I broke my script into three parts dbconnect.php, log_in.php, and the main index. I will explain how each part is supposed to work.
db_conn connects to my database, check_user makes sure that it is a valid username, log_pass grabs the password of a username from the database.
--dbconnect.php
Code: Select all
<?php
function db_conn()
{
@ $dbconn = mysql_connect('localhost','myusername', 'mypassword');
mysql_select_db("fpdb", $dbconn);
return $dbconn;
}
function check_user($user)
{
$user = addslashes($user);
$conn = db_conn();
$query = "select * from login where usernm = '$user'";
$result = mysql_query($query);
$num_rows = mysql_num_rows($result);
$user = stripslashes($user);
if ($num_rows == 0) {
$user = "Guest";
}
return $user;
}
function log_pass($user)
{
$user = addslashes($user);
$conn = db_conn();
$query = "select passwd from login where usernm ='$user'";
$result = mysql_query($query);
$data = mysql_fetch_array($result);
$password = $data['passwd'];
$password = stripslashes($password);
return $password;
}
?>--log_in.php
Code: Select all
<?php
include('/home/fanciersplus/www/dbconnect.php');
$back = $_SERVER['HTTP_REFERER'];
if ($back == "http://www.fanciersplus.com/index.php" || $back == "http://www.fanciersplus.com/"){
if (isset($_POST['user'])) {
$user = $_POST['user'];
$fanciersplus = $_POST['pass'];
$remember = $_POST['remember'];
$fanciersplus = md5($fanciersplus);
$fanciersplus = substr($fanciersplus, 0,15);
setcookie ("user", $user, time()+200, "/", ".fanciersplus.com");
setcookie ("fanciersplus", $fanciersplus, time()+200, "/", ".fanciersplus.com");
setcookie ("remember", $remember, time()+200, "/", ".fanciersplus.com");
header("Location: http://www.fanciersplus.com/index.php");
die();
}
}
else{
if (isset($_POST['user'])) {
$user = $_POST['user'];
$fanciersplus = $_POST['pass'];
$remember = $_POST['remember'];
$fanciersplus = md5($fanciersplus);
$fanciersplus = substr($fanciersplus, 0,15);
setcookie ("user", $user, time()+200, "/", ".fanciersplus.com");
setcookie ("fanciersplus", $fanciersplus, time()+200, "/", ".fanciersplus.com");
setcookie ("remember", $remember, time()+200, "/", ".fanciersplus.com");
$checkuser = check_user($user);
if ($checkuser != "Guest"){
$password = log_pass($user);
}
else{
header("Location: http://www.fanciersplus.com/login.php");
}
if ($password != $fanciersplus){
header("Location: http://www.fanciersplus.com/login.php");
}
}
}
?>
<SCRIPT TYPE="text/javascript">
<!--
setTimeout("history.go(-2)",50)
//-->
</SCRIPT>
?>The login validation code, which is only on the index and login page is below that to verify if a username and password are correct if they are not it unsets the cookies and displays an error. If the cookies are valid and have the remember me option selected it sets a cookie to last a year, otherwise it sets a 2 hour cookie it also sets loggedin = true to display different menus for logged in users and to hide the log in. The last thing it checks is if a user is logged in as guest if they are it does not allow caching so after a person logs in it doesn't pull a 'Guest' page from cache.
Not shown in the php code is a javascript redirect to take people to the log in page after 2 hours passes and the cookie expires. So people don't idle on one page 2 hours where the cookie would expire then they attempt to use a feature for logged in users.
--index.php
Code: Select all
<?php
require_once('/home/www/fanciersplus/dbconnect.php');
if (empty($user)) {
$user = "Guest";
$notset = 0;
}
if (isset($_COOKIE['fanciersplus'])) {
$user = $_COOKIE['user'];
$pass = $_COOKIE['fanciersplus'];
$remember = $_COOKIE['remember'];
$notset = 1;
if (!isset($_COOKIE['remember'])) {
setcookie ("user", $user, time()+7200, "/", ".fanciersplus.com");
setcookie ("fanciersplus", $pass, time()+7200, "/", ".fanciersplus.com");
setcookie ("remember", $remember, time()+7200, "/", ".fanciersplus.com");
}
}
if (empty($user)) {
$user = "Guest";
}
if ($user != "Guest") {
$user = check_user($user);
if ($user == "Guest"){
$nameset = 1;
}
}
if ($user != "Guest") {
$password = log_pass($user);
}
else {
$wordset = 1;
}
if ($pass == $password && $wordset != 1) {
if (isset($remember)) {
setcookie ("user", $user, time()+288*360*300, "/", ".fanciersplus.com");
setcookie ("fanciersplus", $pass, time()+288*360*300, "/", ".fanciersplus.com");
setcookie ("remember", $remember, time()+288*360*300, "/", ".fanciersplus.com");
}
else {
setcookie ("user", $user, time()+7200, "/", ".fanciersplus.com");
setcookie ("fanciersplus", $pass, time()+7200, "/", ".fanciersplus.com");
setcookie ("remember", $remember, time()+7200, "/", ".fanciersplus.com");
}
$loggedin = "True";
}
else {
if ($user != "Guest") {
$usererr = "<br><b><span class="submenu">Invalid Password</span></b><br><a href="forgot.php"><span class="submenu">Forgot your password?</span></a><br>";
setcookie ("user", "", time()-3600, "/", ".fanciersplus.com");
setcookie ("fanciersplus", "", time()-3600, "/", ".fanciersplus.com");
setcookie ("remember", "", time()-3600, "/", ".fanciersplus.com");
}
if ($nameset == 1) {
$usererr = "<br><b><span class="submenu">Username doesn't exist</span></b><br><a href="forgot.php"><span class="submenu">Forgot your username?</span></a><br>";
setcookie ("user", "", time()-3600, "/", ".fanciersplus.com");
setcookie ("fanciersplus", "", time()-3600, "/", ".fanciersplus.com");
setcookie ("remember", "", time()-3600, "/", ".fanciersplus.com");
}
$loggedin = "False";
$user = "Guest";
}
if ($user == "Guest"){
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
}
?>I have checked that cookies were enabled on several of the people that have errors. It was easy to check since I have a color change feature I created that uses cookies aswell and if the color does not change that shows that cookies are not enabled.
My descriptions outline how it is supposed to work, when I use this log in it does work fine with no problems, and it does work for many other people. But shortly after my site opened up I started receiving emails of people saying that when they logged in it would take them back to the page and still show them as guest without any errors being displayed. This has only happened with a few people but I still want to fix this error before it happens to any other users.
The error baffles me since I can use the page just fine and people that have given me their username and password do work when I use them on my computer. But they say they continue to have trouble loggin in. I wish the problem were as simple as I forgot a " somewhere but since it does work for me and others that isn't the case.
Any improvements to my code or insight into what might be causing this error would be appriciated...
Thanks,
drakkon