basic idea
create a one of passphrase that changes upon each login which can be written to a cookie to then re-login once the session has expired.
ive spent time commenting it so it should be easier to understand, its not finished yet but the basic's are there. so can this be made safer is it safe ?.
Thanks
Code: Select all
if($_REQUEST['code'] == md5(date('d'))){//checks if days match up
session_start();//starts session
if(isset($_COOKIE['logintry'])){
$x = $_COOKIE['logintry'];
$x++;
}else{
$x=1;
}
//check username
$username = trim($_POST['username']);//removes whitespace
$username = strtolower($username);//converts to lowercase
if(strlen($username) >= 33)://mysql can only handle 32 so they have entered somthing wrong here
header( 'Location: http://'.$_SERVER['HTTP_HOST'].'/?msg=103' );
setcookie("logintry", $x, time()+2505600);//writes number of login trys to cookie
exit;
endif;
//check password
$password = trim($_POST['password']);//removes whitespace
$password = stripslashes($password);//removes slashes
$password = md5($password);//encrypt in md5
mysql_connect("", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());
//mysql query
$query = sprintf("SELECT id,username,password FROM user_table WHERE username='%s' AND password='%s' LIMIT 1",
mysql_real_escape_string($username),
mysql_real_escape_string($password));
$result = mysql_query($query);//excuts query
if(!$result){//if query fails
header( 'Location: http://'.$_SERVER['HTTP_HOST'].'/?msg=102' );
setcookie("logintry", $x, time()+2505600);//writes number of login trys to cookie
exit;
}else{//if query is ok
if(mysql_num_rows($result) != 0){//if it doesnt return 0
$row = mysql_fetch_assoc($result);//makes information useable
$uid = $row['id'];//saves for later
$username = ucfirst($row['username']);//saves for later
$password = $row['password'];//saves for later
$time = date("F j, Y, g:i a");//current time
$ip = $_SERVER['REMOTE_ADDR'];
$passphrase = crypt($username.$password.$ip);//makes passphrase
mysql_query("UPDATE user_table SET passphrase='$passphrase' WHERE id='$uid'");//updates the passphrase with current one
mysql_query("UPDATE user_table SET last_login='$time' WHERE id='$uid'");//updates last login with current one
$_SESSION['passphrase'] = $passphrase;//writs passphrase to session
$_SESSION['username'] = $username;//writes username to session
$_SESSION['uid'] = $uid;//writes user id to session
setcookie("passphrase", $passphrase, time()+2505600);//writes passphrase to cookie
if(isset($_COOKIE['logintry']))://if there is a logintry cookie lets remove it
setcookie("logintry", NULL, time()-2605600);//removes login cookie
endif;
header( 'Location: '.$_REQUEST['refer'].'?msg=login' );//we are done send back to where you came from
exit;//stops script
}else{//if returns 0
header( 'Location: http://'.$_SERVER['HTTP_HOST'].'/?msg=102' );//sends to homepage with error msg
setcookie("logintry", $x, time()+2505600);//writes number of login trys to cookie
exit;//stops script
}
}
}else{//if dates dont match then send them to homepage with error msg
header( 'Location: http://'.$_SERVER['HTTP_HOST'].'/?msg=101' );
setcookie("logintry", $x, time()+2505600);//writes number of login trys to cookie
exit;
}