Jump to content

madson_gr

New Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by madson_gr

  1. when I type a code to return me the username at the top to confirm what user is logged in, I get no user/username this is profile.php <?php include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; sec_session_start(); ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Profile</title> <link rel="stylesheet" type="text/css" href="styles/main.css"> <script src="js/valida_cpf_cnpj.js"></script> </head> <body> <div class="main"> <header></header> <p class="div_evento"> Hello, <?php echo htmlentities($_SESSION['username']); ?>!</p> <div class="content"> <?php if (login_check($mysqli) == true) : ?> <form action="reg_profiles.php" method="post" class="registration" enctype="multipart/form-data"> <legend>Complete seu cadastro</legend> <fieldset> <label>Nome</label><br/> <input type="text" name="nome" required /><br/> <label>Sobrenome</label><br/> <input type="text" name="sobrenome" required /><br/> <label>Telefone</label><br/> <input type="text" name="telefone" required /><br/> <label>Celular/Whatsapp</label><br/> <input type="text" name="cel_wts" required /><br/> <label>Rua</label><br/> <input type="text" name="rua" required /><br/> <label>Número</label><br/> <input type="text" name="numero" required /><br/> <label>Bairro</label><br/> <input type="text" name="bairro" required /><br/> <label>Cidade</label><br/> <input type="text" name="cidade" required /><br/> <label>Estado</label><br/> <input type="text" name="estado" required /><br/> <label>País</label><br/> <input type="text" name="pais" required /><br/> <label>CPF/CNPJ</label><br/> <input type="text" name="cpf_cnpj" onkeypress='mascaraMutuario(this,cpfCnpj)' onblur='clearTimeout()' required /><br/> <label>Casa de Eventos</label><br/> <input type="text" name="casa" required /><br/> <label>Cargo Administrativo</label><br/> <input type="text" name="cargo" /><br/> <input type="submit" name="Enviar" value="Enviar" class="registerBtn" /> </fieldset> </form> </div> <!--end content--> <?php else : ?> <p> <span class="error">You don´t have permission to see this page.</span> Please <a href="index.php">login</a>. </p> <?php endif; ?> <footer class="footer" id="footer"> <span class="copyright">©Copyright 2015</span> <span class="linkHD"> <a href="http://www.habitodigital.com" title="Hábito Digital" target="_blank">www.habitodigital.com</a> </span> </footer> </div> <!--end main--> </body> </html> functions.php <?php include_once 'psl-config.php'; function sec_session_start() { $session_name = 'sec_session_id'; $secure = false; // stops JavaScript access. $httponly = true; // force cookies if (ini_set('session.use_only_cookies', 1) === FALSE) { header("Location: ../error.php?err=Could not initiate a safe session (ini_set)"); exit(); } $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); session_name($session_name); session_start(); // init session session_regenerate_id(); // recover session } function login($email, $password, $mysqli) { if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) { $stmt->bind_param('s', $email); // Relaciona "$email" ao parâmetro. $stmt->execute(); // Executa a tarefa estabelecida. $stmt->store_result(); $stmt->bind_result($user_id, $username, $db_password, $salt); $stmt->fetch(); $password = hash('sha512', $password . $salt); if ($stmt->num_rows == 1) { if (checkbrute($user_id, $mysqli) == true) { return false; } else { if ($db_password == $password) { // correct passwrd $user_browser = $_SERVER['HTTP_USER_AGENT']; $user_id = preg_replace("/[^0-9]+/", "", $user_id); $_SESSION['user_id'] = $user_id; $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); $_SESSION['username'] = $username; $_SESSION['login_string'] = hash('sha512', $password . $user_browser); // login success return true; } else { // wrong passw $now = time(); $mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id', '$now')"); return false; } } } else { // user does not exist return false; } } } function checkbrute($user_id, $mysqli) { $now = time(); $valid_attempts = $now - (2 * 60 * 60); if ($stmt = $mysqli->prepare("SELECT time FROM login_attempts <code><pre> WHERE user_id = ? AND time > '$valid_attempts'")) { $stmt->bind_param('i', $user_id); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows > 5) { return true; } else { return false; } } } function login_check($mysqli) { if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) { $user_id = $_SESSION['user_id']; $login_string = $_SESSION['login_string']; $username = $_SESSION['username']; $user_browser = $_SERVER['HTTP_USER_AGENT']; if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { // Atribui "$user_id" ao parâmetro. $stmt->bind_param('i', $user_id); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if ($stmt->num_rows == 1) { $stmt->bind_result($password); $stmt->fetch(); $login_check = hash('sha512', $password . $user_browser); if ($login_check == $login_string) { // loggin success return true; } else { // loggin failed return false; } } else { // loggin failed return false; } } else { // loggin failed return false; } } else { // loggin failed return false; } } function esc_url($url) { if ('' == $url) { return $url; } $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); $strip = array('%0d', '%0a', '%0D', '%0A'); $url = (string) $url; $count = 1; while ($count) { $url = str_replace($strip, '', $url, $count); } $url = str_replace(';//', '://', $url); $url = htmlentities($url); $url = str_replace('&', '&', $url); $url = str_replace("'", ''', $url); if ($url[0] !== '/') { return ''; } else { return $url; } } ?>
  2. yes.. same 500 (internal server) error
  3. I tried all files below.that make my register system: register.php -> register_success.php (include connection, functions and redirect user to log_register.php) -> log_register.php (same code of login.php but redirect user to complete his profile through process_login_completereg.php ): process_login_completereg.php: <?php ini_set("display_errors", "1"); error_reporting(-1); include_once 'db_connect.php'; include_once 'functions.php'; sec_session_start(); if (isset($_POST['email'], $_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; // The hashed password. if (login($email, $password, $mysqli) == true) { // Login com sucesso header('Location: ../profile.php'); } else { // Falha de login header('Location: ../index.php?error=1'); } } else { echo 'Invalid Request'; } ?> after this the user is redirected to profile.php to complete his informations. This is the part where I get the message that "You don't have permission....", asking me to login (again).
  4. I did like you said...right after the first <?php ... Tried after connection too and I get the same error... The weird is that I´m not having any problems in my localhost (wamp server). My php version is 5.5 and godaddy´s version is 5.4... Is there any conflict?
  5. I agree... I just get a 500 (internal server) error page...could not see session errors....Any idea of what changes I could write?
  6. Hi, I have a login/register system based on this tutorial: http://pt.wikihow.com/Criar-um-Script-de-Login-Seguro-em-PHP-e-MySQL In my localhost everything works fine. When I uploaded it to godaddy servers, I can register the new user but I cannot login into the users' pages. It looks like password or salt does not match, or after compare login data, it´s telling me the message: You don´t have permission to see this page, please login. Do you have any idea of what might be? Godaddy support told me they cannot help. They just fix their own services. Thanks in advance.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.