Jump to content

Annoying Session/cookie login glitch

aarchaic

By aarchaic
in PHP Coding Help

 Share

Recommended Posts

aarchaic Newbie

aarchaic

Posted
Posted

Hello

 

I'm busy building my own website and want to make it more interactive so people can join the site send each other messages look at photos and so.

 

what i've done so far is created a database with a useraccounts table.

 

in this table i have 3 fields i use for authentication for the site.

 

these fields is: Email; Password, Token

 

The code works great that i got so far it registers in the database it authenticates the lot but the problem thats been keeping me busy for the last day and half is the session and cookie logon.

 

my login page has a option with "Remember me" check box. if i logon using the check box it keeps me signed in and working as i want but as soon as i log out and log back in with out the remember me check box clicked and i close the page or the browser it logs me back in and for some reason in my life i cant get it to loose that session data that it will not log in.

 

heres my code that i've done...

 

login.php

<?php
session_start(); 
include("includes/database.php");
$today=date("Y-m-d");
if(isset($_POST['aanteken'])) { //checks forms been submitted
		$gebruiker=$_POST['gebruiker'];
		$wagwoord=$_POST['wagwoord'];

		if(strlen($gebruiker) < 1){ //checks if email address been enter
			$error="Please enter your Email Address.";
			unset($_POST['gebruiker']);

		} elseif (strlen($wagwoord) < 1){ //checks if password been enter
				$error="Please enter your Password.";
				unset($_POST['wagwoord']);
		} 
		else 
		{
			$query=("select * from useraccounts where email='$gebruiker' LIKE 'a%';"); //checks if email does exist in database
			$result=mysql_query($query);
			if( mysql_numrows($result) < 1 ) {
				$error="Email/Password error try again.";

				} 
				else 
				{ 
					$md5pass=md5($wagwoord); // encrypts password
					$query=("select * from useraccounts where password='$md5pass' and email='$gebruiker' LIKE 'a%';"); // checks if email address and password match
					$result=mysql_query($query);
					if( mysql_numrows($result) < 1 ) {
						$error="Email/Password error try again.";

						} 
						else 
						{ 
							$token="$gebruiker.$today"; // makes a unique token for logging in
							$token=md5($token); // md5 encryption on unique token
							if(isset($_POST['onthou'])) { // checks if remember me have been checked 
								$wagwoord=md5($wagwoord); // md5 encryption password
								$query=("update useraccounts set token='$token', last_login='$today' where email='$gebruiker';"); // updates token and last login date
								mysql_query($query);
								// sets cookie data
								setcookie("nlgebruiker", $gebruiker, time()+60*60*24*100, "/");
								setcookie("nlwagwoord", $wagwoord, time()+60*60*24*100, "/");
								setcookie("nltoken", $token, time()+60*60*24*100, "/");
								header("location:userpanel.php"); // changes page to user info

								} 
								else 
								{   // sets session data if remember me not been set.
									$query=("update useraccounts set token='$token', last_login='$today' where email='$gebruiker';"); // updates token and last login date
									mysql_query($query);
									// sets session info
									$_SESSION['nlemail'] = $gebruiker;
									$_SESSION['nlpassword'] = $md5pass;
									$_SESSION['nltoken'] = $token;
									header("location:userpanel.php"); // changes page to user info
								}
							}
						}
					}
				}
?>

<link href="css/ANstyle.css" rel="stylesheet" type="text/css">
<div id="useraccess">
<table align="center" height="250" border="0" width="275">
	<form method="post" action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>">
        <tr><td colspan="2" height="36"><img src="gfx/register.jpg"></td></tr>
        <tr><td colspan="2" align="center"><?php echo $error; ?></td></tr>
        <tr><td colspan="2" align="center"> </td></tr>
        <tr><td>Email:</td><td ><input type="text" name="gebruiker" size="28" value="<?php echo $_POST['gebruiker']; ?>"></td></tr>
        <tr><td>Password:</td><td><input type="password" name="wagwoord" size="28"></td></tr>
        <tr><td align="right"><input type="checkbox" name="onthou" <?php if(isset($_POST['onthou'])) { echo "checked";} ?> ></td><td align="center">Remember me next time.</td></tr>
        <tr><td colspan="2" align="center"><input name="aanteken" type="submit" value="Login"></td></tr>
      	<tr><td colspan="2" align="center"><a href="register.php" target="_top" name="register"</a></td>
      	</tr>
        </form>
    </table>    
</div>

 

That links to userpanel.php and the i included the logged.php to check the login status.

<?php
session_start();
include("includes/database.php");
include('logged.php');

?>
<html code continues.....>

 

 

the logged.php looks like this

<?php
	//Checks if cookies been set
	if (isset($_COOKIE['nlgebruiker']) && isset($_COOKIE['nlwagwoord']) && isset($_COOKIE['nltoken'])){
		$_SESSION['nlemail']=$_COOKIE['nlgebruiker'];
		$_SESSION['nlpassword']=$_COOKIE['nlwagwoord'];
		$_SESSION['nltoken']=$_COOKIE['nltoken'];
		}
	// test the if Session or cookie data is valid
	if (isset($_SESSION['nlemail']) && isset($_SESSION['nlpassword']) && isset($_SESSION['nltoken'])){
			$user=$_SESSION['nlemail'];
			$pass=$_SESSION['nlpassword'];
			$token=$_SESSION['nltoken'];
			$query=("select * from useraccounts where email='$user' and password='$pass' and token='$token';");
			$results=mysql_query($query);
			if ( mysql_numrows($results) <> 1 ) { //test if data is valid 
				//unsets info and redirect back to the logon page.
				unset($_SESSION['nlemail']);
   					unset($_SESSION['nlpassword']);
			    unset($_SESSION['nltoken']);
			    $_SESSION = array(); // reset session array
			    session_destroy();   // destroy session.
			    header('location: login.php');
				}
		}
?>

 

if anybody can help me with this i would be grateful!!

Link to comment
Share on other sites
jackpf Member

jackpf

Posted
Posted

Hmm...well, have a look at the cookie information and see when it expires. If it's set to "end of session" or something, then there's not really much you can do with the cookie.

 

If you want to log people out after a certain amount of inactivity, you can do so if you log each page visit in a db.

Link to comment
Share on other sites
aarchaic Newbie

aarchaic

Posted
  • Author
Posted

I manage to sort the problem out!!!

 

i just had to add a extra 2 lines to the logged.php code this is how it looks....

 

<?php
	//Checks if cookies been set
	if (isset($_COOKIE['nlgebruiker']) && isset($_COOKIE['nlwagwoord']) && isset($_COOKIE['nltoken'])){
		$_SESSION['nlemail']=$_COOKIE['nlgebruiker'];
		$_SESSION['nlpassword']=$_COOKIE['nlwagwoord'];
		$_SESSION['nltoken']=$_COOKIE['nltoken'];
		}
	// test the if Session or cookie data is valid
	if ((strlen($_SESSION['nlemail']) == 0) or (strlen($_SESSION['nlpassword']) == 0) or (strlen($_SESSION['nltoken']) == 0)){
		header('location: login.php'); 
	} else { if (isset($_SESSION['nlemail']) && isset($_SESSION['nlpassword']) && isset($_SESSION['nltoken'])){
			$user=$_SESSION['nlemail'];
			$pass=$_SESSION['nlpassword'];
			$token=$_SESSION['nltoken'];
			$query=("select * from useraccounts where email='$user' and password='$pass' and token='$token';");
			$results=mysql_query($query);
			if ( mysql_numrows($results) <> 1 ) { //test if data is valid 
				//unsets info and redirect back to the logon page.
				unset($_SESSION['nlemail']);
   					unset($_SESSION['nlpassword']);
			    unset($_SESSION['nltoken']);
			    $_SESSION = array(); // reset session array
			    session_destroy();   // destroy session.
			    header('location: login.php');
				}
		}}

?>

 

Thanks for your input Jackpf

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.