Jump to content

Session gets auto-removed/renewed & iPhone Safari image upload doesn't work


Recommended Posts

Hello,

 

I have an issue with my login script. The issue is that when a user has been logged in for awhile, they get auto-logged out (The session gets removed/renewed) even though the lifetime of both the session and cookie is 7 days. (604800 seconds).

 

Here's the login code I'm using:

class session {
	
	// Start the session
	function sec_session_start() {
			$session_name = 'nopedotjava'; // Set a custom session name
			$secure = false; // Set to true if using https.
			$httponly = true; // This stops javascript being able to access the session id. 
			ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
			ini_set('session.cookie_lifetime', 60 * 60 * 24 * 7);
			ini_set('session.gc_maxlifetime', 60 * 60 * 24 * 7);
			ini_set('session.save_path', '/customers/7/7/e/*****.com/httpd.www/jobb/sessions');
			$cookieParams = session_get_cookie_params(); // Gets current cookies params.
			session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
			session_name($session_name); // Sets the session name to the one set above.
			session_start(); // Start the php session
			session_regenerate_id(true); // regenerated the session, delete the old one.     
			echo $cookieParams['lifetime'];
	}
	
	// Login Function
	function login($username, $password, $mysqli) {
		// Using prepared Statements means that SQL injection is not possible.
		$stmt = $mysqli->stmt_init();
		if ($stmt->prepare("SELECT id, password FROM workers WHERE username = ? LIMIT 1")) { 
			$stmt->bind_param('s', $username); // Bind "$username" to parameter.
			$stmt->execute(); // Execute the prepared query.
			$stmt->store_result();
			$stmt->bind_result($uid, $db_password); // get variables from result.
			$stmt->fetch();
			$key = "*************************";
			$newPassword = pass_decrypt($db_password, $key); // encode password
	 
			if($stmt->num_rows == 1) { // If the user exists
				if($newPassword == $password) { // Check if the password in the database matches the password the user submitted. 
					// Password is correct!
					$user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
					$uid = preg_replace("/[^0-9]+/", "", $uid); // XSS protection as we might print this value
					$_SESSION['uid'] = $uid; 
					$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value
					$_SESSION['username'] = $username;
					$_SESSION['login_string'] = hash('sha512', $db_password.$user_browser);
					// Login successful.
					return true;    
				}
				else{
					// Password is not correct
					// We record this attempt in the database
					return false;
				}
			}
		}
		else {
			// User do not exist
			return false;
		}
	}
	
	// Check if a user is logged in or not.
	function login_check($mysqli) {
		// Check if all session variables are set
		if(isset($_SESSION['uid'], $_SESSION['username'], $_SESSION['login_string'])) {
			$uid = $_SESSION['uid'];
			$login_string = $_SESSION['login_string'];
			$username = $_SESSION['username'];
			$user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.
			$stmt = $mysqli->stmt_init();
			if ($stmt->prepare("SELECT password FROM workers WHERE id = ? LIMIT 1")) { 
				$stmt->bind_param('i', $uid); // Bind "$uid" to parameter.
				$stmt->execute(); // Execute the prepared query.
				$stmt->store_result();
				if($stmt->num_rows == 1) { // If the user exists
					$stmt->bind_result($password); // get variables from result.
					$stmt->fetch();
					$login_check = hash('sha512', $password.$user_browser);
					if($login_check == $login_string) {
						// Logged In!!!!
						return true;
					} 
					else{
						// Not logged in
						return false;
					}
				}
				else{
					// Not logged in
					return false;
				}
			} 
			else{
				// Not logged in
				return false;
			}
		}
		else{
			// Not logged in
			return false;
		}
	}
}

As you can see, the sessions gets saved into /sessions and the old sessions is still there but they doesn't get "regenerated" by the session_regenerate_id(true);

 

I also have another issue regarding iPhone Safari image uploads. When I try to upload an image using Safari from the iPhone the bar just loads forever. I've tested the upload code and it works for both PC (Tested on Windows using Google Chrome & Internet Explorer and on Android smartphones using Google Chrome).

Here's the upload code I'm using:

echo '<br><br>
	<form action="index.php?page=jobb&action=view&jobbid='.$jobbid.'" method="POST" enctype="multipart/form-data">
	Ladda upp foto(n): <input type="file" accept="image/*" capture="camera" name="pictures[]" required="" multiple> <input type="submit" name="upload" value="Ladda upp">
	</form>';
	if(isset($_FILES['pictures'], $_GET['jobbid'])) {
		$extensions = array("jpeg", "jpg", "png");
		$img_dir = "images/";
	    foreach($_FILES['pictures']['tmp_name'] as $key => $tmp_name) {
	    	$file_name = $key.$_FILES['pictures']['name'][$key];
	    	$file_tmp = $_FILES['pictures']['tmp_name'][$key];
	    	$file_type = $_FILES['pictures']['type'][$key];
	    	$file_ext = strtolower(end(explode(".", $_FILES['pictures']['name'][$key])));
	    	if(in_array($file_ext, $extensions) === true) {
	    		$path = $img_dir.generateRandomString().".".$file_ext;
	    		move_uploaded_file($file_tmp, $path);
	    		$stmt = $mysqli->stmt_init();
	    		$stmt->prepare("INSERT INTO pictures VALUES (?,?)");
	    		$stmt->bind_param("si", $path, $_GET['jobbid']);
	    		$stmt->execute();
	    		$stmt->close();
	    	}
	    }
	}

Thanks in advance!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.