Jump to content

PHP Login Successful Until Re-Direct...

c4n10

By c4n10
in PHP Coding Help

 Share
Go to solution Solved by c4n10,

Recommended Posts

c4n10 Newbie

c4n10

Posted
Posted

Hello,

 

I am designing the site at http://minelitecoin.com

 

I am having an issue with login. I am able sto successfully create new accounts, the mysql database is appropriately updated then I proceed to login.

 

The login.php script seems to execute flawlessly and I am told the login is successful but then something goes wrong after the login re-direct and I am returned to the homepage without being logged in. I suspect an error in a script called universalChecklogin.php which is called by every page for cookie validation.

 

Here is the contents of my "login.php": http://pastebin.com/DYC9E0xw

And here are the contents of the universalChecklogin.php: http://pastebin.com/qtN2dZkD

One more time, here is the link of the code working live: http://minelitecoin.com

 

If you need any other information please feel free to ask, any help is great;y appreciated...

 

Thanks!!!

Link to comment
Share on other sites
c4n10 Newbie

c4n10

Posted
  • Author
Posted

You should post your code within the code tags.

People tend not to follow links, plus it means people in the future can see the code, in case the external links expire.

 

Sorry about that, thanks for the tip! Here is login.php:

 

<?php
/*
Copyright (C)  41a240b48fb7c10c68ae4820ac54c0f32a214056bfcfe1c2e7ab4d3fb53187a0 Name Year (sha256)
 
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
 
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
 
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
Website Reference:http://www.gnu.org/licenses/gpl-2.0.html
 
Note From Author: Keep the original donate address in the source files when transferring or redistrubuting this code.
Please donate at the following address: 1Fc2ScswXAHPUgj3qzmbRmwWJSLL2yv8Q
*/
//This page will attempt to take informtion from the user and create an ecrypted session inside of a cookie
 
//Include site functions
include("includes/requiredFunctions.php");
               
//Filter input results before querying them into database
$user = mysql_real_escape_string($_POST["username"]);
$pass = mysql_real_escape_string($_POST["password"]);
 
//Check the supplied username & password with the saved username & password
$checkPassQ = mysql_query("SELECT id, secret, pass, accountLocked, accountFailedAttempts FROM webUsers WHERE username = '".$user."' LIMIT 0,1");
$checkPass = mysql_fetch_object($checkPassQ);
$userExists = $checkPass->id;
 
if($checkPass->accountFailedAttempts >= 5){
        echo "Account has been banned";
        die();
}
 
 
//Check if user exists before checking login data
if($userExists > 0){
        //Check to see if this user has an `accountLocked`
        if($checkPass->accountLocked < time()){
                //Check to see if this user has attempted to login more then the maximum allowed failed attempts
                if($checkPass->accountFailedAttempts < 5){
                        $dbHash = $checkPass->pass;
                        $inputHash = hash("sha256", $pass.$salt);
                        //Do Check
                        if($dbHash == $inputHash){
                                //Give out the secrect SHHH!! be quite too!
                                //Get ip address so we can hash with the cookie so no one can steal the password
                                $ip = $_SERVER['REMOTE_ADDR'];
                                $timeoutStamp = time()+60*60*24*7; //1 week session
                                //Update logged in ip address so no one can steal this cookie hash unless
                                mysql_query("UPDATE `webUsers` SET `sessionTimeoutStamp` = ".$timeoutStamp.", `loggedIp` = '".$ip."' WHERE `id` = ".$userExists);
                       
                                //Set cookie in browser for session
                                $hash           = $checkPass->secret.$dbHash.$ip.$timeoutStamp;
                                $cookieHash = hash("sha256", $hash.$salt);
                                setcookie($cookieName, $checkPass->id."-".$cookieHash, $timeoutStamp, $cookiePath, $cookieDomain);
                                $cookieValid = true;
                       
                                //Display output message
                                $outputMessage = "Welcome back, we'll be returning to the main page shortly";  
                                mysql_query("UPDATE webUsers SET accountFailedAttempts = 0 WHERE id = $userExists");
                        }else{
                                $outputMessage =  "Wrong username or password.";
                                $lock = $checkPass->accountFailedAttempts + 1;
                                mysql_query("UPDATE webUsers SET accountFailedAttempts = $lock WHERE id = $userExists");
                        }
                }
        }
}else{
        $outputMessage = "User name dosent exist!";
}
?>
<html>
  <head>
        <title><?php echo antiXss(outputPageTitle());?> </title>
        <link rel="stylesheet" href="/css/mainstyle.css" type="text/css" />
        <meta http-equiv="refresh" content="2;url=/">
  </head>
  <body>
        <div id="pagecontent">
                <h1><?php echo antiXss($outputMessage); ?><br/>
                <a href="/">Click here if you continue to see this message</a></h1>
        </div>
  </body>
</html>

 

 

And here is the universalChecklogin.php:

 

<?php
/*
//    Copyright (C) 2011  Mike Allison <dj.mikeallison@gmail.com>
//
//    This program is free software: you can redistribute it and/or modify
//    it under the terms of the GNU General Public License as published by
//    the Free Software Foundation, either version 3 of the License, or
//    (at your option) any later version.
//
//    This program is distributed in the hope that it will be useful,
//    but WITHOUT ANY WARRANTY; without even the implied warranty of
//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//    GNU General Public License for more details.
//
//    You should have received a copy of the GNU General Public License
//    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
//        LTC Donations: LZBZoH4uEEv82p2BpxRgw6fvgEvCFXXN4x
 
*/
 
$donatePercent = 0;
 
//Check if the cookie is set, if so check if the cookie is valid
if(isSet($_COOKIE[$cookieName])){
        $cookieValid = false;
        $ip = $_SERVER['REMOTE_ADDR']; //Get Ip address for cookie validation
        $validateCookie = new checkLogin();
        $cookieValid = $validateCookie->checkCookie(mysql_real_escape_string($_COOKIE[$cookieName]), $ip);
        $userId = $validateCookie->returnUserId($_COOKIE[$cookieName]);
       
        //ensure userId is numeric to prevent sql injection attack
        if (!is_numeric($userId)) {
                $userId = 0;   
                exit;
        }      
 
        //Get user information
        $userInfoQ = mysql_query("SELECT id, username, email, pin, pass, admin, api_key, IFNULL(donate_percent, '0') as donate_percent, ltc_lock FROM webUsers WHERE id = $userId LIMIT 0,1");  
        if ($userInfo = mysql_fetch_object($userInfoQ)) {
                $authPin = $userInfo->pin;
                $hashedPass = $userInfo->pass;
                $isAdmin = $userInfo->admin;                                           
                $currentUserHashrate = $stats->userhashrate($userInfo->username);
                $userApiKey = $userInfo->api_key;
                $donatePercent = $userInfo->donate_percent;            
                $userEmail = $userInfo->email;
                $userLtcLock = $userInfo->ltc_lock;
 
                $totalUserShares = $stats->usersharecount($userId);            
               
                //Get current round share information, estimated total earnings
                $totalOverallShares = $stats->currentshares(); 
                       
                //Calculate Estimate
                $userRoundEstimate = 0;
                if($totalUserShares > 0 && $totalOverallShares > 0) {
                        //Get site percentage
                        $sitePercent = 0;
                        if (is_numeric($settings->getsetting("sitepercent")))
                                $sitePercent = $settings->getsetting("sitepercent")/100;
                       
                        if ($totalOverallShares > $litecoinDifficulty)
                                $estimatedTotalEarnings = $totalUserShares/$totalOverallShares;
                        else
                                $estimatedTotalEarnings = $totalUserShares/$litecoinDifficulty;
                        $estimatedTotalEarnings *= $bonusCoins*(1-$sitePercent); //The expected LTC to be givin out
                        $userRoundEstimate = round($estimatedTotalEarnings, ;
                }                              
                               
                //Get Current balance                              
                $currentBalanceQ = mysql_query("SELECT balance, IFNULL(sendAddress,'') as sendAddress, threshold FROM accountBalance WHERE userId = '$userId' LIMIT 0,1");
                if ($currentBalanceObj = mysql_fetch_object($currentBalanceQ)) {
                        $currentBalance = $currentBalanceObj->balance;
                        //Get payment address that is associated wit this user
                        $paymentAddress = $currentBalanceObj->sendAddress;             
                        $payoutThreshold = $currentBalanceObj->threshold;      
                } else {
                        $currentBalance = 0;
                        $paymentAddress = "";
                        $payoutThreshold = 0;
                }
        }
 
}
?>

 

 

Again, thanks in advance to anyone who can help me out!

Link to comment
Share on other sites
c4n10 Newbie

c4n10

Posted
  • Author
Posted

Probably this:

 

 

if(isSet($_COOKIE[$cookieName])){

 

isSet != isset

 

 

Hi, thanks for the quick response! So then:

 

if(isSet!=isset($_COOKIE[$cookieName])){

 

 or

 

if(!=isSet($_COOKIE[$cookieName])){

 

 

 

How should this line be written...?

Link to comment
Share on other sites
c4n10 Newbie

c4n10

Posted
  • Author
Posted

No. PHP has a function isset(). PHP does not have a function isSet().

 

Oh, I see, whoops... Ok, I now have this:

 

if(isset($_COOKIE[$cookieName])){

 

 

Still not working, but one step in the right direction, thanks!

Link to comment
Share on other sites
c4n10 Newbie

c4n10

Posted
  • Author
Posted (edited)

In case it is useful, here are the contents of the cookie being created in my browser by the site:

 

 

Name: minelitecoin.com

Content: 710-4fc03a51e6fc32927f011ecb7c25efa1fd498d9902c2efe73f63a3e28fb584e8

Domain: .minelitecoin.com

Path: /var/www

Send for: Any kind of connection

Accessible to script: Yes

Created: Thursday, March 21, 2013 7:25:19 AM

Expires: Thursday, March 28, 2013 7:25:19 AM

Edited by c4n10
Link to comment
Share on other sites
ignace Advanced Member

ignace

Posted
Posted (edited)

@haku PHP is case insensitive for classes and functions so isset, isSet, IsSet, ISSET, .. are all the same function.

 

@OP Are you sure $cookieName is defined in universalChecklogin.php? Echo it out to make sure it exists. Also enable error reporting:

error_reporting(E_ALL);
ini_set('display_errors', 1);
Edited by ignace
Link to comment
Share on other sites
c4n10 Newbie

c4n10

Posted
  • Author
Posted

 

@haku PHP is case insensitive for classes and functions so isset, isSet, IsSet, ISSET, .. are all the same function.

 

@OP Are you sure $cookieName is defined in universalChecklogin.php? Echo it out to make sure it exists. Also enable error reporting:

error_reporting(E_ALL);
ini_set('display_errors', 1);

 

 

I'm still in the new to moderate level area of php, most of my experience comes from editing open-source code, I will probably be ridiculed for this, but I don't know how to properly use echo statements, where in my code should I be putting the echo statement and where should I be putting the error reporting statements...? Sorry for any inconvenience...

Link to comment
Share on other sites
  • Solution
c4n10 Newbie

c4n10

Posted
  • Author
  • Solution
Posted

ok, so error reporting returns:

 

Fatal error: Cannot redeclare connectToDb() (previously declared in /var/www/includes/requiredFunctions.php:88) in /var/www/includes/requiredFunctions.php on line 93

 

 

K, fixed that issue... working on a couple others...

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.