SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Sep 2003
    Location
    cleveland
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Session / Cookie Woes

    I'm having a bit of trouble using cookies to store session variables. The idea is to have the user login, with an option to set a cookie remembering that users name so they dont have to log in again the next time they visit the site.

    Everything seems to work fine until I close my browser window and reload the page, then my cookie variable isnt being reassigned to the $_session variable.

    It's my first time working with sessions, so I'm sure it is some silly error, but I can't seem to track it down.

    PHP Code:
    <?
    function auth_login($username,$password,$remember='') {
    if(!isset($_SESSION['$auth_username'])){
    $password = stripslashes(md5($password)); 
    $username = stripslashes(strtolower($username));
    $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $sql = mysql_query($query); 
    $login_check = mysql_num_rows($sql); 

    if($login_check > 0){ 
    $row = mysql_fetch_array($sql);
    $_SESSION['auth_username'] = $row["username"];
    $_SESSION['auth_userlevel'] = $row["userlevel"];
        if($remember){
        SetCookie("auth_cookie",$auth_username,time()+31536000);
        }
    return true;

    } else { return false; } 
    }

    function auth_isremembered() {
    if(!isset($_SESSION['$auth_username'])){
        if($auth_cookie){
        $_SESSION['auth_username'] = $auth_cookie;
        $query = "SELECT userlevel FROM users WHERE username='$auth_username'";
        $sql = mysql_query($query); 
        $row = mysql_fetch_array($sql);
        $_SESSION['auth_userlevel'] = $row["userlevel"];
        return true;
        }
        else {
        return false;
        }
    }
    }
    ?>
    As my test of the functions, I'm doign this:

    PHP Code:
    <?
    session_start();
    conn();
    if (auth_isremembered()) {
    echo ("auth_isremembered : $auth_username / $auth_userlevel<br><br>");
    exit;
    }

    if (auth_login("jason","jason","1")) {
    echo ("auth_login : $auth_username / $auth_userlevel<br><br>");
    } else {
        echo "login failed";
    }
    ?>

    What am I doing wrong here?

  2. #2
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First, where does $auth_cookie come from and second, given your application I could easily login as every user. I would simply have to create a cookie with the username of the user in it. You'd better store the username and the md5'ed password in cookies and do a full permission check.

  3. #3
    SitePoint Member
    Join Date
    Sep 2003
    Location
    cleveland
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $auth_cookie is the cookie that gets set once the user/pass is validated against the submited variables. It contains the users login name. (Additionally a cookie will now be set storing the md5 of the password, I can't believe that didnt occur to me)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •