On my index.php
Code: Select all
...
...
if ($auth) {
require_once 'session.php';
setcookie("login");
$cookieValue = mt_rand() . "_" . $POST_username;
setcookie('login',$cookieValue,time()+3600);
$_SESSION['login'] = $cookieValue;
// add_access_entry("Logged in as $POST_username");
redir("YES","Login successful.","backend.php?page=general&subpage=news");
}Code: Select all
ini_set('register_globals','Off');
ini_set('session.use_cookies',1);
ini_set('session.use_only_cookies',1);
ini_set('session.referer_check',1);
ini_set('session.use_trans_sid',0);
ini_set('url_rewriter.tags','');
session_start();
header("Cache-control: private"); // IE FixCode: Select all
require_once 'session.php';
... other requires ...
...
print_r($_SESSION); //debug
print_r($_COOKIE); // debug
if(isset($_COOKIE['login']) && isset($_SESSION['login'])) {
if($_COOKIE['login'] == $_SESSION['login']) {
$logged = true;
} else {
$logged = false;
}
} else {
$logged = false;
}
if (!$logged)
{
setcookie('login');
unset($_SESSION['login']);
session_unset();
session_destroy();
redir("YES","Please login first.","index.php");
}Code: Select all
function redir($redir, $msg, $page, $time = 6) {
if ($redir == "YES")
{
$msg .= "<br />
Click <a href=\"$page\">here</a> to continue.";
$refresh = " <meta http-equiv=\"refresh\" content=\"$time; url=$page\">";
$title = " <title>Redirecting to $page .. - MAO</title>";
}
else
{
$refresh = " <meta http-equiv=\"refresh\" content=\"$time; url=$page\">";
$title = " <title>Page terminated .. - MAO</title>";
}
echo "
<!DOCTYPE html
PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\" />
$refresh
<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\" />
$title
</head>
<body>
<div class=\"redir\" id=\"redir\">
<p align=\"center\">
<img border=\"0\" src=\"images/redirecting.jpg\" width=\"400\" height=\"100\">
</p>
<p align=\"center\">
$msg <br />
</p>
<hr noshade size=\"1\" width=\"70%\" />
<p align=\"center\">
© 2006. Programmed and Designed by **
</p>
</div>
</body>
</html>";
exit();
}Again take note this all works fine on my local server and I did not intend for any advanced security on these pages as I still have alot to learn about it.
Kindly point out any errors in my code and I am happy to take criticism aswell. Thanks.