Sandy007
09-27-2005, 04:25 PM
I have created my own login page using forum functions that creates the cookies on login, but the problem is when I get login with my own login page and goes to forum page and leaves the site it keeps me logeed in on IE but not on mozilla :(
please let me know simple method to get login so that cookies remains when user comes back on mozilla or please let me know if I am missing something in the code.
Here is the page code :
require_once('global.php');
include("includes/functions_user.php");
require_once('includes/functions_login.php');
//I have defined this function on the page
function verify_authentication1($username, $password ,$send_cookies)
{
global $DB_site, $bbuserinfo, $_REQUEST, $_COOKIE;
//echo "SELECT userid, usergroupid, membergroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '" . addslashes(htmlspecialchars_uni($username)) . "'";
if ($bbuserinfo = $DB_site->query_first("SELECT userid, usergroupid, membergroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '" . addslashes(htmlspecialchars_uni($username)) . "'"))
{
if ($send_cookies)
{
if ($_REQUEST['cookieuser'])
{
vbsetcookie('userid', $bbuserinfo['userid']);
vbsetcookie('password', md5($bbuserinfo['password'] . '4380a842'));
}
else if ($_COOKIE[COOKIE_PREFIX . 'userid'] AND $_COOKIE[COOKIE_PREFIX . 'userid'] != $bbuserinfo['userid'])
{
// we have a cookie from a user and we're logging in as
// a different user and we're not going to store a new cookie,
// so let's unset the old one
vbsetcookie('userid', '');
vbsetcookie('password', '');
}
}
return true;
}
return false;
}
//Forum
define('NO_REGISTER_GLOBALS', 1);
define('THIS_SCRIPT', 'login');
//define('SESSION_BYPASS', 1);
// ################### PRE-CACHE TEMPLATES AND DATA ######################
// get special phrase groups
$phrasegroups = array();
// get special data templates from the datastore
$specialtemplates = array();
// pre-cache templates used by all actions
$globaltemplates = array();
// pre-cache templates used by specific actions
$actiontemplates = array(
'lostpw' => array(
'lostpw'
)
);
//if form is posted with username and password validate it and get login
if($_POST['hidlogin']=="Y")
{
//$username=trim($_POST['txtusername']);
$email=trim($_POST['txtusername']);//for the sake of allowed email to be valida login
$password=htmlspecialchars_uni(($_POST['txtpassword']));
if(substr_count($email,"@")==0)
$fld="username";
else
$fld="email";
//echo $password;
$sql_salt="select salt,userid,password,username from user where active=1 and $fld='".addslashes(htmlspecialchars_uni($email))." '";
$rs_salt=mysql_query($sql_salt);
$row_salt=mysql_num_rows($rs_salt);
//echo"<br>'".$sql_salt."'<br>".$row_salt;
if($row_salt!=0)
{
$salt_array=mysql_fetch_array($rs_salt);
$salt=$salt_array[0];
$username=$salt_array[3];
}
$password = md5(md5($password) . $salt);
//echo"<br>".$salt;
//$password=md5($username.$password);
$strlclvalidlogin="select fldUserId from TBL_User_Master where fldUsername='".addslashes(htmlspecialchars_uni($us ername))."' and fldPassword='".$password."'";
$rslogin=mysql_query($strlclvalidlogin);
$row=mysql_num_rows($rslogin);
//echo "<br>".$strlclvalidlogin;
if($row!=0)
{
$flag=1;
//Forum Code
verify_authentication1($username, $password, true);
$strikes = verify_strike_status($username);
exec_unstrike_user($username);
$DB_site->query("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . addslashes($session['dbsessionhash']) . "'");
$session['sessionhash'] = fetch_sessionhash();
$session['dbsessionhash'] = $session['sessionhash'];
$DB_site->query("
INSERT INTO " . TABLE_PREFIX . "session
(sessionhash, userid, host, idhash, lastactivity, styleid, loggedin, bypass, useragent)
VALUES
('" . addslashes($session['sessionhash']) . "', " . intval($bbuserinfo['userid']) . ", '" . addslashes(SESSION_HOST) . "', '" . addslashes(SESSION_IDHASH) . "', " . TIMENOW . ", $session[styleid], 1, " . iif ($logintype === 'cplogin', 1, 0) . ", '" . addslashes(USER_AGENT) . "')
");
vbsetcookie('sessionhash', $session['sessionhash'], 0);
if ($nosessionhash == 1)
{ // if user is working through cookies, blank out the sessionhash
$shash = $session['sessionhash'] = '';
$surl = $session['sessionurl'] = '';
$surlJS = $session['sessionurl_js'] = '';
}
else
{
$shash = $session['sessionhash'];
$surl = $session['sessionurl'] = 's=' . $session['sessionhash'] . '&';
$surlJS = $session['sessionurl_js'] = 's=' . $session['sessionhash'] . '&';
}
// admin control panel or upgrade script login
if ($logintype === 'cplogin')
{
$permissions = cache_permissions($bbuserinfo, false);
$bbuserinfo['permissions'] = &$permissions;
if ($permissions['adminpermissions'] & CANCONTROLPANEL)
{
// update CSS preferences if administrator wants to
globalize($_POST, array('cssprefs' => STR));
if ($cssprefs != '')
{
$cssprefs = str_replace(array('..', '/', '\\'), '', $cssprefs); // get rid of harmful characters
if ($cssprefs != '' AND @file_exists("./cpstyles/$cssprefs/controlpanel.css"))
{
$DB_site->query("UPDATE " . TABLE_PREFIX . "administrator SET cssprefs = '" . addslashes($cssprefs) . "' WHERE userid = $bbuserinfo[userid]");
}
}
$cpsession = fetch_sessionhash();
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "cpsession (userid, hash, dateline) VALUES ($bbuserinfo[userid], '" . addslashes($cpsession) . "', " . TIMENOW . ")");
vbsetcookie('cpsession', $cpsession, 0);
if (!$_REQUEST['cookieuser'] AND empty($_COOKIE[COOKIE_PREFIX . 'userid']))
{
vbsetcookie('userid', $bbuserinfo['userid'], 0);
vbsetcookie('password', md5($bbuserinfo['password'] . '4380a842'), 0);
}
}
}
// moderator control panel login
if ($logintype === 'modcplogin')
{
$permissions = cache_permissions($bbuserinfo, false);
$bbuserinfo['permissions'] = &$permissions;
include_once('./includes/functions_calendar.php');
if (can_moderate() OR can_moderate_calendar())
{
$cpsession = fetch_sessionhash();
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "cpsession (userid, hash, dateline) VALUES ($bbuserinfo[userid], '" . addslashes($cpsession) . "', " . TIMENOW . ")");
vbsetcookie('cpsession', $cpsession, 0);
if (!$_REQUEST['cookieuser'] AND empty($_COOKIE[COOKIE_PREFIX . 'userid']))
{
vbsetcookie('userid', $bbuserinfo['userid'], 0);
vbsetcookie('password', md5($bbuserinfo['password'] . '4380a842'), 0);
}
}
}
if ($url == 'login.php' OR $url == "$vboptions[forumhome].php" OR strpos($url, 'do=logout') !== false)
{
$url = "$vboptions[forumhome].php?$surl";
}
else
{
$url = fetch_replaced_session_url($url);
}
$postvars = construct_hidden_var_fields($postvars);
$temp = strpos($url, '?');
if ($temp)
{
$formfile = substr($url, 0, $temp);
}
else
{
$formfile = $url;
}
//Forum Code End
}
else
{
echo "<script langauge='javascript'>";
echo "alert('Invalid User Name or Password');";
echo "</script>";
$flag=0;
}
}
please let me know simple method to get login so that cookies remains when user comes back on mozilla or please let me know if I am missing something in the code.
Here is the page code :
require_once('global.php');
include("includes/functions_user.php");
require_once('includes/functions_login.php');
//I have defined this function on the page
function verify_authentication1($username, $password ,$send_cookies)
{
global $DB_site, $bbuserinfo, $_REQUEST, $_COOKIE;
//echo "SELECT userid, usergroupid, membergroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '" . addslashes(htmlspecialchars_uni($username)) . "'";
if ($bbuserinfo = $DB_site->query_first("SELECT userid, usergroupid, membergroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '" . addslashes(htmlspecialchars_uni($username)) . "'"))
{
if ($send_cookies)
{
if ($_REQUEST['cookieuser'])
{
vbsetcookie('userid', $bbuserinfo['userid']);
vbsetcookie('password', md5($bbuserinfo['password'] . '4380a842'));
}
else if ($_COOKIE[COOKIE_PREFIX . 'userid'] AND $_COOKIE[COOKIE_PREFIX . 'userid'] != $bbuserinfo['userid'])
{
// we have a cookie from a user and we're logging in as
// a different user and we're not going to store a new cookie,
// so let's unset the old one
vbsetcookie('userid', '');
vbsetcookie('password', '');
}
}
return true;
}
return false;
}
//Forum
define('NO_REGISTER_GLOBALS', 1);
define('THIS_SCRIPT', 'login');
//define('SESSION_BYPASS', 1);
// ################### PRE-CACHE TEMPLATES AND DATA ######################
// get special phrase groups
$phrasegroups = array();
// get special data templates from the datastore
$specialtemplates = array();
// pre-cache templates used by all actions
$globaltemplates = array();
// pre-cache templates used by specific actions
$actiontemplates = array(
'lostpw' => array(
'lostpw'
)
);
//if form is posted with username and password validate it and get login
if($_POST['hidlogin']=="Y")
{
//$username=trim($_POST['txtusername']);
$email=trim($_POST['txtusername']);//for the sake of allowed email to be valida login
$password=htmlspecialchars_uni(($_POST['txtpassword']));
if(substr_count($email,"@")==0)
$fld="username";
else
$fld="email";
//echo $password;
$sql_salt="select salt,userid,password,username from user where active=1 and $fld='".addslashes(htmlspecialchars_uni($email))." '";
$rs_salt=mysql_query($sql_salt);
$row_salt=mysql_num_rows($rs_salt);
//echo"<br>'".$sql_salt."'<br>".$row_salt;
if($row_salt!=0)
{
$salt_array=mysql_fetch_array($rs_salt);
$salt=$salt_array[0];
$username=$salt_array[3];
}
$password = md5(md5($password) . $salt);
//echo"<br>".$salt;
//$password=md5($username.$password);
$strlclvalidlogin="select fldUserId from TBL_User_Master where fldUsername='".addslashes(htmlspecialchars_uni($us ername))."' and fldPassword='".$password."'";
$rslogin=mysql_query($strlclvalidlogin);
$row=mysql_num_rows($rslogin);
//echo "<br>".$strlclvalidlogin;
if($row!=0)
{
$flag=1;
//Forum Code
verify_authentication1($username, $password, true);
$strikes = verify_strike_status($username);
exec_unstrike_user($username);
$DB_site->query("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . addslashes($session['dbsessionhash']) . "'");
$session['sessionhash'] = fetch_sessionhash();
$session['dbsessionhash'] = $session['sessionhash'];
$DB_site->query("
INSERT INTO " . TABLE_PREFIX . "session
(sessionhash, userid, host, idhash, lastactivity, styleid, loggedin, bypass, useragent)
VALUES
('" . addslashes($session['sessionhash']) . "', " . intval($bbuserinfo['userid']) . ", '" . addslashes(SESSION_HOST) . "', '" . addslashes(SESSION_IDHASH) . "', " . TIMENOW . ", $session[styleid], 1, " . iif ($logintype === 'cplogin', 1, 0) . ", '" . addslashes(USER_AGENT) . "')
");
vbsetcookie('sessionhash', $session['sessionhash'], 0);
if ($nosessionhash == 1)
{ // if user is working through cookies, blank out the sessionhash
$shash = $session['sessionhash'] = '';
$surl = $session['sessionurl'] = '';
$surlJS = $session['sessionurl_js'] = '';
}
else
{
$shash = $session['sessionhash'];
$surl = $session['sessionurl'] = 's=' . $session['sessionhash'] . '&';
$surlJS = $session['sessionurl_js'] = 's=' . $session['sessionhash'] . '&';
}
// admin control panel or upgrade script login
if ($logintype === 'cplogin')
{
$permissions = cache_permissions($bbuserinfo, false);
$bbuserinfo['permissions'] = &$permissions;
if ($permissions['adminpermissions'] & CANCONTROLPANEL)
{
// update CSS preferences if administrator wants to
globalize($_POST, array('cssprefs' => STR));
if ($cssprefs != '')
{
$cssprefs = str_replace(array('..', '/', '\\'), '', $cssprefs); // get rid of harmful characters
if ($cssprefs != '' AND @file_exists("./cpstyles/$cssprefs/controlpanel.css"))
{
$DB_site->query("UPDATE " . TABLE_PREFIX . "administrator SET cssprefs = '" . addslashes($cssprefs) . "' WHERE userid = $bbuserinfo[userid]");
}
}
$cpsession = fetch_sessionhash();
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "cpsession (userid, hash, dateline) VALUES ($bbuserinfo[userid], '" . addslashes($cpsession) . "', " . TIMENOW . ")");
vbsetcookie('cpsession', $cpsession, 0);
if (!$_REQUEST['cookieuser'] AND empty($_COOKIE[COOKIE_PREFIX . 'userid']))
{
vbsetcookie('userid', $bbuserinfo['userid'], 0);
vbsetcookie('password', md5($bbuserinfo['password'] . '4380a842'), 0);
}
}
}
// moderator control panel login
if ($logintype === 'modcplogin')
{
$permissions = cache_permissions($bbuserinfo, false);
$bbuserinfo['permissions'] = &$permissions;
include_once('./includes/functions_calendar.php');
if (can_moderate() OR can_moderate_calendar())
{
$cpsession = fetch_sessionhash();
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "cpsession (userid, hash, dateline) VALUES ($bbuserinfo[userid], '" . addslashes($cpsession) . "', " . TIMENOW . ")");
vbsetcookie('cpsession', $cpsession, 0);
if (!$_REQUEST['cookieuser'] AND empty($_COOKIE[COOKIE_PREFIX . 'userid']))
{
vbsetcookie('userid', $bbuserinfo['userid'], 0);
vbsetcookie('password', md5($bbuserinfo['password'] . '4380a842'), 0);
}
}
}
if ($url == 'login.php' OR $url == "$vboptions[forumhome].php" OR strpos($url, 'do=logout') !== false)
{
$url = "$vboptions[forumhome].php?$surl";
}
else
{
$url = fetch_replaced_session_url($url);
}
$postvars = construct_hidden_var_fields($postvars);
$temp = strpos($url, '?');
if ($temp)
{
$formfile = substr($url, 0, $temp);
}
else
{
$formfile = $url;
}
//Forum Code End
}
else
{
echo "<script langauge='javascript'>";
echo "alert('Invalid User Name or Password');";
echo "</script>";
$flag=0;
}
}