-
Posts
11 -
Joined
-
Last visited
Svenskunganka's Achievements
Newbie (1/5)
0
Reputation
-
Hello, I have an issue with my login script. The issue is that when a user has been logged in for awhile, they get auto-logged out (The session gets removed/renewed) even though the lifetime of both the session and cookie is 7 days. (604800 seconds). Here's the login code I'm using: class session { // Start the session function sec_session_start() { $session_name = 'nopedotjava'; // Set a custom session name $secure = false; // Set to true if using https. $httponly = true; // This stops javascript being able to access the session id. ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. ini_set('session.cookie_lifetime', 60 * 60 * 24 * 7); ini_set('session.gc_maxlifetime', 60 * 60 * 24 * 7); ini_set('session.save_path', '/customers/7/7/e/*****.com/httpd.www/jobb/sessions'); $cookieParams = session_get_cookie_params(); // Gets current cookies params. session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); session_name($session_name); // Sets the session name to the one set above. session_start(); // Start the php session session_regenerate_id(true); // regenerated the session, delete the old one. echo $cookieParams['lifetime']; } // Login Function function login($username, $password, $mysqli) { // Using prepared Statements means that SQL injection is not possible. $stmt = $mysqli->stmt_init(); if ($stmt->prepare("SELECT id, password FROM workers WHERE username = ? LIMIT 1")) { $stmt->bind_param('s', $username); // Bind "$username" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); $stmt->bind_result($uid, $db_password); // get variables from result. $stmt->fetch(); $key = "*************************"; $newPassword = pass_decrypt($db_password, $key); // encode password if($stmt->num_rows == 1) { // If the user exists if($newPassword == $password) { // Check if the password in the database matches the password the user submitted. // Password is correct! $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user. $uid = preg_replace("/[^0-9]+/", "", $uid); // XSS protection as we might print this value $_SESSION['uid'] = $uid; $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value $_SESSION['username'] = $username; $_SESSION['login_string'] = hash('sha512', $db_password.$user_browser); // Login successful. return true; } else{ // Password is not correct // We record this attempt in the database return false; } } } else { // User do not exist return false; } } // Check if a user is logged in or not. function login_check($mysqli) { // Check if all session variables are set if(isset($_SESSION['uid'], $_SESSION['username'], $_SESSION['login_string'])) { $uid = $_SESSION['uid']; $login_string = $_SESSION['login_string']; $username = $_SESSION['username']; $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user. $stmt = $mysqli->stmt_init(); if ($stmt->prepare("SELECT password FROM workers WHERE id = ? LIMIT 1")) { $stmt->bind_param('i', $uid); // Bind "$uid" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if($stmt->num_rows == 1) { // If the user exists $stmt->bind_result($password); // get variables from result. $stmt->fetch(); $login_check = hash('sha512', $password.$user_browser); if($login_check == $login_string) { // Logged In!!!! return true; } else{ // Not logged in return false; } } else{ // Not logged in return false; } } else{ // Not logged in return false; } } else{ // Not logged in return false; } } } As you can see, the sessions gets saved into /sessions and the old sessions is still there but they doesn't get "regenerated" by the session_regenerate_id(true); I also have another issue regarding iPhone Safari image uploads. When I try to upload an image using Safari from the iPhone the bar just loads forever. I've tested the upload code and it works for both PC (Tested on Windows using Google Chrome & Internet Explorer and on Android smartphones using Google Chrome). Here's the upload code I'm using: echo '<br><br> <form action="index.php?page=jobb&action=view&jobbid='.$jobbid.'" method="POST" enctype="multipart/form-data"> Ladda upp foto(n): <input type="file" accept="image/*" capture="camera" name="pictures[]" required="" multiple> <input type="submit" name="upload" value="Ladda upp"> </form>'; if(isset($_FILES['pictures'], $_GET['jobbid'])) { $extensions = array("jpeg", "jpg", "png"); $img_dir = "images/"; foreach($_FILES['pictures']['tmp_name'] as $key => $tmp_name) { $file_name = $key.$_FILES['pictures']['name'][$key]; $file_tmp = $_FILES['pictures']['tmp_name'][$key]; $file_type = $_FILES['pictures']['type'][$key]; $file_ext = strtolower(end(explode(".", $_FILES['pictures']['name'][$key]))); if(in_array($file_ext, $extensions) === true) { $path = $img_dir.generateRandomString().".".$file_ext; move_uploaded_file($file_tmp, $path); $stmt = $mysqli->stmt_init(); $stmt->prepare("INSERT INTO pictures VALUES (?,?)"); $stmt->bind_param("si", $path, $_GET['jobbid']); $stmt->execute(); $stmt->close(); } } } Thanks in advance!
-
Provide your code please...
-
Yeah so I've head, although I haven't got the hang of it yet.
-
I'm not using mysql_ functions. I'm not the OP... I just edited his code, didn't really want to get him side-tracked by replacing his mysql_ functions with mysqli functions. I'm sure you know there's a real_escape_string function for MySQLi aswell. That's what I meant with this: Oh... I've been told to use it on each freaking query I make... Well, you learn something every day. Thanks!
-
That's what I'm using. MySQLi.
-
Oh... I've been told to use it on each freaking query I make... Well, you learn something every day. Thanks!
-
If everything works fine when you disable the CSS, then something is wrong with your CSS. Anyways, I reformatted your code a little: $sql = "SELECT * FROM producten"; $sql = mysql_real_escape_string($sql); // Prevent SQL Injections $myData = mysql_query($sql, $con); echo '<table border="0" width="100%" cellpadding="0" cellspacing="0" id="product-table"> <tr> <th class="table-header-check"><a id="toggle-all" ></a> </th> <th class="table-header-repeat line-left minwidth-1"><a href="">Product</a> </th> <th class="table-header-repeat line-left minwidth-1"><a href="">Categorie</a></th> <th class="table-header-repeat line-left"><a href="">Beschrijving</a></th> <th class="table-header-repeat line-left"><a href="">Nr</a></th> <th class="table-header-repeat line-left"><a href="">Prijs</a></th> <th class="table-header-options line-left"><a href="">Options</a></th> </tr>'; while($record = mysql_fetch_array($myData)){ echo "<tr>"; echo '<td><input type="checkbox"/></td>'; echo "<td> " . $record['Product'] ." </td>"; echo "<td> " . $record['Item'] . " </td>"; echo "<td> " . $record['Description'] . " </td>"; echo "<td> " . $record['Extra'] . " </td>"; echo "<td> " . $record['Valuta'] . " </td>"; echo "<td> " . $record['Price'] . " </td>"; echo "</tr>"; } echo "</table>"; mysql_close($con);