c4n10 Posted March 21, 2013 Share Posted March 21, 2013 Hello, I am designing the site at http://minelitecoin.com I am having an issue with login. I am able sto successfully create new accounts, the mysql database is appropriately updated then I proceed to login. The login.php script seems to execute flawlessly and I am told the login is successful but then something goes wrong after the login re-direct and I am returned to the homepage without being logged in. I suspect an error in a script called universalChecklogin.php which is called by every page for cookie validation. Here is the contents of my "login.php": http://pastebin.com/DYC9E0xw And here are the contents of the universalChecklogin.php: http://pastebin.com/qtN2dZkD One more time, here is the link of the code working live: http://minelitecoin.com If you need any other information please feel free to ask, any help is great;y appreciated... Thanks!!! Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/ Share on other sites More sharing options...
PaulRyan Posted March 21, 2013 Share Posted March 21, 2013 You should post your code within the code tags. People tend not to follow links, plus it means people in the future can see the code, in case the external links expire. Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/#findComment-1420115 Share on other sites More sharing options...
c4n10 Posted March 21, 2013 Author Share Posted March 21, 2013 You should post your code within the code tags. People tend not to follow links, plus it means people in the future can see the code, in case the external links expire. Sorry about that, thanks for the tip! Here is login.php: <?php /* Copyright (C) 41a240b48fb7c10c68ae4820ac54c0f32a214056bfcfe1c2e7ab4d3fb53187a0 Name Year (sha256) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Website Reference:http://www.gnu.org/licenses/gpl-2.0.html Note From Author: Keep the original donate address in the source files when transferring or redistrubuting this code. Please donate at the following address: 1Fc2ScswXAHPUgj3qzmbRmwWJSLL2yv8Q */ //This page will attempt to take informtion from the user and create an ecrypted session inside of a cookie //Include site functions include("includes/requiredFunctions.php"); //Filter input results before querying them into database $user = mysql_real_escape_string($_POST["username"]); $pass = mysql_real_escape_string($_POST["password"]); //Check the supplied username & password with the saved username & password $checkPassQ = mysql_query("SELECT id, secret, pass, accountLocked, accountFailedAttempts FROM webUsers WHERE username = '".$user."' LIMIT 0,1"); $checkPass = mysql_fetch_object($checkPassQ); $userExists = $checkPass->id; if($checkPass->accountFailedAttempts >= 5){ echo "Account has been banned"; die(); } //Check if user exists before checking login data if($userExists > 0){ //Check to see if this user has an `accountLocked` if($checkPass->accountLocked < time()){ //Check to see if this user has attempted to login more then the maximum allowed failed attempts if($checkPass->accountFailedAttempts < 5){ $dbHash = $checkPass->pass; $inputHash = hash("sha256", $pass.$salt); //Do Check if($dbHash == $inputHash){ //Give out the secrect SHHH!! be quite too! //Get ip address so we can hash with the cookie so no one can steal the password $ip = $_SERVER['REMOTE_ADDR']; $timeoutStamp = time()+60*60*24*7; //1 week session //Update logged in ip address so no one can steal this cookie hash unless mysql_query("UPDATE `webUsers` SET `sessionTimeoutStamp` = ".$timeoutStamp.", `loggedIp` = '".$ip."' WHERE `id` = ".$userExists); //Set cookie in browser for session $hash = $checkPass->secret.$dbHash.$ip.$timeoutStamp; $cookieHash = hash("sha256", $hash.$salt); setcookie($cookieName, $checkPass->id."-".$cookieHash, $timeoutStamp, $cookiePath, $cookieDomain); $cookieValid = true; //Display output message $outputMessage = "Welcome back, we'll be returning to the main page shortly"; mysql_query("UPDATE webUsers SET accountFailedAttempts = 0 WHERE id = $userExists"); }else{ $outputMessage = "Wrong username or password."; $lock = $checkPass->accountFailedAttempts + 1; mysql_query("UPDATE webUsers SET accountFailedAttempts = $lock WHERE id = $userExists"); } } } }else{ $outputMessage = "User name dosent exist!"; } ?> <html> <head> <title><?php echo antiXss(outputPageTitle());?> </title> <link rel="stylesheet" href="/css/mainstyle.css" type="text/css" /> <meta http-equiv="refresh" content="2;url=/"> </head> <body> <div id="pagecontent"> <h1><?php echo antiXss($outputMessage); ?><br/> <a href="/">Click here if you continue to see this message</a></h1> </div> </body> </html> And here is the universalChecklogin.php: <?php /* // Copyright (C) 2011 Mike Allison <[email protected]> // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. // LTC Donations: LZBZoH4uEEv82p2BpxRgw6fvgEvCFXXN4x */ $donatePercent = 0; //Check if the cookie is set, if so check if the cookie is valid if(isSet($_COOKIE[$cookieName])){ $cookieValid = false; $ip = $_SERVER['REMOTE_ADDR']; //Get Ip address for cookie validation $validateCookie = new checkLogin(); $cookieValid = $validateCookie->checkCookie(mysql_real_escape_string($_COOKIE[$cookieName]), $ip); $userId = $validateCookie->returnUserId($_COOKIE[$cookieName]); //ensure userId is numeric to prevent sql injection attack if (!is_numeric($userId)) { $userId = 0; exit; } //Get user information $userInfoQ = mysql_query("SELECT id, username, email, pin, pass, admin, api_key, IFNULL(donate_percent, '0') as donate_percent, ltc_lock FROM webUsers WHERE id = $userId LIMIT 0,1"); if ($userInfo = mysql_fetch_object($userInfoQ)) { $authPin = $userInfo->pin; $hashedPass = $userInfo->pass; $isAdmin = $userInfo->admin; $currentUserHashrate = $stats->userhashrate($userInfo->username); $userApiKey = $userInfo->api_key; $donatePercent = $userInfo->donate_percent; $userEmail = $userInfo->email; $userLtcLock = $userInfo->ltc_lock; $totalUserShares = $stats->usersharecount($userId); //Get current round share information, estimated total earnings $totalOverallShares = $stats->currentshares(); //Calculate Estimate $userRoundEstimate = 0; if($totalUserShares > 0 && $totalOverallShares > 0) { //Get site percentage $sitePercent = 0; if (is_numeric($settings->getsetting("sitepercent"))) $sitePercent = $settings->getsetting("sitepercent")/100; if ($totalOverallShares > $litecoinDifficulty) $estimatedTotalEarnings = $totalUserShares/$totalOverallShares; else $estimatedTotalEarnings = $totalUserShares/$litecoinDifficulty; $estimatedTotalEarnings *= $bonusCoins*(1-$sitePercent); //The expected LTC to be givin out $userRoundEstimate = round($estimatedTotalEarnings, ; } //Get Current balance $currentBalanceQ = mysql_query("SELECT balance, IFNULL(sendAddress,'') as sendAddress, threshold FROM accountBalance WHERE userId = '$userId' LIMIT 0,1"); if ($currentBalanceObj = mysql_fetch_object($currentBalanceQ)) { $currentBalance = $currentBalanceObj->balance; //Get payment address that is associated wit this user $paymentAddress = $currentBalanceObj->sendAddress; $payoutThreshold = $currentBalanceObj->threshold; } else { $currentBalance = 0; $paymentAddress = ""; $payoutThreshold = 0; } } } ?> Again, thanks in advance to anyone who can help me out! Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/#findComment-1420120 Share on other sites More sharing options...
haku Posted March 21, 2013 Share Posted March 21, 2013 Probably this: if(isSet($_COOKIE[$cookieName])){ isSet != isset Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/#findComment-1420121 Share on other sites More sharing options...
c4n10 Posted March 21, 2013 Author Share Posted March 21, 2013 Probably this: if(isSet($_COOKIE[$cookieName])){ isSet != isset Hi, thanks for the quick response! So then: if(isSet!=isset($_COOKIE[$cookieName])){ or if(!=isSet($_COOKIE[$cookieName])){ How should this line be written...? Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/#findComment-1420124 Share on other sites More sharing options...
haku Posted March 21, 2013 Share Posted March 21, 2013 No. PHP has a function isset(). PHP does not have a function isSet(). Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/#findComment-1420125 Share on other sites More sharing options...
c4n10 Posted March 21, 2013 Author Share Posted March 21, 2013 No. PHP has a function isset(). PHP does not have a function isSet(). Oh, I see, whoops... Ok, I now have this: if(isset($_COOKIE[$cookieName])){ Still not working, but one step in the right direction, thanks! Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/#findComment-1420126 Share on other sites More sharing options...
c4n10 Posted March 21, 2013 Author Share Posted March 21, 2013 (edited) In case it is useful, here are the contents of the cookie being created in my browser by the site: Name: minelitecoin.com Content: 710-4fc03a51e6fc32927f011ecb7c25efa1fd498d9902c2efe73f63a3e28fb584e8 Domain: .minelitecoin.com Path: /var/www Send for: Any kind of connection Accessible to script: Yes Created: Thursday, March 21, 2013 7:25:19 AM Expires: Thursday, March 28, 2013 7:25:19 AM Edited March 21, 2013 by c4n10 Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/#findComment-1420130 Share on other sites More sharing options...
ignace Posted March 21, 2013 Share Posted March 21, 2013 (edited) @haku PHP is case insensitive for classes and functions so isset, isSet, IsSet, ISSET, .. are all the same function. @OP Are you sure $cookieName is defined in universalChecklogin.php? Echo it out to make sure it exists. Also enable error reporting: error_reporting(E_ALL); ini_set('display_errors', 1); Edited March 21, 2013 by ignace Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/#findComment-1420131 Share on other sites More sharing options...
haku Posted March 21, 2013 Share Posted March 21, 2013 Learn something new every day. I thought it was case sensitive. Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/#findComment-1420132 Share on other sites More sharing options...
c4n10 Posted March 21, 2013 Author Share Posted March 21, 2013 @haku PHP is case insensitive for classes and functions so isset, isSet, IsSet, ISSET, .. are all the same function. @OP Are you sure $cookieName is defined in universalChecklogin.php? Echo it out to make sure it exists. Also enable error reporting: error_reporting(E_ALL); ini_set('display_errors', 1); I'm still in the new to moderate level area of php, most of my experience comes from editing open-source code, I will probably be ridiculed for this, but I don't know how to properly use echo statements, where in my code should I be putting the echo statement and where should I be putting the error reporting statements...? Sorry for any inconvenience... Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/#findComment-1420136 Share on other sites More sharing options...
c4n10 Posted March 21, 2013 Author Share Posted March 21, 2013 ok, so error reporting returns: Fatal error: Cannot redeclare connectToDb() (previously declared in /var/www/includes/requiredFunctions.php:88) in /var/www/includes/requiredFunctions.php on line 93 Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/#findComment-1420142 Share on other sites More sharing options...
Solution c4n10 Posted March 21, 2013 Author Solution Share Posted March 21, 2013 ok, so error reporting returns: Fatal error: Cannot redeclare connectToDb() (previously declared in /var/www/includes/requiredFunctions.php:88) in /var/www/includes/requiredFunctions.php on line 93 K, fixed that issue... working on a couple others... Quote Link to comment https://forums.phpfreaks.com/topic/275969-php-login-successful-until-re-direct/#findComment-1420144 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.