I'm busy building my own website and want to make it more interactive so people can join the site send each other messages look at photos and so.
what i've done so far is created a database with a useraccounts table.
in this table i have 3 fields i use for authentication for the site.
these fields is: Email; Password, Token
The code works great that i got so far it registers in the database it authenticates the lot but the problem thats been keeping me busy for the last day and half is the session and cookie logon.
my login page has a option with "Remember me" check box. if i logon using the check box it keeps me signed in and working as i want but as soon as i log out and log back in with out the remember me check box clicked and i close the page or the browser it logs me back in and for some reason in my life i cant get it to loose that session data that it will not log in.
heres my code that i've done...
Code:
<?php
session_start();
include("includes/database.php");
$today=date("Y-m-d");
if(isset($_POST['aanteken'])) { //checks forms been submitted
$gebruiker=$_POST['gebruiker'];
$wagwoord=$_POST['wagwoord'];
if(strlen($gebruiker) < 1){ //checks if email address been enter
$error="Please enter your Email Address.";
unset($_POST['gebruiker']);
} elseif (strlen($wagwoord) < 1){ //checks if password been enter
$error="Please enter your Password.";
unset($_POST['wagwoord']);
}
else
{
$query=("select * from useraccounts where email='$gebruiker' LIKE 'a%';"); //checks if email does exist in database
$result=mysql_query($query);
if( mysql_numrows($result) < 1 ) {
$error="Email/Password error try again.";
}
else
{
$md5pass=md5($wagwoord); // encrypts password
$query=("select * from useraccounts where password='$md5pass' and email='$gebruiker' LIKE 'a%';"); // checks if email address and password match
$result=mysql_query($query);
if( mysql_numrows($result) < 1 ) {
$error="Email/Password error try again.";
}
else
{
$token="$gebruiker.$today"; // makes a unique token for logging in
$token=md5($token); // md5 encryption on unique token
if(isset($_POST['onthou'])) { // checks if remember me have been checked
$wagwoord=md5($wagwoord); // md5 encryption password
$query=("update useraccounts set token='$token', last_login='$today' where email='$gebruiker';"); // updates token and last login date
mysql_query($query);
// sets cookie data
setcookie("nlgebruiker", $gebruiker, time()+60*60*24*100, "/");
setcookie("nlwagwoord", $wagwoord, time()+60*60*24*100, "/");
setcookie("nltoken", $token, time()+60*60*24*100, "/");
header("location:userpanel.php"); // changes page to user info
}
else
{ // sets session data if remember me not been set.
$query=("update useraccounts set token='$token', last_login='$today' where email='$gebruiker';"); // updates token and last login date
mysql_query($query);
// sets session info
$_SESSION['nlemail'] = $gebruiker;
$_SESSION['nlpassword'] = $md5pass;
$_SESSION['nltoken'] = $token;
header("location:userpanel.php"); // changes page to user info
}
}
}
}
}
?>
<link href="css/ANstyle.css" rel="stylesheet" type="text/css">
<div id="useraccess">
<table align="center" height="250" border="0" width="275">
<form method="post" action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>">
<tr><td colspan="2" height="36"><img src="gfx/register.jpg"></td></tr>
<tr><td colspan="2" align="center"><?php echo $error; ?></td></tr>
<tr><td colspan="2" align="center"> </td></tr>
<tr><td>Email:</td><td ><input type="text" name="gebruiker" size="28" value="<?php echo $_POST['gebruiker']; ?>"></td></tr>
<tr><td>Password:</td><td><input type="password" name="wagwoord" size="28"></td></tr>
<tr><td align="right"><input type="checkbox" name="onthou" <?php if(isset($_POST['onthou'])) { echo "checked";} ?> ></td><td align="center">Remember me next time.</td></tr>
<tr><td colspan="2" align="center"><input name="aanteken" type="submit" value="Login"></td></tr>
<tr><td colspan="2" align="center"><a href="register.php" target="_top" name="register"</a></td>
</tr>
</form>
</table>
</div>
That links to userpanel.php and the i included the logged.php to check the login status.
<?php
//Checks if cookies been set
if (isset($_COOKIE['nlgebruiker']) && isset($_COOKIE['nlwagwoord']) && isset($_COOKIE['nltoken'])){
$_SESSION['nlemail']=$_COOKIE['nlgebruiker'];
$_SESSION['nlpassword']=$_COOKIE['nlwagwoord'];
$_SESSION['nltoken']=$_COOKIE['nltoken'];
}
// test the if Session or cookie data is valid
if (isset($_SESSION['nlemail']) && isset($_SESSION['nlpassword']) && isset($_SESSION['nltoken'])){
$user=$_SESSION['nlemail'];
$pass=$_SESSION['nlpassword'];
$token=$_SESSION['nltoken'];
$query=("select * from useraccounts where email='$user' and password='$pass' and token='$token';");
$results=mysql_query($query);
if ( mysql_numrows($results) <> 1 ) { //test if data is valid
//unsets info and redirect back to the logon page.
unset($_SESSION['nlemail']);
unset($_SESSION['nlpassword']);
unset($_SESSION['nltoken']);
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
header('location: login.php');
}
}
?>
if anybody can help me with this i would be grateful!!
The only thing I can come up with is the fact that you're using both cookies and sessions. Now, I've never used cookies before, so I don't know if that could conflict with eachother.
In the first bit of code, where it says
PHP Code:
else { // sets session data if remember me not been set.
maybe you can try the following
- if remember has not been set, check for existing cookie (stored on previous visits)
- if: cookie exist, empty all data and destroy cookie
- or else: cookie doesn't exist, do nothing
- then continue creating a temporary session like you're doing now
On another note: did you know you are using PHP4 code for letting the form point to itself? Nowadays (PHP5) code is
PHP Code:
$_SERVER['PHP_SELF']
instead of the $HTTP_SERVER_VARS. This should not be the problem in your code, but hey.
Hey thanks for the input but i just had to add 2 lines of code this is what i've done...
Code:
<?php
//Checks if cookies been set
if (isset($_COOKIE['nlgebruiker']) && isset($_COOKIE['nlwagwoord']) && isset($_COOKIE['nltoken'])){
$_SESSION['nlemail']=$_COOKIE['nlgebruiker'];
$_SESSION['nlpassword']=$_COOKIE['nlwagwoord'];
$_SESSION['nltoken']=$_COOKIE['nltoken'];
}
// test the if Session or cookie data is valid
if ((strlen($_SESSION['nlemail']) == 0) or (strlen($_SESSION['nlpassword']) == 0) or (strlen($_SESSION['nltoken']) == 0)){ // this what i had to add and it tests if the session values is bigger than 0 otherwise it redirects
header('location: login.php');
} else { if (isset($_SESSION['nlemail']) && isset($_SESSION['nlpassword']) && isset($_SESSION['nltoken'])){
$user=$_SESSION['nlemail'];
$pass=$_SESSION['nlpassword'];
$token=$_SESSION['nltoken'];
$query=("select * from useraccounts where email='$user' and password='$pass' and token='$token';");
$results=mysql_query($query);
if ( mysql_numrows($results) <> 1 ) { //test if data is valid
//unsets info and redirect back to the logon page.
unset($_SESSION['nlemail']);
unset($_SESSION['nlpassword']);
unset($_SESSION['nltoken']);
unset($_SESSION['nlsession']);
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
header('location: login.php');
} else {
$today=date("Y-m-d");
$update=("update useraccounts set last_login='$today' where email='$user';");
mysql_query($update);
$info=mysql_fetch_array($results);
$_SESSION['username']=$info['username'];
$_SESSION['viewed']=$info['viewed'];
$_SESSION['nlsession']=true;
}
}}
?>
Annoying Session/cookie login glitch
Linear Mode
