[SOLVED] Bizzare Problem with Login Script

[techiefreak05]

I don't know why, but the login script ive been using for past year has been acting really funny the past couple months. When you check the "Remember Me" checkbox, even without filling in the email and password, it still logs the user in... and wont log out until you clear cookies, but this only happens if you check the box, other wise it works just like tis supposed to .. so, whats wrong with the code? any ideas!?

 

<?php

$conn = mysql_connect("xxx", "xxx", "xxx") or die(mysql_error()); 
mysql_select_db('xxx', $conn) or die(mysql_error());

/**
* Checks whether or not the given username is in the
* database, if so it checks if the given password is
* the same password in the database for that user.
* If the user doesn't exist or if the passwords don't
* match up, it returns an error code (1 or 2). 
* On success it returns 0.
*/
function confirmUser($email, $password){
   global $conn;
   /* Add slashes if necessary (for query) */
   if(!get_magic_quotes_gpc()) {
$email = addslashes($email);
   }

   /* Verify that user is in database */
   $q = "select password from users where email = '$email'";
   $result = mysql_query($q,$conn);
   if(!$result || (mysql_numrows($result) < 1)){
      return 1; //Indicates username failure
   }

   /* Retrieve password from result, strip slashes */
   $dbarray = mysql_fetch_array($result);
   $dbarray['password']  = stripslashes($dbarray['password']);
   $password = stripslashes($password);

   /* Validate that password is correct */
   if($password == $dbarray['password']){
   }
   else{
      return 2; //Indicates password failure
   }
}
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's 
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
   /* Check if user has been remembered */
   if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      $_SESSION['email'] = $_COOKIE['cookname'];
      $_SESSION['password'] = $_COOKIE['cookpass'];
   }

   /* Username and password have been set */
   if(isset($_SESSION['email']) && isset($_SESSION['password'])){
      /* Confirm that username and password are valid */
      if(confirmUser($_SESSION['email'], $_SESSION['password']) != 0){
         /* Variables are incorrect, user not logged in */
         unset($_SESSION['email']);
         unset($_SESSION['password']);
         return false;
      }
      return true;
   }
   /* User not logged in */
   else{
      return false;
   }
}

/**
* Checks to see if the user has submitted his
* username and password through the login form,
* if so, checks authenticity in database and
* creates session.
*/
if(isset($_POST['sublogin'])){
   /* Check that all fields were typed in */
   if(!$_POST['user'] || !$_POST['pass']){
      echo "You didn't fill in a required field.";
   }
   /* Spruce up username, check length */
   $_POST['user'] = trim($_POST['user']);
   if(strlen($_POST['user']) > 30){
      echo "Sorry, the email is longer than 30 characters, please shorten it.";
   }

   /* Checks that username is in database and password is correct */
   $md5pass = md5($_POST['pass']);
   $result = confirmUser($_POST['user'], $md5pass);

   /* Check error codes */
   if($result == 1){
      echo "That e-mail address doesn't exist in our database.";
   }
   else if($result == 2){
      echo "Incorrect password, please try again.";
   }

   /* Username and password correct, register session variables */
   $_POST['user'] = stripslashes($_POST['user']);
   $_SESSION['email'] = $_POST['user'];
   $_SESSION['password'] = $md5pass;
$email = $_SESSION['email'];
      $sql = "select * from `users` where `email` = '$email'";
   $query = mysql_query($sql,$conn);
      $dbarray = mysql_fetch_array($query);
      $_SESSION['username'] = $dbarray['username'];
      $_SESSION['username_bk'] = $dbarray['username'];
      
      $_SESSION['id'] = $dbarray['id'];
      $_SESSION['id_bk'] = $dbarray['id'];
      
$_SESSION['disp_name'] = $dbarray['dispname'];

$token = md5($_SESSION['disp_name']);
$_SESSION['token'] = $token;

$date = date('F d , g:i a');

$queryt = "UPDATE `users` SET `token` = '$token' WHERE `id` = '$_SESSION[id]'";
mysql_query($queryt);
$queryLL = "UPDATE `users` SET `lastLogin` = '$date' WHERE `id` = '$_SESSION[id]'";
mysql_query($queryLL);
$queryO = "UPDATE `users` SET `status` = 'Online!!' WHERE `id` = '$_SESSION[id]'";
mysql_query($queryO);

   /**
    * This is the cool part: the user has requested that we remember that
    * he's logged in, so we set two cookies. One to hold his username,
    * and one to hold his md5 encrypted password. We set them both to
    * expire in 100 days. Now, next time he comes to our site, we will
    * log him in automatically.
    */
   if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['email'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
   }

   /* Quick self-redirect to avoid resending data on refresh */
   echo "<meta http-equiv=\"refresh\" content=\"0;url=index.php?action=user\">";
   return;
}

/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();
?>

[btherl]

I suspect the problem is with your logout script.  Does it clear the "remember me" cookies?

[techiefreak05]

logout.php:

<?php
session_start();
include("login.php");
include("func.php");

/**
* Delete cookies - the time must be in the past,
* so just negate what you added when creating the
* cookie.
*/
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
   setcookie("cookname", "", time()-60*60*24*100, "/");
   setcookie("cookpass", "", time()-60*60*24*100, "/");
}

?>
<?php

if(!$logged_in){
?>
<?php PageTopGuest(); ?>
Error, you are not current logged in, please <A HREF="index.php>">Go Home</a>
<?php PageBottom (); ?>
<?php
}
else{
$queryO = "UPDATE `users` SET `status` = 'Offline' WHERE `id` = '$_SESSION[id]'";
mysql_query($queryO);
   /* Kill session variables */
   unset($_SESSION['email']);
   unset($_SESSION['disp_name']);
   unset($_SESSION['username']);
   unset($_SESSION['username_bk']);
   unset($_SESSION['password']);
   unset($_SESSION['id']);
   unset($_SESSION['id_bk']);
   $_SESSION = array(); // reset session array
   session_destroy();   // destroy session.
?>
<?php PageTopGuest(); ?>
<center><h4>Logging Out ...</h4></center>
You have successfulyl logged out! please <br><br><A HREF="index.php">Go Home</a>
<?php PageBottom (); ?>
<?php
}
?>

[btherl]

Hmm.. can you clarify the sequence of events?  Does it go like this:

 

1.  Clear cookies

2.  Verify that you are logged out

3.  Click "Remember Me", but don't enter username and password.  Click Submit

4.  I am logged in! (As which user?)

[techiefreak05]

Well, what I've found out, everything works fine i aded session_start() somewhere.. and now. well even when you clikc logout it doesnt log you out! but that only happens when you clikc Remeber Me when you logged in

[techiefreak05]

!!! UPDATE!! Ok, so when I login as myself, using real info from a real user, and I click "Remember Me", its logs me in with empty, EVERYTHING, my user id is not set, my username is not set, .. but then i shouldnt be logged in... and you cant logout unless you clear cookies!

 

Everything is fine without the box, should it be best to remove it?

[dsaba]

You're not properly erasing the cookies, that is what is causing the problem.

 

Try this:

setcookie("cookname", "", 0, "/");

 

instead of this:

setcookie("cookname", "", time()-60*60*24*100, "/");

[techiefreak05]

yup I realized it was not erasing the cokies properly so i went to php.net and found out i could puta  "0" to erase it! thx !!