49 } while(isset($sids[$tsid1]) && $max_attempts > 0); |
51 } while(isset($sids[$tsid1]) && $max_attempts > 0); |
50 if($max_attempts <= 0) // NOT GOOD |
52 if($max_attempts <= 0) // NOT GOOD |
51 return FALSE; |
53 return FALSE; |
52 $tsid2 = genID(crc32($tsid1) + time(), 32); |
54 $tsid2 = genID(crc32($tsid1) + time(), 32); |
53 |
55 |
54 // if ((isset($_COOKIE['sid1'])) && (isset($_COOKIE['sid2']))) |
56 if ((isset($_COOKIE['sid1'])) && (isset($_COOKIE['sid2']))) |
55 if (isset($_COOKIE['sid1'])) |
57 { |
56 { |
|
57 setcookie("sid2", $tsid2, time() + 964224000); |
|
58 $sid1 = $_COOKIE['sid1']; |
58 $sid1 = $_COOKIE['sid1']; |
|
59 $sid2 = $_COOKIE['sid2']; |
59 } |
60 } |
60 else |
61 else |
61 { |
62 { |
62 setcookie("sid1", $tsid1, time() + 964224000); |
63 setcookie("sid1", $tsid1, time() + 86400); |
63 setcookie("sid2", $tsid2, time() + 964224000); |
64 setcookie("sid2", $tsid2, time() + 86400); |
|
65 $sid1 = $_COOKIE['sid1']; |
|
66 $sid2 = $_COOKIE['sid2']; |
|
67 |
64 if (!isset($_COOKIE['sid1'])) |
68 if (!isset($_COOKIE['sid1'])) |
65 { |
69 { |
66 $sid1 = '06D5VlLQTbM57LL7IBMW38yHkFpb1XVa'; |
70 $sid1 = '06D5VlLQTbM57LL7IBMW38yHkFpb1XVa'; |
|
71 // $sid1 = $tsid1; |
|
72 //echo $sid1; |
67 } |
73 } |
68 if (!isset($_COOKIE['sid2'])) |
74 if (!isset($_COOKIE['sid2'])) |
69 { |
75 { |
70 $sid2 = $tsid2; |
76 $sid2 = $tsid2; |
|
77 //echo $uid; |
|
78 //echo $sid2; |
|
79 // $sid2 = '06D5VlLQTbM57LL7IBMW38yHkFpb1XVa'; |
71 } |
80 } |
72 } |
81 } |
73 |
82 |
74 // |
83 // |
75 // Create the session: set the UID and SID in both the client's cookies and |
84 // Create the session: set the UID and SID in both the client's cookies and |
76 // the MySQL session table. |
85 // the MySQL session table. |
77 // |
86 // |
78 |
87 |
79 #$uid = (string)$uid; |
88 if ($uid != '1') |
80 $mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date) |
89 { |
81 VALUES ('$sid1', '$sid2', '$uid', 'members', DATE_ADD(NOW(), INTERVAL 43200 MINUTE), |
90 $mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date, enum) |
82 DATE_ADD(NOW(), INTERVAL 720 HOUR))"); |
91 VALUES ('$sid1', '$sid2', '$uid', 'members', DATE_ADD(NOW(), INTERVAL 1440 MINUTE), |
83 |
92 DATE_ADD(NOW(), INTERVAL 24 HOUR), '$enum')"); |
84 header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php'); |
93 $enum = $mysql->query("SELECT MAX(enum) as id FROM sessions"); |
|
94 ////uncomment next line to not send uid sid and gid in GET |
|
95 # header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php'); |
|
96 header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php' . '?' . 'uid=' . $uid . '&' . 'sid1=' . $sid1 . '&' . 'sid2=' . $sid2); |
|
97 |
|
98 } |
|
99 else |
|
100 { |
|
101 $mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date, enum) |
|
102 VALUES ('$sid1', '$sid2', '$uid', 'public', DATE_ADD(NOW(), INTERVAL 1440 MINUTE), |
|
103 DATE_ADD(NOW(), INTERVAL 24 HOUR), '$enum')"); |
|
104 $enum = $mysql->query("SELECT MAX(enum) as id FROM sessions"); |
|
105 // Initialize the session |
|
106 // session_start( ); |
|
107 # header ('Cookie:' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2); |
|
108 header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php' . '?' . 'uid=' . $uid . '&' . 'sid1=' . $sid1 . '&' . 'sid2=' . $sid2); |
|
109 } |
|
110 # header ('Cookie' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2); |
|
111 # header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php'); |
|
112 #header ('Cookie:' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2); |
|
113 #header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php'); |
|
114 #header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php' . '?Cookie' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2); |
|
115 #header ('Set-Cookie: uid=' . $uid); |
|
116 |
85 |
117 |
86 exit(); |
118 exit(); |
87 |
|
88 return TRUE; |
119 return TRUE; |
89 } |
120 } |
90 |
121 #header ('Cookie:' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2); |
91 |
122 $expiry = time() + (3600 * 24 * 30 * 12); |
92 $conn = mysql_connect('localhost','www-data','www-data') or die(mysql_error()); |
123 // retrieve cookie if it exists |
93 mysql_select_db('members'); |
124 if (isset($_COOKIE['uid'])) |
94 |
|
95 // retrieve cookie if it exists |
|
96 if (isset($_COOKIE['uid'])) |
|
97 { |
125 { |
98 $currID = $_COOKIE['uid']; |
126 $currID = $_COOKIE['uid']; |
99 $uid = $currID; |
127 $uid = $currID; |
100 } |
128 } |
101 else |
129 else |
102 { |
130 { |
103 // SQL queries |
131 // try to set cookie |
104 $result = mysql_query("INSERT INTO creds (uid) VALUES ('')"); |
132 $conn = mysql_connect('localhost','www-data','www-data') or die(mysql_error()); |
105 $uid = mysql_query("SELECT MAX(uid) as id FROM creds"); |
133 if (!$conn) |
106 $expiry = time() + (3600 * 24 * 30 * 12); |
134 { |
107 |
135 echo "Unable to connect to DB: " . mysql_error(); |
108 //create cookies |
136 exit; |
109 while ($db_field2 = mysql_fetch_assoc($uid)) { |
137 } |
110 setcookie('uid', $db_field2['id'] , $expiry, '/', '', 0); |
138 mysql_select_db('members'); |
111 $gid = 0; |
139 if (!mysql_select_db("members")) |
112 $currID = (string)$db_field2['id']; |
140 { |
113 |
141 echo "Unable to select mydbname: " . mysql_error(); |
114 $groups = $mysql_query("INSERT INTO uid_gid (uid, gid) VALUES ('$currID', '$gid')"); |
142 exit; |
115 } |
143 } |
116 |
144 |
117 if (!isset($_COOKIE['uid'])) |
145 $sql1 = "INSERT INTO creds (uid) VALUES ('')"; |
118 { |
146 $sql2 = "SELECT MAX(uid) as id FROM creds"; |
119 $currID = 1; |
147 |
120 $uid = $currID; |
148 $result1 = mysql_query($sql1); |
121 } |
149 if (!$result1) |
|
150 { |
|
151 echo "Could not successfully run query ($sql1) from DB: " . mysql_error(); |
|
152 exit; |
|
153 } |
|
154 |
|
155 $result2 = mysql_query($sql2); |
|
156 if (!$result2) |
|
157 { |
|
158 echo "Could not successfully run query ($sql2) from DB: " . mysql_error(); |
|
159 exit; |
|
160 } |
|
161 |
|
162 //create cookies |
|
163 if (mysql_num_rows($result2) == 0) |
|
164 { |
|
165 echo "No rows found, nothing to print so am exiting"; |
|
166 exit; |
|
167 } |
|
168 while ($row = mysql_fetch_assoc($result2)) { |
|
169 setcookie('uid', $row['id'] , $expiry, '/', '', 0); |
|
170 $uid = $row['id']; |
|
171 $gid = 0; |
|
172 //create uid & gid entry in uid_gid |
|
173 $sql3 = "INSERT INTO uid_gid (uid, gid, enum) VALUES ('$uid', '$gid', '')"; |
|
174 $result3 = mysql_query($sql3); |
|
175 if (!$result3) |
|
176 { |
|
177 echo "Could not successfully run query ($sql3) from DB: " . mysql_error(); |
|
178 exit; |
|
179 } |
122 } |
180 } |
123 mysql_close(); |
181 mysql_free_result($result2); |
124 // retrieve session cookie if it exists |
182 mysql_close(); |
|
183 // need to refresh as browser does not autheniticate until restart...ARRGhh need a solution ... the below doesn't work |
|
184 header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '?' . 'uid=' . $uid); |
|
185 //exit; |
|
186 //header( 'refresh: 0; ' ); |
|
187 |
|
188 } |
|
189 |
|
190 if (!isset($_COOKIE['uid'])) |
|
191 { |
|
192 $currID = 1; |
|
193 $uid = $currID; |
|
194 } |
125 # $real_password = password; |
195 # $real_password = password; |
126 |
196 |
127 $mysql = new mysqli("localhost", "www-data", "www-data", "members"); |
197 $mysql = new mysqli("localhost", "www-data", "www-data", "members"); |
128 $result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'"); |
198 $result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'"); |
129 $row = $result->fetch_assoc(); |
199 $row = $result->fetch_assoc(); |
130 $real_password = $row["password_md5"]; |
200 $real_password = $row["password_md5"]; |
131 create_session($mysql, $uid, $real_password); |
201 create_session($mysql, $uid, $real_password); |
132 $result->close(); |
202 $result->close(); |
133 |
203 |
134 ?> |
204 ?> |
135 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
205 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
136 <html xmlns="http://www.w3.org/1999/xhtml"> |
206 <html xmlns="http://www.w3.org/1999/xhtml"> |
137 <head> |
207 <head> |