Problems

[ucahg]

I always seem to have many problems with my scripts, even where it seems there should not be any. I was changing my script around to try to get the cookies to work, but I have no idea what is wrong now. Can anybody help me? Thanks in advance.

PHP Code:

<?php
// admin_access.php

/*
  quick logout function until a full logout function
  is created.
*/

if ($logout == "yes") {
  setcookie("sgf_logged_in[0]");
  setcookie("sgf_logged_in[1]");
  echo "you have been logged out";
  exit;
}

/* Include the files needed for the script */
//include("db.php");
// not needed now

/*
   set secret variable here, which
   is combined with other variables
   to make a hash.
*/
$secret_hash_variable = "###########";

/*
   if the login cookie doesn't exist,
   display the login page;  if the login
   page has been already submitted, verify
   the values and set the cookie, then
   proceed with the page.
*/
if (!$HTTP_COOKIE_VARS['sgf_logged_in[0]']) {
  if ($form != "Site Admin Login") {
    $maindatafile = "login";
    include("blue.template");
    exit;
  }
  else {
    mysql_connect('localhost');
    $verify_query = "SELECT * FROM sgf.users WHERE username='$username' AND password=PASSWORD('$password');";
    $verify_result = mysql_query($verify_query);
    if (mysql_num_rows($verify_result) == 0) {
      $maindatafile = "login";
      $feedback = "Invalid username/password combination. Please try again:";
      include("blue.template");
      exit;
    }
    else {
      while ($query_results = mysql_fetch_array($verify_result)) {
        $db1_user_id = $query_results['user_id'];
        $db1_number_of_sessions = $query_results['number_of_sessions'];
      }
      $db1_number_of_sessions++;
      $sessions_update_query = "UPDATE sgf.users SET last_login = NULL, number_of_sessions = '$db1_number_of_sessions' WHERE user_id = '$db1_user_id';";
      mysql_query($sessions_update_query);
      $verify_query = "SELECT * FROM sgf.users WHERE user_id='$login_cookie[0]';";
      $verify_result = mysql_query($verify_query);
      while ($query_results = mysql_fetch_array($verify_result)) {
        $db2_first_name = $query_results['first_name'];
        $db2_last_name = $query_results['last_name'];
        $db2_email = $query_results['email'];
        $db2_username = $query_results['usernane'];
        $db2_password = $query_results['password'];
        $db2_last_login = $query_results['last_login'];
        $db2_number_of_sessions = $query_results['number_of_sessions'];
      }
      setcookie("sgf_logged_in[0]",$db1_user_id);
      setcookie("sgf_logged_in[1]",md5($db2_user_id.$db2_first_name.$db2_last_name.$db2_email.$db2_username.$db2_password.$db2_last_login.$db2_number_of_sessions.$secret_hash_variable));
// refresh for the cookie to work
      header("Location: $PHP_SELF");
    }
  }
}
else {
//  add the cookie array to a variable
  $login_cookie = $HTTP_COOKIE_VARS[sgf_logged_in];
  $verify_query = "SELECT * FROM sgf.users WHERE user_id='$login_cookie[0]';";
  $verify_result = mysql_query($verify_query);
  while ($query_results = mysql_fetch_array($verify_result)) {
    $db_user_id = $query_results['user_id'];
    $db_first_name = $query_results['first_name'];
    $db_last_name = $query_results['last_name'];
    $db_email = $query_results['email'];
    $db_username = $query_results['usernane'];
    $db_password = $query_results['password'];
    $db_last_login = $query_results['last_login'];
    $db_number_of_sessions = $query_results['number_of_sessions'];
  }
  $hash = md5($db_user_id.$db_first_name.$db_last_name.$db_email.$db_username.$db_password.$db_last_login.$db_number_of_sessions.$secret_hash_variable);
  if ($login_cookie[1] != $hash) {
    echo "AAAUGH IT DID NOT WORK!<br>$login_cookie[0]; $login_cookie[1]<br><br>$login_cookie[1]<br>$hash";
    exit;
  }
  else {
    //the page will continue.
  }
}
?>

It just keeps returning to the login page, with no special feedback.


blue.template includes the header, the footer and $maindatafile.sgf, in this case, login.

login.sgf includes <input type="hidden" name="form" value="Site Admin Form"> and also includes:

PHP Code:

echo $feedback; 


Any help would be greatly appreciated, and sorry for the long post, but I don't quite know where in the script the error lies. Again, thanks.

[ucahg]

I've fixed one problem, with the if statement to check if the cookie exists, I took out the array. Now it checks for sgf_logged_in, not sgf_logged_in[0].

[ucahg]

Now if I enter my username and password again (after I already entered it and I get back to the login page), I recieve this:

AAAUGH IT DID NOT WORK!
0; 027b64bc7c2f54117dd365e6594de948

027b64bc7c2f54117dd365e6594de948
5fbf5ada45b017bc0987061fd004c7ff

I put the two hashes directly over top of each other.
They should be the same. Can anyone see why they would be different? Thanks!

[ucahg]

Anybody???

[ucahg]

For the most part I have it figured out.
Thanks anyway.