scarhand Posted July 4, 2009 Share Posted July 4, 2009 this is rediculous, my cookies are being remembered for the forgot password reset page, but no other page heres my code for the session.php that is on top of all php files: <?php if (isset($_POST['luser'])) // has the header login form been posted? { foreach ($_POST as $field => $value) $$field = htmlspecialchars(trim($value), ENT_QUOTES); $lpassmd5 = md5($lpass); if (mysql_result(mysql_query("select count(*) from users where username='$luser' and password='$lpassmd5'"), 0) != 0) { $_SESSION['username'] = $luser; $_SESSION['password'] = $lpassmd5; setcookie('username', $luser, time() + (365 * 24 * 60 * 60)); setcookie('password', $lpassmd5, time() + (365 * 24 * 60 * 60)); } else { $lerror = 'Invalid username and/or password'; } } else { $luser = 'Username'; $lpass = 'Password'; } if (isset($_SESSION['username'])) { $cuser = $_SESSION['username']; $cpass = $_SESSION['password']; } else if (isset($_COOKIE['username'])) { $cuser = $_COOKIE['username']; $cpass = $_COOKIE['password']; } $loggedin = false; if (isset($cuser)) { $sql = mysql_query("select * from users where username='$cuser' and password='$cpass'"); if (mysql_num_rows($sql) != 0) { while ($row = mysql_fetch_assoc($sql)) { $myid = $row['id']; $myusername = $row['username']; $mypassword = $row['username']; $mypoints = $row['points']; $loggedin = true; } } } ?> heres my code for the forgot password reset page: <?php if ($loggedin) header("Location: $url"); $id = $_GET['id']; $hash = $_GET['hash']; if (mysql_result(mysql_query("select count(*) from users where id='$id' and forgotpass='$hash'"), 0) != 0) { $newpass = substr($hash, 2, 5); $newpassmd5 = md5($newpass); $forgotpass = md5($newpassmd5); mysql_query("update users set password='$newpassmd5', forgotpass='$forgotpass' where id='$id'"); } else { die('problem'); } ?> Quote Link to comment Share on other sites More sharing options...
scarhand Posted July 4, 2009 Author Share Posted July 4, 2009 keep in mind that the forgot pass reset page is being access AFTER i have visited this page: <?php if (!$loggedin) header("Location: $url"); session_destroy(); setcookie('username', '', time() - 1); setcookie('password', '', time() - 1); ?> Quote Link to comment Share on other sites More sharing options...
scarhand Posted July 4, 2009 Author Share Posted July 4, 2009 nevermind i had to clear my ie8 cache because it stacked when i was working on things it works fine Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.