Svenskunganka Posted November 14, 2013 Share Posted November 14, 2013 Hello, I have an issue with my login script. The issue is that when a user has been logged in for awhile, they get auto-logged out (The session gets removed/renewed) even though the lifetime of both the session and cookie is 7 days. (604800 seconds). Here's the login code I'm using: class session { // Start the session function sec_session_start() { $session_name = 'nopedotjava'; // Set a custom session name $secure = false; // Set to true if using https. $httponly = true; // This stops javascript being able to access the session id. ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. ini_set('session.cookie_lifetime', 60 * 60 * 24 * 7); ini_set('session.gc_maxlifetime', 60 * 60 * 24 * 7); ini_set('session.save_path', '/customers/7/7/e/*****.com/httpd.www/jobb/sessions'); $cookieParams = session_get_cookie_params(); // Gets current cookies params. session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); session_name($session_name); // Sets the session name to the one set above. session_start(); // Start the php session session_regenerate_id(true); // regenerated the session, delete the old one. echo $cookieParams['lifetime']; } // Login Function function login($username, $password, $mysqli) { // Using prepared Statements means that SQL injection is not possible. $stmt = $mysqli->stmt_init(); if ($stmt->prepare("SELECT id, password FROM workers WHERE username = ? LIMIT 1")) { $stmt->bind_param('s', $username); // Bind "$username" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); $stmt->bind_result($uid, $db_password); // get variables from result. $stmt->fetch(); $key = "*************************"; $newPassword = pass_decrypt($db_password, $key); // encode password if($stmt->num_rows == 1) { // If the user exists if($newPassword == $password) { // Check if the password in the database matches the password the user submitted. // Password is correct! $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user. $uid = preg_replace("/[^0-9]+/", "", $uid); // XSS protection as we might print this value $_SESSION['uid'] = $uid; $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value $_SESSION['username'] = $username; $_SESSION['login_string'] = hash('sha512', $db_password.$user_browser); // Login successful. return true; } else{ // Password is not correct // We record this attempt in the database return false; } } } else { // User do not exist return false; } } // Check if a user is logged in or not. function login_check($mysqli) { // Check if all session variables are set if(isset($_SESSION['uid'], $_SESSION['username'], $_SESSION['login_string'])) { $uid = $_SESSION['uid']; $login_string = $_SESSION['login_string']; $username = $_SESSION['username']; $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user. $stmt = $mysqli->stmt_init(); if ($stmt->prepare("SELECT password FROM workers WHERE id = ? LIMIT 1")) { $stmt->bind_param('i', $uid); // Bind "$uid" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if($stmt->num_rows == 1) { // If the user exists $stmt->bind_result($password); // get variables from result. $stmt->fetch(); $login_check = hash('sha512', $password.$user_browser); if($login_check == $login_string) { // Logged In!!!! return true; } else{ // Not logged in return false; } } else{ // Not logged in return false; } } else{ // Not logged in return false; } } else{ // Not logged in return false; } } } As you can see, the sessions gets saved into /sessions and the old sessions is still there but they doesn't get "regenerated" by the session_regenerate_id(true); I also have another issue regarding iPhone Safari image uploads. When I try to upload an image using Safari from the iPhone the bar just loads forever. I've tested the upload code and it works for both PC (Tested on Windows using Google Chrome & Internet Explorer and on Android smartphones using Google Chrome). Here's the upload code I'm using: echo '<br><br> <form action="index.php?page=jobb&action=view&jobbid='.$jobbid.'" method="POST" enctype="multipart/form-data"> Ladda upp foto(n): <input type="file" accept="image/*" capture="camera" name="pictures[]" required="" multiple> <input type="submit" name="upload" value="Ladda upp"> </form>'; if(isset($_FILES['pictures'], $_GET['jobbid'])) { $extensions = array("jpeg", "jpg", "png"); $img_dir = "images/"; foreach($_FILES['pictures']['tmp_name'] as $key => $tmp_name) { $file_name = $key.$_FILES['pictures']['name'][$key]; $file_tmp = $_FILES['pictures']['tmp_name'][$key]; $file_type = $_FILES['pictures']['type'][$key]; $file_ext = strtolower(end(explode(".", $_FILES['pictures']['name'][$key]))); if(in_array($file_ext, $extensions) === true) { $path = $img_dir.generateRandomString().".".$file_ext; move_uploaded_file($file_tmp, $path); $stmt = $mysqli->stmt_init(); $stmt->prepare("INSERT INTO pictures VALUES (?,?)"); $stmt->bind_param("si", $path, $_GET['jobbid']); $stmt->execute(); $stmt->close(); } } } Thanks in advance! Quote Link to comment https://forums.phpfreaks.com/topic/283886-session-gets-auto-removedrenewed-iphone-safari-image-upload-doesnt-work/ Share on other sites More sharing options...
Svenskunganka Posted November 14, 2013 Author Share Posted November 14, 2013 Anyone? Quote Link to comment https://forums.phpfreaks.com/topic/283886-session-gets-auto-removedrenewed-iphone-safari-image-upload-doesnt-work/#findComment-1458245 Share on other sites More sharing options...
Svenskunganka Posted November 16, 2013 Author Share Posted November 16, 2013 Bumping this to get it up in the list. I really need some help with this. Regards, Sven. Quote Link to comment https://forums.phpfreaks.com/topic/283886-session-gets-auto-removedrenewed-iphone-safari-image-upload-doesnt-work/#findComment-1458525 Share on other sites More sharing options...
Svenskunganka Posted November 18, 2013 Author Share Posted November 18, 2013 Bumping for the same reason as above. Quote Link to comment https://forums.phpfreaks.com/topic/283886-session-gets-auto-removedrenewed-iphone-safari-image-upload-doesnt-work/#findComment-1458875 Share on other sites More sharing options...
Svenskunganka Posted November 22, 2013 Author Share Posted November 22, 2013 Last bump now, if no reply, thread will die. *crossing my fingers* Quote Link to comment https://forums.phpfreaks.com/topic/283886-session-gets-auto-removedrenewed-iphone-safari-image-upload-doesnt-work/#findComment-1459470 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.