At first the cookie was working fine, then I changed some code in the custom function 'insert_online_user($user_id)' (line 146 of functions.php) because i noticed there was an error in the MySQL query and suddenly login.php stops creating the new cookie.
Home.php which is where the login takes you when you have entered correct info (home.php has nothing in it except for "include('header.php');" but if the cookie doesn't exist it just sends you back to login.php.
Here's the code anyway, if you can see where the problem is then please let me know, I just can't figure it out!
Login.php
Code: Select all
<?php
// First check to see if user is already logged in
if (isset($_COOKIE["KoG"])){
header('Location: home.php');
exit;
}
// we must never forget to start the session
session_start();
include ('library/functions.php');
$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
// first check if the number submitted is correct
$number = strip_tags($_POST['txtNumber']);
if (md5($number) == $_SESSION['ranval']) {
open_db();
$userId = strip_tags($_POST['txtUserId']);
$password = strip_tags($_POST['txtPassword']);
// check if the user id and password combination exist in database
$sql = "SELECT * FROM memuserlist WHERE user='$userId' AND user_password=PASSWORD('$password')";
$result = sql_query($sql) or die('MySQL ERROR. ' . mysql_error() . 'Please inform the administrator!');
close_db();
if (mysql_num_rows($result) == 1) {
// the user id and password match,
// implode result and set it to a cookie
$cookieinput = implode('.,.', $result);
setcookie("KoG",$cookieinput);
// remove the random value from session
$_SESSION['ranval'] = '';
// after login we move to the main page
header('Location: home.php');
exit;
}
else {
$errorMessage = 'User/Pass incorrect!';
}
}
else {
$errorMessage = 'Captcha incorrect!';
}
}
?>Code: Select all
<?php
// Basic database query
function sql_query($query) {
return mysql_query($query);
}
// Open database connection
function open_db(){
include ('library/config.php');
include ('library/opendb.php');
}
// Close database connection
function close_db(){
include ('library/closedb.php');
}
// Check that all registry fields have been filled in
function check_reg_fields($mail, $mailconf, $user, $fname, $lname, $country, $pass, $passconf) {
global $check_reg_fields;
$mail = $mail;
$mailconf = $mailconf;
$user = $user;
$fname = $fname;
$lname = $lname;
$country = $country;
$pass = $pass;
$passconf = $passconf;
if ($mail == ''){
$error = 'True';
}
if ($mailconf == ''){
$error = 'True';
}
if ($user == ''){
$error = 'True';
}
if ($fname == ''){
$error = 'True';
}
if ($lname == ''){
$error = 'True';
}
if ($country == 'Select Country'){
$error = 'True';
}
if ($pass == ''){
$error = 'True';
}
if ($passconf == ''){
$error = 'True';
}
if($error == 'True'){
$check_reg_fields = 'True';
}
else{
$check_reg_fields = 'False';
}
}
// Checks to see if username exists
function user_exists($user){
global $user_exists;
open_db();
$query = "SELECT * FROM memuserlist WHERE user='".$user."'";
$result = sql_query($query);
if(mysql_num_rows($result)>0){
$user_exists = 'True';
}
else{
$user_exists = 'False';
}
close_db();
}
// Register a new user
function make_user($verifid, $mail, $user, $fname, $lname, $country, $pass) {
global $make_user;
$time = time();
$regip = getenv(REMOTE_ADDR);
open_db();
$query = "INSERT INTO memuserlist (verifid, user_email, user, handle, firstname, lastname, country, user_password, register_date, regip, last_ip, last_access) VALUES ('".$verifid."', '".$mail."', '".$user."', '".$user."', '".$fname."', '".$lname."', '".$country."', PASSWORD('".$pass."'), '".$time."', '".$regip."', '".$regip."', '".$time."')";
if(sql_query($query)){
$make_user = 'True';
}
else{
$make_user = 'False';
}
close_db();
}
// Send verification e-mail
function send_verif_mail($verifid, $mail, $user, $fname, $lname) {
global $send_verif_mail;
// Below the $htmlbody variable contains all the HTML content of email.
$htmlbody = "<html>
<head>
<title>Kingdoms of Glory: Verification E-Mail</title>
</head>
<body><center>
<h2>Thank you for registering with Kingdoms of Glory!</h2></center>
<p>Below you will find all your login information including your 8-digit validation code. Please enter this code the next
time you login.</p>
<p>Name: ".$fname." ".$lname."<br />
Login Name: ".$user."<br />
Verification Code: ".$verifid."</p>
<p><a href=http://www.kingdomsofglory.com/login.php>Click here to login in to your account</a></p>
<p>We'll see you inside!<br />
The KoG Team</p></body></html>";
// Call the swift mail SMTP connection settings.
include ('library/Swift.php');
include ('library/Swift/Connection/SMTP.php');
// Connect to swiftmail -- settings are provided by webhost.
$smtp =& new Swift_Connection_SMTP("localhost", 25);
$smtp->setUsername("");
$smtp->setpassword("");
$swift =& new Swift($smtp);
// Create the message.
$message =& new Swift_Message("Kingdoms of Glory: Verification E-Mail", "$htmlbody", "text/html");
// Send it and test if successful
if ($swift->send($message, $mail, "noreply@kingdomsofglory.com")){
$send_verif_mail = 'True';
}
else{
$send_verif_mail = 'False';
}
// Disconnect from mail server
$swift->disconnect();
}
// Returns the current amount of registered users
function get_reg_users(){
global $get_reg_users;
$query = "SELECT * FROM memuserlist";
open_db();
$result = sql_query($query);
$get_reg_users = mysql_num_rows($result);
close_db();
}
// Inserts to db user online status
function insert_online_user($user_id){
// Set timeout for active users
$timestamp = time();
$ip = $_SERVER['REMOTE_ADDR'];
$self = $_SERVER['PHP_SELF'];
open_db();
$query = "INSERT INTO usersonline VALUES ( '$timestamp', '$ip', '$self', '$user_id')";
$result = sql_query($query);
if (!($result)){
echo 'ERROR A200: Please inform the administrator immediately!';
}
close_db();
}
// Deletes user online status from db
function remove_online_user($user_id){
$timeoutseconds = 900;
$timestamp = time();
$timeout = $timestamp-$timeoutseconds;
$query = "DELETE FROM usersonline WHERE timestamp<$timeout";
$result = sql_query($query);
if(!($result)) {
echo 'ERROR A201: Please inform the administrator immediately!';
}
}
// Grabs user online status from db
function grab_online_user(){
global $grab_online_user;
open_db();
$query = "SELECT DISTINCT user_id FROM usersonline";
$result = sql_query($query);
if(!($result)) {
echo 'ERROR A202: Please inform the administrator immediately!';
}
else {
$grab_online_user = mysql_num_rows($result);
}
close_db();
}
?>Code: Select all
<?php
if (!isset($_COOKIE["KoG"])){
header('Location: login.php');
exit;
}
else {
$userinfo = explode('.,.',$_COOKIE["KoG"]);
}
include ('library/functions.php');
insert_online_user($userinfo['user_id']);
remove_online_user($userinfo['user_id']);
?>In Functions.php it's only the bottom three custom functions that are recent, the rest all work perfectly.
And don't mock me for my code structure/method, i'm new to PHP remember?