab.user.meta'],$_SESSION['steven_vocab.user.id'],$_SESSION['steven_vocab.user.name']);
echo message('You have been successfully logged out.','success');
echo '<a href="',$site_url,'">Go to main site</a>.';
show('footer.php');
break;
default:
fatal_error('Invalid request.');
}
?>
And here is my code to check and validate the user:
<?php
/**
* Copyright 2009 Steven
*/
if( !defined('IN_VOCAB') )
{
echo 'Direct access to this file is not allowed.';
exit;
}
// Check for session
if( !isset($_SESSION['steven_vocab.user.meta']) || !isset($_SESSION['steven_vocab.user.id']) || !isset($_SESSION['steven_vocab.user.name']) )
{
show('login_form.html',null,true);
}
// Session exists; validate
$salt = substr(md5(date('F')),8);
$id = $_SESSION['steven_vocab.user.id'];
$meta = $_SESSION['steven_vocab.user.meta'];
$user_info_query = $db->query("SELECT * FROM `users` WHERE `id`='{$id}' LIMIT 1");
if( mysql_num_rows($user_info_query) > 0 )
{
// User exists, check username and password
$user = mysql_fetch_assoc($user_info_query);
if( ($user['username'].$user['password'].$salt) != $meta )
{
// User invalid; unset session and exit
unset($_SESSION['steven_vocab.user.meta'],$_SESSION['steven_vocab.user.id'],$_SESSION['steven_vocab.user.name']);
fatal_error('Invalid session metadata. <a href="'.$site_url.'">Please login again</a>.');
}
}
else
{
// User invalid; unset session and exit
unset($_SESSION['steven_vocab.user.meta'],$_SESSION['steven_vocab.user.id'],$_SESSION['steven_vocab.user.name']);
fatal_error('User cannot be found. <a href="'.$site_url.'">Please login again</a>.');
}
// The user is logged in and validated; check IP address
$user_ip = $_SERVER['REMOTE_ADDR'];
$check_ip_query = $db->query("SELECT `ip` FROM `users` WHERE `id`='{$user['id']}' LIMIT 1");
if( mysql_num_rows($check_ip_query) > 0 )
{
$stored_ip = mysql_result($check_ip_query,0,'ip');
// Check if empty
if( empty($stored_ip) )
{
// Update IP
$ip_update_query = $db->query("UPDATE `users` SET `ip`='{$user_ip}' WHERE `id`='{$user['id']}' LIMIT 1");
}
else
{
// Check if current IP is same
if( $stored_ip != $user_ip )
{
// Send me a text and log it
$ip_log_data = time().' - Username "'.$user['username'].'" accessed site from IP "'.$user_ip.'" while stored IP is "'.$stored_ip.'" : ID'.$user['id'];
file_put_contents($sys_inc_path_admin.'ip_log.txt',$ip_log_data."nn",FILE_APPEND);
@mail('5555555555@vtext.com','IP Confliction: Vocab',$ip_log_data);
}
}
}
// Output info
$username = $_SESSION['steven_vocab.user.name'];
echo '<div id="user_meta">Welcome back, ',$username,'!<br />» <a href="',$site_url,'user.php?logout">Logout</a> «</div>';
?>
When I log in, everything runs smoothly and it works perfectly. I can log in as anyone and I always have the proper access level, etc. However, when anyone else tries to log in, he or she gets the Invalid metadata message (check code). I've been swapping code in and out all day and nothing seems to fix their problems, except it works fine for me. Can anyone see anything blatantly obvious in the above code?
Weekly Calendar
Hi, I am looking at creating a weekly calendar. The calendar will read from Monday - Sunday. Does anyone know of any examples or tutorails on how I can achieve this, as I have tried searching without
Get content from table into a list, without repeating.
Alright this is kinda an odd thing, so I need some help.I have a table "quote" with the three columns `id`, `quote`, and `author`.Now I am wondering if there is anyway that I can output all
I got my hosting suspended XD
So I saw this challenge a day or so agohttp://www.programming-challenges.com/pg.php?page=downloadproblem&probid=110101&format=htmlAnd I thought to myself "Well, what about numbers
AutoChoosing a CSS file based on URL
Hey everyone,I have a site that has multiple URLs and CSS files.Based on the URL that the user goes to I want that CSS file to load.This is what I have thus far in the <head> of my
checkbox update
I am having a brain fart right now and i cant remember how to do this. if anyone could help that would be great. I have search google and this forum but have not found what i am looking for.thankswhen
Inserting the current date/time while submitting the forum
What do I need to add below to update the current date/time? I have a field in the database called datetime. I tried to use Now() but its not working. Code: <?php$con =
Code working in IE but not FireFox
I created a dynamic navigation list for my website based off of a table in my database. The code is working perfectly in IE (I have version 8 on this computer) But it wont work on Firefox. I'm not
RSS feed - FeedList for WordPress
Hi,I'm trying to alter the FeedList plugin for WordPress so that I can click on the title of an item and have it open in a new window to display the full item. I don't want it to go to the host
unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_
Can anyone view my code and tell me why im getting the error:Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in
Drop Down and text box issue
Is it possible to set a drop down list and text boxes to a certain width?here is my codeCode: [Select]echo "<select name='categories'>"; echo "<option
