Hello,
I have a login script that worked for a long time, but after the reset of our server, it doesn’t work correct.
- You can login
- you can browse for a while
- And then with no reason your logout
- It’s not a specific part of the website, it can happen everywhere.
I’m not very good in this cookie thing, so someone build it a few years ago.
on the website this is the script:
This part is to check if you are logged in, simple php.
if(!is_ingelogd())
{
$persnr = '0';
if(isset($_GET['pagina']) && $_GET['pagina'] == "ww_vergeten")
{
include_once("paginas/wachtwoord_vergeten.php");
$maintitel = "Forgot password";
}
ELSE
{
//If you are not logged in
$maintitel = "U bent niet ingelogd";
$welkom = 'Welkom op de medewerkers site van J.C. Sound & Light.<br/><br/>Om verder te gaan dient u in te loggen, dit kunt u hier aan de rechterkant doen.<br/><br/><br/><br/>
<a href="?pagina=ww_vergeten"><i>klik hier als u uw wachtwoord vergeten bent.</i></a>';
}
}
else{
//you are logged in
}
cookies functions
function randomcode($input=10)
{
$letters = array ("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o",
"p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "1", "2", "3", "4", "5", "6", "7", "8", "9", "0");
$code = "";
for ($i = 0; $i < $input; $i++){
if($i % 2){
$code .= strtoupper($letters[rand(0, count($letters)-1)]);
}
else{
$code .= strtolower($letters[rand(0, count($letters)-1)]);
}
}
return $code;
}
function set_inlog($list,$time=0){
include("./includes/config.php");
$key = randomcode(15);
$onlinetijd = time();
$qry = $connection->prepare("UPDATE
mw_gegevens
SET
mw_gegevens_ckey = ?,
mw_gegevens_logintime = ?
WHERE
mw_gegevens_id = ?
");
if($qry === false)
{
echo "Query error:.". $connection->error();
}
$qry->bind_param('sii', $key,$onlinetijd,$list['mw_gegevens_id']);
$qry->execute();
$qry->close();
setcookie ("SMW_id", $list['mw_gegevens_id'], $time, "/");
setcookie ("SMW_persnr", $list['mw_gegevens_persnr'], $time, "/");
setcookie ("SMW_key", $key, $time, "/");
setcookie ("SMW_time", $onlinetijd, $time, "/");
}
function is_ingelogd($rtrnlist=0){
include("./includes/config.php");
if (
isset($_COOKIE["SMW_id"]) &&
isset($_COOKIE["SMW_persnr"]) &&
isset($_COOKIE["SMW_key"])
){
$SMW_ID = $_COOKIE['SMW_id'];
$SMW_PERSNR = $_COOKIE['SMW_persnr'];
$SMW_KEY = $_COOKIE['SMW_key'];
$qry = $connection->query("
SELECT
*
FROM
mw_gegevens
WHERE
mw_gegevens_id = '".$SMW_ID."'
AND
mw_gegevens_persnr = '".$SMW_PERSNR."'
AND
mw_gegevens_ckey = '".$SMW_KEY."'
")
;
if($qry->num_rows == 1){
if($rtrnlist){
return $qry->fetch_assoc();
}
else{
return true;
}
}
else{
$false = 1;
}
}
else{
$false = 1;
}
if($false){
del_inlog();
return false;
}
}
Login script
if(isset($_POST['login']))
{
$password = $_POST['mw_pass'];
//check personal salt
$saltqry = $connection->query("
SELECT
salt,
mw_gegevens_groep
FROM
mw_gegevens
WHERE
mw_gegevens_persnr='".$_POST['mw_user']."'
");
($erroruitkomst = $saltqry->fetch_assoc());
if($saltqry->num_rows == 0)
{
$salt='';
}
else
{
$salt = $erroruitkomst['salt'];
}
//include_once('inlog/passcrypt.php');
$Nieuw_ww = crypt($password, '*******' . $salt);
$userpassword = $Nieuw_ww;
$mw_gegevens_qry = $connection->query("
SELECT
*
FROM
mw_gegevens
WHERE
mw_gegevens_persnr='".$_POST['mw_user']."'
AND
mw_gegevens_pass='".$userpassword."'
AND
mw_gegevens_pass!=''
");
($mwgegevens = $mw_gegevens_qry->fetch_assoc());
if($_POST['mw_user']=='')
{
$aErrors=71;
}
elseif($_POST['mw_pass']=='')
{
$aErrors=8;
}
elseif($_POST['mw_pass']!='' && $_POST['mw_user']!='' && $mw_gegevens_qry->num_rows == 0)
{
$aErrors= 91;
}
elseif($saltqry->num_rows != 0 && $erroruitkomst['mw_gegevens_groep']==7)
{
$aErrors= 11;
}
elseif($saltqry->num_rows == 1)
{
$aErrors=0;
}
else
{
$aErrors=9999;
}
if($aErrors!=0)
{
$error=$aErrors;
//inlogerror log
include($pathmw.'includes/error.php');
$qry = $connection->query("
insert into
mw_errorlog
SET
logintime = '".mysql_real_escape_string(time())."',
ipadres = '".$_SERVER['REMOTE_ADDR']."',
mwnr = ?,
melding = '". $aErrors."'
");
if($qry === false)
{
echo "Query error:.". $connection->error();
}
else
{ $qry->bind_param('i', $_POST['mw_user']);
$qry->execute();
$qry->close();
$welkom .= '<br/><font color=red>Fout bij inloggen: ' . $errormessage .' </font><br/><br/>';
}
}
else
{
set_inlog($mwgegevens);
if(isset($_GET['pagina']))
{
header("location: ?pagina=".$_GET['pagina']);
}
else
{
header("location: index.php?pagina=home");
}
exit;
}
}