I always seem to have many problems with my scripts, even where it seems there should not be any. I was changing my script around to try to get the cookies to work, but I have no idea what is wrong now. Can anybody help me? Thanks in advance.
PHP Code:<?php
// admin_access.php
/*
quick logout function until a full logout function
is created.
*/
if ($logout == "yes") {
setcookie("sgf_logged_in[0]");
setcookie("sgf_logged_in[1]");
echo "you have been logged out";
exit;
}
/* Include the files needed for the script */
//include("db.php");
// not needed now
/*
set secret variable here, which
is combined with other variables
to make a hash.
*/
$secret_hash_variable = "###########";
/*
if the login cookie doesn't exist,
display the login page; if the login
page has been already submitted, verify
the values and set the cookie, then
proceed with the page.
*/
if (!$HTTP_COOKIE_VARS['sgf_logged_in[0]']) {
if ($form != "Site Admin Login") {
$maindatafile = "login";
include("blue.template");
exit;
}
else {
mysql_connect('localhost');
$verify_query = "SELECT * FROM sgf.users WHERE username='$username' AND password=PASSWORD('$password');";
$verify_result = mysql_query($verify_query);
if (mysql_num_rows($verify_result) == 0) {
$maindatafile = "login";
$feedback = "Invalid username/password combination. Please try again:";
include("blue.template");
exit;
}
else {
while ($query_results = mysql_fetch_array($verify_result)) {
$db1_user_id = $query_results['user_id'];
$db1_number_of_sessions = $query_results['number_of_sessions'];
}
$db1_number_of_sessions++;
$sessions_update_query = "UPDATE sgf.users SET last_login = NULL, number_of_sessions = '$db1_number_of_sessions' WHERE user_id = '$db1_user_id';";
mysql_query($sessions_update_query);
$verify_query = "SELECT * FROM sgf.users WHERE user_id='$login_cookie[0]';";
$verify_result = mysql_query($verify_query);
while ($query_results = mysql_fetch_array($verify_result)) {
$db2_first_name = $query_results['first_name'];
$db2_last_name = $query_results['last_name'];
$db2_email = $query_results['email'];
$db2_username = $query_results['usernane'];
$db2_password = $query_results['password'];
$db2_last_login = $query_results['last_login'];
$db2_number_of_sessions = $query_results['number_of_sessions'];
}
setcookie("sgf_logged_in[0]",$db1_user_id);
setcookie("sgf_logged_in[1]",md5($db2_user_id.$db2_first_name.$db2_last_name.$db2_email.$db2_username.$db2_password.$db2_last_login.$db2_number_of_sessions.$secret_hash_variable));
// refresh for the cookie to work
header("Location: $PHP_SELF");
}
}
}
else {
// add the cookie array to a variable
$login_cookie = $HTTP_COOKIE_VARS[sgf_logged_in];
$verify_query = "SELECT * FROM sgf.users WHERE user_id='$login_cookie[0]';";
$verify_result = mysql_query($verify_query);
while ($query_results = mysql_fetch_array($verify_result)) {
$db_user_id = $query_results['user_id'];
$db_first_name = $query_results['first_name'];
$db_last_name = $query_results['last_name'];
$db_email = $query_results['email'];
$db_username = $query_results['usernane'];
$db_password = $query_results['password'];
$db_last_login = $query_results['last_login'];
$db_number_of_sessions = $query_results['number_of_sessions'];
}
$hash = md5($db_user_id.$db_first_name.$db_last_name.$db_email.$db_username.$db_password.$db_last_login.$db_number_of_sessions.$secret_hash_variable);
if ($login_cookie[1] != $hash) {
echo "AAAUGH IT DID NOT WORK!<br>$login_cookie[0]; $login_cookie[1]<br><br>$login_cookie[1]<br>$hash";
exit;
}
else {
//the page will continue.
}
}
?>
It just keeps returning to the login page, with no special feedback.
blue.template includes the header, the footer and $maindatafile.sgf, in this case, login.
login.sgf includes <input type="hidden" name="form" value="Site Admin Form"> and also includes:
Any help would be greatly appreciated, and sorry for the long post, but I don't quite know where in the script the error lies. Again, thanks.PHP Code:echo $feedback;
Bookmarks