Jump to content

[SOLVED] user/password cookies being remember on only 1 page

scarhand

By scarhand
in PHP Coding Help

 Share

Recommended Posts

scarhand Advanced Member

scarhand

Posted
Posted

this is rediculous, my cookies are being remembered for the forgot password reset page, but no other page

 

heres my code for the session.php that is on top of all php files:

 

<?php

if (isset($_POST['luser'])) // has the header login form been posted?
{
  foreach ($_POST as $field => $value)
    $$field = htmlspecialchars(trim($value), ENT_QUOTES);
    
  $lpassmd5 = md5($lpass);

  if (mysql_result(mysql_query("select count(*) from users where username='$luser' and password='$lpassmd5'"), 0) != 0)
  {
    $_SESSION['username'] = $luser;
    $_SESSION['password'] = $lpassmd5;
    
    setcookie('username', $luser, time() + (365 * 24 * 60 * 60));
    setcookie('password', $lpassmd5, time() + (365 * 24 * 60 * 60));
  }
  else
  {
    $lerror = 'Invalid username and/or password';
  }
}
else
{
  $luser = 'Username';
  $lpass = 'Password';
}

if (isset($_SESSION['username']))
{
  $cuser = $_SESSION['username'];
  $cpass = $_SESSION['password'];
}
else if (isset($_COOKIE['username']))
{
  $cuser = $_COOKIE['username'];
  $cpass = $_COOKIE['password'];  
}

$loggedin = false;

if (isset($cuser))
{
  $sql = mysql_query("select * from users where username='$cuser' and password='$cpass'");

  if (mysql_num_rows($sql) != 0)
  {
    while ($row = mysql_fetch_assoc($sql))
    {
      $myid = $row['id'];
      $myusername = $row['username'];
      $mypassword = $row['username'];
      $mypoints = $row['points'];
      
      $loggedin = true;
    }
  }
}

?>

 

heres my code for the forgot password reset page:

 

<?php

if ($loggedin)
  header("Location: $url");

$id = $_GET['id'];
$hash = $_GET['hash'];

if (mysql_result(mysql_query("select count(*) from users where id='$id' and forgotpass='$hash'"), 0) != 0)
{
  $newpass = substr($hash, 2, 5);
  $newpassmd5 = md5($newpass);
  $forgotpass = md5($newpassmd5);
  
  mysql_query("update users set password='$newpassmd5', forgotpass='$forgotpass' where id='$id'");
}
else
{
  die('problem');
}

?>

Link to comment
Share on other sites
scarhand Advanced Member

scarhand

Posted
  • Author
Posted

keep in mind that the forgot pass reset page is being access AFTER i have visited this page:

 

<?php

if (!$loggedin)
  header("Location: $url");

session_destroy();
setcookie('username', '', time() - 1);
setcookie('password', '', time() - 1);

?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.