Jump to content

Recommended Posts

<p>Hi, I'm setting cookies and sessions in my script and calling on them later but my code doesn't seem to be working as I intended.

What I want to do is keep the user logged in with sessions and cookies but it is not working, why won't it work and how can I fix this? D:.

 

Code(Includes some JS):

 

 

 

connect.php:

<?php
define("HOST", "localhost");
define("USER", "mrdare360");
define("PASSWORD", "VfFtj6P9e97hwBbdpwpPgrPE");
define("DATABASE", "loginscript");


$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
?>

 

functions.php:

<?php

function sec_session_start() {
$session_name = "loginscript_session_name";
$secure = false;
$httponly = true;


ini_set("session.use_only_cookies", 1);
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], $secure, $httponly);
session_start();
session_regenerate_id();
}


function login($email, $password, $mysqli) {
if($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) {
$stmt->bind_param("i", $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($user_id, $username, $db_password, $salt);
$stmt->fetch();
$password = hash("sha512", $password.$salt);


if($stmt->num_rows == 1) {
if(checkbrute($user_id, $mysqli) == true) {
 return false;
} else {
 if($password == $db_password) {
 $ip_address = $_SERVER['REMOTE_ADDR'];
 $user_browser = $_SERVER['HTTP_USER_AGENT'];
 $user_id = preg_replace("/[^0-9]+/", $user_id);
 $_SESSION['loginscript_user_id_session'] = $user_id;
 $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
 $_SESSION['loginscript_username_session'] = $username;
 $_SESSION['loginscript_login_string_session'] = hash("sha512", $password.$ip_address.$user_browser);
 $_SESSION['loginscript_email_session'] = $email;


 setcookie("loginscript_email_cookie", $email, time()+60*60*24*100, '/');
 setcookie("loginscript_user_id_cookie", $user_id, time()+60*60*24*100, '/');
 setcookie("loginscript_login_string_cookie", hash("sha512", $password.$ip_address.$user_browser), time()+60*60*24*100, '/');
 setcookie("loginscript_username_cookie", $username, time()+60*60*24*100, '/');


 return true;
 } else {
 $now = time();
 $mysqli->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
 return false;
 }
}
} else {
return false;
}
} else {
return false;
}
}


function checkbrute($user_id, $mysqli) {
$now = time();
$valid_attempts = $now - (2*60*60);


if($stmt = $mysqli->prepare("SELECT time FROM valid_attempts WHERE user_id = ? AND time > '$valid_attempts'")) {
$stmt->bind_param("i", $user_id);
$stmt->execute();
$stmt->store_result();


if($stmt->num_rows >= 5) {
return true;
} else {
return false;
}
}
}


function is_logged_in($mysqli) {


if(isset($_SESSION['loginscript_user_id_session'], $_SESSION['loginscript_username_session'], $_SESSION['loginscript_email_session'], $_SESSION['loginscript_login_string_session'])) {
$session_email = $_SESSION['loginscript_email_session'];
$session_login_string = $_SESSION['loginscript_login_string_session'];
$session_id = $_SESSION['loginscript_user_id_session'];


if($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? AND email = ? LIMIT 1")) {
$stmt->bind_param("is", $session_id, $session_email);
$stmt->execute();
$stmt->store_result();


if($stmt->num_rows == 1) {
 $stmt->bind_result($password);
 $stmt->fetch();
 $login_check = hash("sha512", $password.$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);


 if($login_check == $session_login_string) {
 return true;
 } else {
 return false;
 }
} else {
 return false;
}
} else {
return false;
}
} else if(isset($_COOKIE['loginscript_user_id_cookie'], $_COOKIE['loginscript_username_cookie'], $_COOKIE['loginscript_email_cookie'], $_COOKIE['loginscript_login_string_cookie'])) {
$session_email = $_COOKIE['loginscript_email_cookie'];
$session_login_string = $_COOKIE['loginscript_login_string_cookie'];
$session_id = $_COOKIE['loginscript_user_id_cookie'];


if($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? AND email = ? LIMIT 1")) {
$stmt->bind_param("is", $session_id, $session_email);
$stmt->execute();
$stmt->store_result();


if($stmt->num_rows == 1) {
 $stmt->bind_result($password);
 $stmt->fetch();
 $login_check = hash("sha512", $password.$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);


 if($login_check == $session_login_string) {
 return true;
 } else {
 return false;
 }
} else {
 return false;
}
} else {
return false;
}
} else {
return false;
}
}
?>

 

login.php:

<?php
include("connect.php");
include("functions.php");


sec_session_start();


if(isset($_POST['email'], $_POST['p'])) {
$email = $_POST['email'];
$password = $_POST['p'];


if(login($email, $password, $mysqli) == true) {
header("Location: ../home.php");
die();
} else {
header("Location: ../error.php?error=Could not login! Account is either suspended or you entered incorrect credentials! Redirecting in 5 seconds!");
die();
}
} else {
header("Location: ../error.php?error=Invalid request! Redirecting in 5 seconds!");
die();
}
?>

 

logout.php:

<?php
include("functions.php");
sec_session_start();


$_SESSION = array();
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 60*60*24*100, $params["path"], $params["domain"], $params["secure"], $params["httponly"]); #Delete the cookie


$_COOKIE = array();
setcookie("loginscript_user_id_cookie", "", time() - 60*60*24*100, "/");
setcookie("loginscript_username_cookie", "", time() - 60*60*24*100, "/");
setcookie("loginscript_login_string_cookie", "", time() - 60*60*24*100, "/");
setcookie("loginscript_email_cookie", "", time() - 60*60*24*100, "/");


session_destroy();
header("Location: ../index.php");
?>

 

sha512,js:

/*
* A Javascript implementation of the Secure Hash Algorithm, SHA-512, as defined
* in FIPS 180-2
* Version 2.2 Copyright Anonymous Contributor, Paul Johnston 2000 - 2009.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* Distributed under the BSD License
* See http://pajhome.org.uk/crypt/md5 for details.
*/


/*
* Configurable variables. You may need to tweak these to be compatible with
* the server-side, but the defaults work in most cases.
*/
var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */


/*
* These are the functions you'll usually want to call
* They take string arguments and return either hex or base-64 encoded strings
*/
function hex_sha512(s) { return rstr2hex(rstr_sha512(str2rstr_utf8(s))); }
function b64_sha512(s) { return rstr2b64(rstr_sha512(str2rstr_utf8(s))); }
function any_sha512(s, e) { return rstr2any(rstr_sha512(str2rstr_utf8(s)), e);}
function hex_hmac_sha512(k, d)
{ return rstr2hex(rstr_hmac_sha512(str2rstr_utf8(k), str2rstr_utf8(d))); }
function b64_hmac_sha512(k, d)
{ return rstr2b64(rstr_hmac_sha512(str2rstr_utf8(k), str2rstr_utf8(d))); }
function any_hmac_sha512(k, d, e)
{ return rstr2any(rstr_hmac_sha512(str2rstr_utf8(k), str2rstr_utf8(d)), e);}


/*
* Perform a simple self-test to see if the VM is working
*/
function sha512_vm_test()
{
return hex_sha512("abc").toLowerCase() ==
"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a" +
"2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f";
}


/*
* Calculate the SHA-512 of a raw string
*/
function rstr_sha512(s)
{
return binb2rstr(binb_sha512(rstr2binb(s), s.length * );
}


/*
* Calculate the HMAC-SHA-512 of a key and some data (raw strings)
*/
function rstr_hmac_sha512(key, data)
{
var bkey = rstr2binb(key);
if(bkey.length > 32) bkey = binb_sha512(bkey, key.length * ;


var ipad = Array(32), opad = Array(32);
for(var i = 0; i < 32; i++)
{
ipad[i] = bkey[i] ^ 0x36363636;
opad[i] = bkey[i] ^ 0x5C5C5C5C;
}


var hash = binb_sha512(ipad.concat(rstr2binb(data)), 1024 + data.length * ;
return binb2rstr(binb_sha512(opad.concat(hash), 1024 + 512));
}


/*
* Convert a raw string to a hex string
*/
function rstr2hex(input)
{
try { hexcase } catch(e) { hexcase=0; }
var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
var output = "";
var x;
for(var i = 0; i < input.length; i++)
{
x = input.charCodeAt(i);
output += hex_tab.charAt((x >>> 4) & 0x0F)
+ hex_tab.charAt( x & 0x0F);
}
return output;
}


/*
* Convert a raw string to a base-64 string
*/
function rstr2b64(input)
{
try { b64pad } catch(e) { b64pad=''; }
var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var output = "";
var len = input.length;
for(var i = 0; i < len; i += 3)
{
var triplet = (input.charCodeAt(i) << 16)
| (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0)
| (i + 2 < len ? input.charCodeAt(i+2) : 0);
for(var j = 0; j < 4; j++)
{
if(i * 8 + j * 6 > input.length *  output += b64pad;
else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F);
}
}
return output;
}


/*
* Convert a raw string to an arbitrary string encoding
*/
function rstr2any(input, encoding)
{
var divisor = encoding.length;
var i, j, q, x, quotient;


/* Convert to an array of 16-bit big-endian values, forming the dividend */
var dividend = Array(Math.ceil(input.length / 2));
for(i = 0; i < dividend.length; i++)
{
dividend[i] = (input.charCodeAt(i * 2) <<  | input.charCodeAt(i * 2 + 1);
}


/*
* Repeatedly perform a long division. The binary array forms the dividend,
* the length of the encoding is the divisor. Once computed, the quotient
* forms the dividend for the next step. All remainders are stored for later
* use.
*/
var full_length = Math.ceil(input.length * 8 /
(Math.log(encoding.length) / Math.log(2)));
var remainders = Array(full_length);
for(j = 0; j < full_length; j++)
{
quotient = Array();
x = 0;
for(i = 0; i < dividend.length; i++)
{
x = (x << 16) + dividend[i];
q = Math.floor(x / divisor);
x -= q * divisor;
if(quotient.length > 0 || q > 0)
quotient[quotient.length] = q;
}
remainders[j] = x;
dividend = quotient;
}


/* Convert the remainders to the output string */
var output = "";
for(i = remainders.length - 1; i >= 0; i--)
output += encoding.charAt(remainders[i]);


return output;
}


/*
* Encode a string as utf-8.
* For efficiency, this assumes the input is valid utf-16.
*/
function str2rstr_utf8(input)
{
var output = "";
var i = -1;
var x, y;


while(++i < input.length)
{
/* Decode utf-16 surrogate pairs */
x = input.charCodeAt(i);
y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0;
if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF)
{
x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF);
i++;
}


/* Encode output as utf-8 */
if(x <= 0x7F)
output += String.fromCharCode(x);
else if(x <= 0x7FF)
output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F),
0x80 | ( x & 0x3F));
else if(x <= 0xFFFF)
output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F),
0x80 | ((x >>> 6 ) & 0x3F),
0x80 | ( x & 0x3F));
else if(x <= 0x1FFFFF)
output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07),
0x80 | ((x >>> 12) & 0x3F),
0x80 | ((x >>> 6 ) & 0x3F),
0x80 | ( x & 0x3F));
}
return output;
}


/*
* Encode a string as utf-16
*/
function str2rstr_utf16le(input)
{
var output = "";
for(var i = 0; i < input.length; i++)
output += String.fromCharCode( input.charCodeAt(i) & 0xFF,
(input.charCodeAt(i) >>>  & 0xFF);
return output;
}


function str2rstr_utf16be(input)
{
var output = "";
for(var i = 0; i < input.length; i++)
output += String.fromCharCode((input.charCodeAt(i) >>>  & 0xFF,
input.charCodeAt(i) & 0xFF);
return output;
}


/*
* Convert a raw string to an array of big-endian words
* Characters >255 have their high-byte silently ignored.
*/
function rstr2binb(input)
{
var output = Array(input.length >> 2);
for(var i = 0; i < output.length; i++)
output[i] = 0;
for(var i = 0; i < input.length * 8; i += 
output[i>>5] |= (input.charCodeAt(i /  & 0xFF) << (24 - i % 32);
return output;
}


/*
* Convert an array of big-endian words to a string
*/
function binb2rstr(input)
{
var output = "";
for(var i = 0; i < input.length * 32; i += 
output += String.fromCharCode((input[i>>5] >>> (24 - i % 32)) & 0xFF);
return output;
}


/*
* Calculate the SHA-512 of an array of big-endian dwords, and a bit length
*/
var sha512_k;
function binb_sha512(x, len)
{
if(sha512_k == undefined)
{
//SHA512 constants
sha512_k = new Array(
new int64(0x428a2f98, -685199838), new int64(0x71374491, 0x23ef65cd),
new int64(-1245643825, -330482897), new int64(-373957723, -2121671748),
new int64(0x3956c25b, -213338824), new int64(0x59f111f1, -1241133031),
new int64(-1841331548, -1357295717), new int64(-1424204075, -630357736),
new int64(-670586216, -1560083902), new int64(0x12835b01, 0x45706fbe),
new int64(0x243185be, 0x4ee4b28c), new int64(0x550c7dc3, -704662302),
new int64(0x72be5d74, -226784913), new int64(-2132889090, 0x3b1696b1),
new int64(-1680079193, 0x25c71235), new int64(-1046744716, -815192428),
new int64(-459576895, -1628353838), new int64(-272742522, 0x384f25e3),
new int64(0xfc19dc6, -1953704523), new int64(0x240ca1cc, 0x77ac9c65),
new int64(0x2de92c6f, 0x592b0275), new int64(0x4a7484aa, 0x6ea6e483),
new int64(0x5cb0a9dc, -1119749164), new int64(0x76f988da, -2096016459),
new int64(-1740746414, -295247957), new int64(-1473132947, 0x2db43210),
new int64(-1341970488, -1728372417), new int64(-1084653625, -1091629340),
new int64(-958395405, 0x3da88fc2), new int64(-710438585, -1828018395),
new int64(0x6ca6351, -536640913), new int64(0x14292967, 0xa0e6e70),
new int64(0x27b70a85, 0x46d22ffc), new int64(0x2e1b2138, 0x5c26c926),
new int64(0x4d2c6dfc, 0x5ac42aed), new int64(0x53380d13, -1651133473),
new int64(0x650a7354, -1951439906), new int64(0x766a0abb, 0x3c77b2a8),
new int64(-2117940946, 0x47edaee6), new int64(-1838011259, 0x1482353b),
new int64(-1564481375, 0x4cf10364), new int64(-1474664885, -1136513023),
new int64(-1035236496, -789014639), new int64(-949202525, 0x654be30),
new int64(-778901479, -688958952), new int64(-694614492, 0x5565a910),
new int64(-200395387, 0x5771202a), new int64(0x106aa070, 0x32bbd1b8),
new int64(0x19a4c116, -1194143544), new int64(0x1e376c08, 0x5141ab53),
new int64(0x2748774c, -544281703), new int64(0x34b0bcb5, -509917016),
new int64(0x391c0cb3, -976659869), new int64(0x4ed8aa4a, -482243893),
new int64(0x5b9cca4f, 0x7763e373), new int64(0x682e6ff3, -692930397),
new int64(0x748f82ee, 0x5defb2fc), new int64(0x78a5636f, 0x43172f60),
new int64(-2067236844, -1578062990), new int64(-1933114872, 0x1a6439ec),
new int64(-1866530822, 0x23631e28), new int64(-1538233109, -561857047),
new int64(-1090935817, -1295615723), new int64(-965641998, -479046869),
new int64(-903397682, -366583396), new int64(-779700025, 0x21c0c207),
new int64(-354779690, -840897762), new int64(-176337025, -294727304),
new int64(0x6f067aa, 0x72176fba), new int64(0xa637dc5, -1563912026),
new int64(0x113f9804, -1090974290), new int64(0x1b710b35, 0x131c471b),
new int64(0x28db77f5, 0x23047d84), new int64(0x32caab7b, 0x40c72493),
new int64(0x3c9ebe0a, 0x15c9bebc), new int64(0x431d67c4, -1676669620),
new int64(0x4cc5d4be, -885112138), new int64(0x597f299c, -60457430),
new int64(0x5fcb6fab, 0x3ad6faec), new int64(0x6c44198c, 0x4a475817));
}


//Initial hash values
var H = new Array(
new int64(0x6a09e667, -205731576),
new int64(-1150833019, -2067093701),
new int64(0x3c6ef372, -23791573),
new int64(-1521486534, 0x5f1d36f1),
new int64(0x510e527f, -1377402159),
new int64(-1694144372, 0x2b3e6c1f),
new int64(0x1f83d9ab, -79577749),
new int64(0x5be0cd19, 0x137e2179));


var T1 = new int64(0, 0),
T2 = new int64(0, 0),
a = new int64(0,0),
b = new int64(0,0),
c = new int64(0,0),
d = new int64(0,0),
e = new int64(0,0),
f = new int64(0,0),
g = new int64(0,0),
h = new int64(0,0),
//Temporary variables not specified by the document
s0 = new int64(0, 0),
s1 = new int64(0, 0),
Ch = new int64(0, 0),
Maj = new int64(0, 0),
r1 = new int64(0, 0),
r2 = new int64(0, 0),
r3 = new int64(0, 0);
var j, i;
var W = new Array(80);
for(i=0; i<80; i++)
W[i] = new int64(0, 0);


// append padding to the source string. The format is described in the FIPS.
x[len >> 5] |= 0x80 << (24 - (len & 0x1f));
x[((len + 128 >> 10)<< 5) + 31] = len;


for(i = 0; i<x.length; i+=32) //32 dwords is the block size
{
int64copy(a, H[0]);
int64copy(b, H[1]);
int64copy(c, H[2]);
int64copy(d, H[3]);
int64copy(e, H[4]);
int64copy(f, H[5]);
int64copy(g, H[6]);
int64copy(h, H[7]);


for(j=0; j<16; j++)
{
W[j].h = x[i + 2*j];
W[j].l = x[i + 2*j + 1];
}


for(j=16; j<80; j++)
{
//sigma1
int64rrot(r1, W[j-2], 19);
int64revrrot(r2, W[j-2], 29);
int64shr(r3, W[j-2], 6);
s1.l = r1.l ^ r2.l ^ r3.l;
s1.h = r1.h ^ r2.h ^ r3.h;
//sigma0
int64rrot(r1, W[j-15], 1);
int64rrot(r2, W[j-15], ;
int64shr(r3, W[j-15], 7);
s0.l = r1.l ^ r2.l ^ r3.l;
s0.h = r1.h ^ r2.h ^ r3.h;


int64add4(W[j], s1, W[j-7], s0, W[j-16]);
}


for(j = 0; j < 80; j++)
{
//Ch
Ch.l = (e.l & f.l) ^ (~e.l & g.l);
Ch.h = (e.h & f.h) ^ (~e.h & g.h);


//Sigma1
int64rrot(r1, e, 14);
int64rrot(r2, e, 18);
int64revrrot(r3, e, 9);
s1.l = r1.l ^ r2.l ^ r3.l;
s1.h = r1.h ^ r2.h ^ r3.h;


//Sigma0
int64rrot(r1, a, 28);
int64revrrot(r2, a, 2);
int64revrrot(r3, a, 7);
s0.l = r1.l ^ r2.l ^ r3.l;
s0.h = r1.h ^ r2.h ^ r3.h;


//Maj
Maj.l = (a.l & b.l) ^ (a.l & c.l) ^ (b.l & c.l);
Maj.h = (a.h & b.h) ^ (a.h & c.h) ^ (b.h & c.h);


int64add5(T1, h, s1, Ch, sha512_k[j], W[j]);
int64add(T2, s0, Maj);


int64copy(h, g);
int64copy(g, f);
int64copy(f, e);
int64add(e, d, T1);
int64copy(d, c);
int64copy(c, B);
int64copy(b, a);
int64add(a, T1, T2);
}
int64add(H[0], H[0], a);
int64add(H[1], H[1], B);
int64add(H[2], H[2], c);
int64add(H[3], H[3], d);
int64add(H[4], H[4], e);
int64add(H[5], H[5], f);
int64add(H[6], H[6], g);
int64add(H[7], H[7], h);
}


//represent the hash as an array of 32-bit dwords
var hash = new Array(16);
for(i=0; i<8; i++)
{
hash[2*i] = H[i].h;
hash[2*i + 1] = H[i].l;
}
return hash;
}


//A constructor for 64-bit numbers
function int64(h, l)
{
this.h = h;
this.l = l;
//this.toString = int64toString;
}


//Copies src into dst, assuming both are 64-bit numbers
function int64copy(dst, src)
{
dst.h = src.h;
dst.l = src.l;
}


//Right-rotates a 64-bit number by shift
//Won't handle cases of shift>=32
//The function revrrot() is for that
function int64rrot(dst, x, shift)
{
dst.l = (x.l >>> shift) | (x.h << (32-shift));
dst.h = (x.h >>> shift) | (x.l << (32-shift));
}


//Reverses the dwords of the source and then rotates right by shift.
//This is equivalent to rotation by 32+shift
function int64revrrot(dst, x, shift)
{
dst.l = (x.h >>> shift) | (x.l << (32-shift));
dst.h = (x.l >>> shift) | (x.h << (32-shift));
}


//Bitwise-shifts right a 64-bit number by shift
//Won't handle shift>=32, but it's never needed in SHA512
function int64shr(dst, x, shift)
{
dst.l = (x.l >>> shift) | (x.h << (32-shift));
dst.h = (x.h >>> shift);
}


//Adds two 64-bit numbers
//Like the original implementation, does not rely on 32-bit operations
function int64add(dst, x, y)
{
var w0 = (x.l & 0xffff) + (y.l & 0xffff);
var w1 = (x.l >>> 16) + (y.l >>> 16) + (w0 >>> 16);
var w2 = (x.h & 0xffff) + (y.h & 0xffff) + (w1 >>> 16);
var w3 = (x.h >>> 16) + (y.h >>> 16) + (w2 >>> 16);
dst.l = (w0 & 0xffff) | (w1 << 16);
dst.h = (w2 & 0xffff) | (w3 << 16);
}


//Same, except with 4 addends. Works faster than adding them one by one.
function int64add4(dst, a, b, c, d)
{
var w0 = (a.l & 0xffff) + (b.l & 0xffff) + (c.l & 0xffff) + (d.l & 0xffff);
var w1 = (a.l >>> 16) + (b.l >>> 16) + (c.l >>> 16) + (d.l >>> 16) + (w0 >>> 16);
var w2 = (a.h & 0xffff) + (b.h & 0xffff) + (c.h & 0xffff) + (d.h & 0xffff) + (w1 >>> 16);
var w3 = (a.h >>> 16) + (b.h >>> 16) + (c.h >>> 16) + (d.h >>> 16) + (w2 >>> 16);
dst.l = (w0 & 0xffff) | (w1 << 16);
dst.h = (w2 & 0xffff) | (w3 << 16);
}


//Same, except with 5 addends
function int64add5(dst, a, b, c, d, e)
{
var w0 = (a.l & 0xffff) + (b.l & 0xffff) + (c.l & 0xffff) + (d.l & 0xffff) + (e.l & 0xffff);
var w1 = (a.l >>> 16) + (b.l >>> 16) + (c.l >>> 16) + (d.l >>> 16) + (e.l >>> 16) + (w0 >>> 16);
var w2 = (a.h & 0xffff) + (b.h & 0xffff) + (c.h & 0xffff) + (d.h & 0xffff) + (e.h & 0xffff) + (w1 >>> 16);
var w3 = (a.h >>> 16) + (b.h >>> 16) + (c.h >>> 16) + (d.h >>> 16) + (e.h >>> 16) + (w2 >>> 16);
dst.l = (w0 & 0xffff) | (w1 << 16);
dst.h = (w2 & 0xffff) | (w3 << 16);
}

 

forms.js:

function formhash(form, password) {
var p = document.createElement("input");
form.appendChild(p);
p.name = "p";
p.type = "hidden";
p.value = hex_sha512(password.value);
password.value = "";
form.submit();
}

 

index.php:

<?php
include("scripts/connect.php");
include("scripts/functions.php");


if(is_logged_in($mysqli)) {
header("Location: home.php");
}
?>
<!DOCTYPE HTML>
<html lang="en_gb">

<head>
<meta charset="UTF-8" />
<title>Loginscript Home</title>
</head>


<body>
<script src="js/sha512.js"></script>
<script src="js/forms.js"></script>
<form action="scripts/login.php" method="post">
<input type="email" name="email" placeholder="Your Email!" />
<input type="password" name="password" placeholder="Your password!" />
<input type="submit" value="login" onclick="formhash(this.form, this.form.password);" />
</form>
</body>


</html>

 

 

 

Also, if there is some more work I could do to make this login script even more secure, please tell me :3

Edited by MrDare360
Link to comment
https://forums.phpfreaks.com/topic/272274-cookies-and-sessions-not-working/
Share on other sites

What have you done to pin down exactly at what point your code and data are doing what you expect and at what point they are not? I can guarantee that the problem lies somewhere between those two points. If all you have done is to run your code and noticed that it didn't work as expected, all you have done is to pin down that there's a problem somewhere in your code.

 

If that answer is somewhat flippant, it's because -

 

A) We cannot run your code to observe the result it produces because we don't have your database tables or data, nor do we want them,

 

B) It's unlikely that anyone is going to read through hundreds of lines of code to figure out both what it should be doing and what might be wrong with it,

 

C) Without any statement of the exact symptom or error you saw in front of you, and at what point you saw it, that leads you to believe that your code doesn't work, we don't even know the most likely place in the code to look at as a starting point.

 

So, you need to debug your own code (you are the only one here who can). You need to narrow down the problem to just one relevant section of code or one data value. Then, if you cannot find the problem after doing those things, you need to post just that relevant section of code or wrong data value along with the symptoms or errors that you saw in front of you that would tell someone what your code and data are doing at that point that is different from the expected result.

What have you done to pin down exactly at what point your code and data are doing what you expect and at what point they are not? I can guarantee that the problem lies somewhere between those two points. If all you have done is to run your code and noticed that it didn't work as expected, all you have done is to pin down that there's a problem somewhere in your code.

 

If that answer is somewhat flippant, it's because -

 

A) We cannot run your code to observe the result it produces because we don't have your database tables or data, nor do we want them,

 

B) It's unlikely that anyone is going to read through hundreds of lines of code to figure out both what it should be doing and what might be wrong with it,

 

C) Without any statement of the exact symptom or error you saw in front of you, and at what point you saw it, that leads you to believe that your code doesn't work, we don't even know the most likely place in the code to look at as a starting point.

 

So, you need to debug your own code (you are the only one here who can). You need to narrow down the problem to just one relevant section of code or one data value. Then, if you cannot find the problem after doing those things, you need to post just that relevant section of code or wrong data value along with the symptoms or errors that you saw in front of you that would tell someone what your code and data are doing at that point that is different from the expected result.

 

Ah yes sorry, the problem I seem to be having is that my website is not detecting the cookies or sessions that I am setting here:

$ip_address = $_SERVER['REMOTE_ADDR'];
  $user_browser = $_SERVER['HTTP_USER_AGENT'];
  $user_id = preg_replace("/[^0-9]+/", $user_id);
  $_SESSION['loginscript_user_id_session'] = $user_id;
  $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
  $_SESSION['loginscript_username_session'] = $username;
  $_SESSION['loginscript_login_string_session'] = hash("sha512", $password.$ip_address.$user_browser);
  $_SESSION['loginscript_email_session'] = $email;


  setcookie("loginscript_email_cookie", $email, time()+60*60*24*100, '/');
  setcookie("loginscript_user_id_cookie", $user_id, time()+60*60*24*100, '/');
  setcookie("loginscript_login_string_cookie", hash("sha512",  $password.$ip_address.$user_browser), time()+60*60*24*100, '/');
  setcookie("loginscript_username_cookie", $username, time()+60*60*24*100, '/');

 

When I come back to the index.php the page doesn't redirect me to the page home.php as it should be doing here:

<?php
include("scripts/connect.php");
include("scripts/functions.php");


if(is_logged_in($mysqli)) {
 header("Location: home.php");
}
?>

 

This means that there is a problem with how I am setting my sessions and cookies or there is a problem where I am detecting them although I'm not sure which.

Ah yes sorry, the problem I seem to be having is that my website is not detecting the cookies or sessions that I am setting here:

$ip_address = $_SERVER['REMOTE_ADDR'];
 $user_browser = $_SERVER['HTTP_USER_AGENT'];
 $user_id = preg_replace("/[^0-9]+/", $user_id);
 $_SESSION['loginscript_user_id_session'] = $user_id;
 $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
 $_SESSION['loginscript_username_session'] = $username;
 $_SESSION['loginscript_login_string_session'] = hash("sha512", $password.$ip_address.$user_browser);
 $_SESSION['loginscript_email_session'] = $email;


 setcookie("loginscript_email_cookie", $email, time()+60*60*24*100, '/');
 setcookie("loginscript_user_id_cookie", $user_id, time()+60*60*24*100, '/');
 setcookie("loginscript_login_string_cookie", hash("sha512", $password.$ip_address.$user_browser), time()+60*60*24*100, '/');
 setcookie("loginscript_username_cookie", $username, time()+60*60*24*100, '/');

 

When I come back to the index.php the page doesn't redirect me to the page home.php as it should be doing here:

<?php
include("scripts/connect.php");
include("scripts/functions.php");


if(is_logged_in($mysqli)) {
header("Location: home.php");
}
?>

 

This means that there is a problem with how I am setting my sessions and cookies or there is a problem where I am detecting them although I'm not sure which.

 

Alright, I got the script working, thanks for your help :3

Edited by MrDare360
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.