Jump to content

[SOLVED] user/password cookies being remember on only 1 page


scarhand

Recommended Posts

this is rediculous, my cookies are being remembered for the forgot password reset page, but no other page

 

heres my code for the session.php that is on top of all php files:

 

<?php

if (isset($_POST['luser'])) // has the header login form been posted?
{
  foreach ($_POST as $field => $value)
    $$field = htmlspecialchars(trim($value), ENT_QUOTES);
    
  $lpassmd5 = md5($lpass);

  if (mysql_result(mysql_query("select count(*) from users where username='$luser' and password='$lpassmd5'"), 0) != 0)
  {
    $_SESSION['username'] = $luser;
    $_SESSION['password'] = $lpassmd5;
    
    setcookie('username', $luser, time() + (365 * 24 * 60 * 60));
    setcookie('password', $lpassmd5, time() + (365 * 24 * 60 * 60));
  }
  else
  {
    $lerror = 'Invalid username and/or password';
  }
}
else
{
  $luser = 'Username';
  $lpass = 'Password';
}

if (isset($_SESSION['username']))
{
  $cuser = $_SESSION['username'];
  $cpass = $_SESSION['password'];
}
else if (isset($_COOKIE['username']))
{
  $cuser = $_COOKIE['username'];
  $cpass = $_COOKIE['password'];  
}

$loggedin = false;

if (isset($cuser))
{
  $sql = mysql_query("select * from users where username='$cuser' and password='$cpass'");

  if (mysql_num_rows($sql) != 0)
  {
    while ($row = mysql_fetch_assoc($sql))
    {
      $myid = $row['id'];
      $myusername = $row['username'];
      $mypassword = $row['username'];
      $mypoints = $row['points'];
      
      $loggedin = true;
    }
  }
}

?>

 

heres my code for the forgot password reset page:

 

<?php

if ($loggedin)
  header("Location: $url");

$id = $_GET['id'];
$hash = $_GET['hash'];

if (mysql_result(mysql_query("select count(*) from users where id='$id' and forgotpass='$hash'"), 0) != 0)
{
  $newpass = substr($hash, 2, 5);
  $newpassmd5 = md5($newpass);
  $forgotpass = md5($newpassmd5);
  
  mysql_query("update users set password='$newpassmd5', forgotpass='$forgotpass' where id='$id'");
}
else
{
  die('problem');
}

?>

keep in mind that the forgot pass reset page is being access AFTER i have visited this page:

 

<?php

if (!$loggedin)
  header("Location: $url");

session_destroy();
setcookie('username', '', time() - 1);
setcookie('password', '', time() - 1);

?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.