FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


cookies help - - - Urgent help





imagefree
I am making a login system with remember me feature using SESSIONs and COOKIEs.
When users simply signin, it works fine and user can logout without any problem. But when user uses remember me feature, logout doesnt work.

here is the login script of simple login:

Code:

setcookie("dname", md5($row['reg_dname']));
setcookie("password", $row['reg_pass']);
die('<meta http-equiv="refresh" content="1;url=http://localhost/sitename/login.php">');


and then another function is_login is called on the redirected page which sets the sessions according to Cookies (after validation). When i click logout, it logs outs without any problem.

on the other hand this script works when remember me is selected:

Code:
setcookie("dname", md5($row['reg_dname']), time()+60*60*24*10, "/");
setcookie("password", $row['reg_pass'], time()+60*60*24*10, "/");
die('<meta http-equiv="refresh" content="1;url=http://localhost/sitename/login.php">');


and again the sessions are set on redirected page. But in this case when i click logout, it doesnt work.

here is the logout script for both type of logins:
Code:
function do_logout()
{
   unset($_SESSION);
   setcookie("dname", "", time()-60*60*24*100);
   setcookie("password", "", time()-60*60*24*100);
   die('<meta http-equiv="refresh" content="2;url=http://localhost/sitename/login.php"><strong>Please wait a second before you are logged out...</strong>');
}
erlendhg
Hi
I can't really spot the problem.
Could you perhaps post the is_login function code?
rvec
you could use -1 instead of -60*60*24*100 Razz
they are both in the past so they should both work.

And why did you use a domain when int he second and not in the first nor in the unset? That might be the problem.
imagefree
@rvec are you talking about "sitename" directory?

here is the function is_login(). It is called on top of each page to check login. So, meta redirects in this script means that this is_login() does the rest of the work in next run (so easily accesses the cookie values that are not accessible in the same run).

dname means Display Name or username.
I am encrypting incoming COOKIE values to prevent attacks. Also the values stored in COOKIEs are encrypted.
So, i have 2 fields in database: reg_secure_dname and reg_dname. reg_name is not encrypted (even without addslashes() ) and the reg_secure_dname==md5(md5(reg_dname))

Code:
function is_login()
{
   GLOBAL $login;
   if(isset($_SESSION['dname']) && isset($_SESSION['password']) && isset($_SESSION['id']) && isset($_SESSION['server'])
      && isset($_COOKIE['dname'])  &&  isset($_COOKIE['password'])
      && md5($_SESSION['dname'])==$_COOKIE['dname'] && $_SESSION['password']==$_COOKIE['password'])
   {
      GLOBAL $dname, $server, $id;
      $dname=      $_SESSION['dname'];
      $server=   $_SESSION['server'];
      $id=      $_SESSION['id'];
      $login=      1;
   }
   else if(isset($_COOKIE['dname'])  &&  isset($_COOKIE['password']))
   {
      
      $secure_cookie_dname=md5($_COOKIE['dname']);
      $password=$_COOKIE['password'];
      $query = "SELECT reg_dname , reg_pass , reg_id , reg_svr FROM reg_info WHERE reg_secure_dname = '$secure_cookie_dname'";
      $result = mysql_query($query);
      if($result)
      {
         if(mysql_num_rows($result) == 1 )
         {
            $row=mysql_fetch_array($result);
            if($password==$row['reg_pass'])
            {
               $_SESSION['dname']         =$row['reg_dname'];
               $_SESSION['password']      =$row['reg_pass'];
               $_SESSION['id']            =$row['reg_id'];
               $_SESSION['server']         =$row['reg_svr'];
               die('<meta http-equiv="refresh" content="2;url=http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'"><strong>Revalidation...</strong>');
            }
            else
               die('<strong>Invalid Attempt:</strong> Cookie Password / Display Name mismatch. Delete your cookies and revisit the site.');
         }
         else if(mysql_num_rows($result) > 1 )
            die('Your Display Name is taken by two or more users. Confused!');
         else if(mysql_num_rows($result) == 0 )
            die('<strong>Invalid Attempt:</strong> No such username exist. Delete your cookies to resolve the problem.');
      }
      else
         die('Cookies validation failed. Please Try later');
   }
   else if(isset($_SESSION['dname']) && isset($_SESSION['password']) && isset($_SESSION['id']) && isset($_SESSION['server']))
   {
      unset($_SESSION);
      is_login();
      //die('Please <a href="login.php">login</a> to access your account area.');
   }
   return $login;
}
rvec
setcookie("password", $row['reg_pass'], time()+60*60*24*10, "/");
you know what that last setting means?
The / that is.

Try to remove that. The line will look like this then:
setcookie("password", $row['reg_pass'], time()+60*60*24*10);

same for the dname line
imagefree
THANKSSSSSSSS its now working!

Please also comment on the security vulneribilities left.

Thanks
Related topics
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.