problem with cookies (login)
Posted: Tue Feb 10, 2009 4:14 pm
hi guys I'm creating a blog like cms and using a login code as shown below
I can't figure out what's the problem with the code but remember me button don't works
any suggestion will be great thanks
it uses an ajax script so the file just responds with yes or no
I can't figure out what's the problem with the code but remember me button don't works
any suggestion will be great thanks
Code: Select all
<?php
//get the posted values
$_POST['user']=htmlspecialchars($_POST['user_name'],ENT_QUOTES);
$_POST['pass']=$_POST['password'];
// Page for log-in
include_once("config.php");
include_once("lang/lang_".$lang.".php");
include_once("connect.php");
if(isset($_SESSION['user_id'])) {
echo "yes";
}else{
if(isset($_COOKIE['user_id'])) {
// Read cookie, make session
$sql = "SELECT id,state,password,active FROM `".$db_tbl."` WHERE id='".$_COOKIE['user_id']."'";
$query = mysql_query($sql);
$row = mysql_fetch_object($query);
$id = htmlspecialchars($row->id);
$status = htmlspecialchars($row->state);
$dbpass = htmlspecialchars($row->password);
$actief = htmlspecialchars($row->active);
if($dbpass == $_COOKIE['user_password'] AND $actief == 1) {
$_SESSION['user_id'] = $id;
$_SESSION['user_status'] = $status;
echo "yes";
}else{
echo $login_cookiefalse;
setcookie("user_id", "", time() - 3600);
setcookie("user_password", "", time() - 3600);
}
}else{
// Login
$sql = "SELECT id,name,password,state,active,cookie_pass FROM `".$db_tbl."` WHERE name='".$_POST['user']."'";
$query = mysql_query($sql);
$count = mysql_num_rows($query);
if($count == 1) {
$row = mysql_fetch_object($query);
$dbpass = htmlspecialchars($row->password);
$userpass = md5($_POST['pass']);
$cookiepass = htmlspecialchars($row->cookie_pass);
$userid = htmlspecialchars($row->id);
$userstatus = htmlspecialchars($row->state);
$useractief = htmlspecialchars($row->active);
if($dbpass == $userpass) {
if($useractief == 1) {
$_SESSION['user_id'] = $userid;
$_SESSION['user_status'] = $userstatus;
if($_POST['cookie'] == "do") {
if($cookiepass == "") {
$cookiecode = mt_srand((double)microtime()*100000);
while(strlen($cookiecode) <= 10) {
$i = chr(mt_rand (0,255));
if(eregi("^[a-z0-9]$", $i)) {
$cookiecode = $cookiecode.$i;
}
}
$sql = "UPDATE `".$db_tbl."` SET cookie_pass = '".$cookiecode."' WHERE name = '".$_POST['user']."' LIMIT 1";
mysql_query($sql);
$cookiepass = $cookiecode;
}
setcookie("cookie_id", $userid, time() + 365 * 86400);
setcookie("cookie_pass", $cookiepass, time() + 365 * 86400);
}
echo "yes";
}else{
echo $login_noactive;
}
}else{
echo "no";
}
}else{
echo "no";
}
}
}
?>