Okay so I stayed up all night and made it better. Now the script has both a session generated on the fly as well as a constant token. I've got a few finishing touches to do but I actually think it's just about done. I think I need to go through and make the code a little cleaner and maybe throw a few more comments in there but after that I think it's time to move onto phase two. Here's a couple code snippets for your enjoyment, or if you don't wanna download the zip.
So the page structure is as follows:
Session.php is where all the magic happens, it's always there included in the index.php
There's a login.php which uses auth.php to log users in
There's a register.php which uses create.php to create users
Session.php
<?php
// Database stuffff
mysql_connect("host", "user", "pass") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
// Check to see if the cookie exists
if(isset($_COOKIE['auth'])){
// What does it equal?
$cookie = $_COOKIE['auth'];
list($token, $session) = split('[-]', $cookie);
// Check database to see if cookie value is valid
$sql="SELECT * FROM users WHERE token='$token' AND session='$session'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
// If the cookie is valid then display the user page content
if($count==1){
$row = mysql_fetch_array( $result );
$username = $row['username'];
$authenticated = "true";
// Change up the cookie to prevent fixation
$session = sha1($username.time());
$cookie = $token."-".$session;
setcookie('auth', $cookie, time()+3600);
mysql_query("UPDATE users SET session='$session' WHERE username='$username'");
}
// If the cookie is not valid then kill it and go back to login
else{
setcookie('auth', '', time()-3600);
header("location:?page=login");
mysql_query("UPDATE users SET session='' WHERE token='$token'");
}
}
?>
Create.php
<?php
$username = mysql_real_escape_string(stripslashes($_POST["username"]));
$password = sha1(mysql_real_escape_string(stripslashes($_POST["password"])));
$token = sha1($username.time());
$sql="SELECT * FROM users WHERE username='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($username==""){
echo "Username can not be blank<br>";
}
elseif($password=="da39a3ee5e6b4b0d3255bfef95601890afd80709"){
echo "Password can not be blank";
}
elseif($count==1){
echo "Sorry. That username is already taken.";
}
else {
mysql_query("INSERT INTO users (username, password, token) VALUES('$username', '$password', '$token')") or die(mysql_error());
$session = sha1($username.time());
$cookie = $token."-".$session;
setcookie('auth', $cookie, time()+3600);
mysql_query("UPDATE users SET session='$session' WHERE username='$username'");
header("location:?page=user");
}
?>
Auth.php
<?php
$username = mysql_real_escape_string(stripslashes($_POST["username"]));
$password = sha1(mysql_real_escape_string(stripslashes($_POST["password"])));
$sql="SELECT * FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$row = mysql_fetch_array( $result );
$token = $row['token'];
$session = sha1($username.time());
mysql_query("UPDATE users SET session='$session' WHERE username='$username'");
$cookie = $token."-".$session;
setcookie('auth', $cookie, time()+3600);
header("location:?page=user");
}
else {
echo "Login invalid";
}
?>