Jump to content

Login script problems


arbitter

Recommended Posts

Hi there

 

I am having some issues with my site login. When a user logs in, it loads the page as a logged in user. But often when you click on a link inside the page, for some reason the user is logged out. After logging in again it sometimes does work, it's weird..

Also, even if you keep the page loaded in the browser yet you don't interact with it for a couple of minutes, and you click something, you're logged out again..

Here's my code, this is on the top of the page. When a user logs in, the $_POST['login'] is set.

 

<?php
session_start();
setlocale(LC_ALL, 'nl_NL');
require_once('mysql_connect.inc.php');
date_default_timezone_set('Europe/Brussels');
$verbinding = mysql_connect(MYSQL_SERVER, MYSQL_GEBRUIKERSNAAM, MYSQL_WACHTWOORD) or die("Connection failed: " . mysql_error());
function CleanMyDirtyData($dirtydata){
	return mysql_real_escape_string(htmlentities($dirtydata, ENT_QUOTES,'UTF-8'));
}
if(isset($_COOKIE['LoginCookie'])){
$hash = mysql_real_escape_string($_COOKIE['LoginCookie']);
mysql_select_db('db');
$sql = "SELECT * FROM leden WHERE cookie_hash = '".$hash."'";
if($result = mysql_query($sql)){
	$row = mysql_fetch_array($result);
	if(empty($row)){
		setcookie('LoginCookie','',time()-3600);
	}
	if(mysql_num_rows($result) == 1){
		$_SESSION['loggedin'] = true;//this is the parameter throughout the site that determines wether to show logged in data or not-logged in data.
		//extra parameters for identification
		$_SESSION['loggedinnick'] = $row['nick'];
		$_SESSION['loggedinvoornaam'] = $row['voornaam'];
		$_SESSION['loggedinachternaam'] =  $row['achternaam'];
		$_SESSION['loggedinid'] = $row['id'];
		$_SESSION['loggedintype'] = $row['type'];
	}
}
}
if(isset($_POST['login'])){
if(empty($_POST['username']) || empty($_POST['wachtwoord'])){
	$_SESSION['melding'] = "You need to fill in both fields.";
	header('Location: index.php');
	exit();
}
$username = CleanMyDirtyData($_POST['username']);
$wachtwoord = sha1(CleanMyDirtyData($_POST['wachtwoord']));
mysql_select_db('db');
$sqlmail = mysql_query("SELECT * FROM leden WHERE email='$username' AND wachtwoord = '$wachtwoord'");
$sqlnaam = mysql_query("SELECT * FROM leden WHERE nick='$username' AND wachtwoord = '$wachtwoord'");
if(mysql_num_rows($sqlmail) == 1 || mysql_num_rows($sqlnaam) == 1){
	if(mysql_num_rows($sqlmail) == 1){
		$row = mysql_fetch_array($sqlmail);
	}else{
		$row = mysql_fetch_array($sqlnaam);
	}
	if(isset($_POST['remember'])){
		$hash = sha1($whatev);//combination of 3 parameters; time, salt, and something else.
		setcookie('LoginCookie',$hash,time()+30000000);
		mysql_query("UPDATE leden SET cookie_hash='" . $hash . "' WHERE id='" . $row['id'] . "'")or die(mysql_error());
	}
	$_SESSION['loggedin'] = true;
	$_SESSION['loggedinnick'] = $row['nick'];
	$_SESSION['loggedinvoornaam'] = $row['voornaam'];
	$_SESSION['loggedinachternaam'] = $row['achternaam'];
	$_SESSION['loggedinid'] = $row['id'];
	$_SESSION['loggedintype'] = $row['type'];
	$_SESSION['melding'] = "You have successfully logged in.";
	header('Location: index.php');
	exit();
}else{
	$_SESSION['melding'] = "Wrong combination.";
	header('Location: index.php');
	exit();
}
}
?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.