HTMLrequester: comparison index.php

equal deleted inserted replaced

-:e2ac834162fb
+:3ad193634e5d
 }
 }
 return $ID;
 }
 function create_session($mysql, $uid, $password)
 {
 //
 // Build list of existing SIDs
 } while(isset($sids[$tsid1]) && $max_attempts > 0);
 if($max_attempts <= 0) // NOT GOOD
 return FALSE;
 $tsid2 = genID(crc32($tsid1) + time(), 32);
-//      if ((isset($_COOKIE['sid1'])) && (isset($_COOKIE['sid2'])))
+if ((isset($_COOKIE['sid1'])) && (isset($_COOKIE['sid2'])))
-if (isset($_COOKIE['sid1']))
+{
-{
-setcookie("sid2", $tsid2, time() + 964224000);
 $sid1 = $_COOKIE['sid1'];
+		$sid2 = $_COOKIE['sid2'];
 }
 else
 {
-	setcookie("sid1", $tsid1, time() + 964224000);
+	setcookie("sid1", $tsid1, time() + 86400);
-		setcookie("sid2", $tsid2, time() + 964224000);
+		setcookie("sid2", $tsid2, time() + 86400);
+$sid1 = $_COOKIE['sid1'];
+$sid2 = $_COOKIE['sid2'];
 	if (!isset($_COOKIE['sid1']))
 		{
 $sid1 = '06D5VlLQTbM57LL7IBMW38yHkFpb1XVa';
+//                        $sid1 = $tsid1;
+//echo $sid1;
 	}
 	if (!isset($_COOKIE['sid2']))
 		{
 $sid2 = $tsid2;
+//echo $uid;
+//echo $sid2;
+		//	$sid2 = '06D5VlLQTbM57LL7IBMW38yHkFpb1XVa';
 	}
 }
 //
 // Create the session: set the UID and SID in both the client's cookies and
 // the MySQL session table.
 //
-#$uid = (string)$uid;
+	if ($uid != '1')
-$mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date)
+{
-VALUES ('$sid1', '$sid2', '$uid', 'members', DATE_ADD(NOW(), INTERVAL 43200 MINUTE),
+$mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date, enum)
-DATE_ADD(NOW(), INTERVAL 720 HOUR))");
+VALUES ('$sid1', '$sid2', '$uid', 'members', DATE_ADD(NOW(), INTERVAL 1440 MINUTE),
+DATE_ADD(NOW(), INTERVAL 24 HOUR), '$enum')");
-header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
+$enum = $mysql->query("SELECT MAX(enum) as id FROM sessions");
+////uncomment next line to not send uid sid and gid in GET
+#		header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
+		header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php' . '?' . 'uid=' . $uid . '&'  . 'sid1=' . $sid1 . '&' . 'sid2=' . $sid2);
+		}
+else
+{
+$mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date, enum)
+VALUES ('$sid1', '$sid2', '$uid', 'public', DATE_ADD(NOW(), INTERVAL 1440 MINUTE),
+DATE_ADD(NOW(), INTERVAL 24 HOUR), '$enum')");
+$enum = $mysql->query("SELECT MAX(enum) as id FROM sessions");
+// Initialize the session
+//  session_start(  );
+#		header ('Cookie:' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2);
+		header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php' . '?' . 'uid=' . $uid . '&'  . 'sid1=' . $sid1 . '&' . 'sid2=' . $sid2);
+}
+#        header ('Cookie' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2);
+# header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
+#header ('Cookie:' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2);
+#header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
+#header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php' . '?Cookie' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2);
+#header ('Set-Cookie: uid=' . $uid);
 	exit();
 return TRUE;
 }
+#header ('Cookie:' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2);
+$expiry = time() + (3600 * 24 * 30 * 12);
-	$conn = mysql_connect('localhost','www-data','www-data') or die(mysql_error());
+// retrieve cookie if it exists
-	mysql_select_db('members');
+if (isset($_COOKIE['uid']))
-	// retrieve cookie if it exists
-	if (isset($_COOKIE['uid']))
 	{
-		$currID = $_COOKIE['uid'];
+	$currID = $_COOKIE['uid'];
-		$uid = $currID;
+	$uid = $currID;
 	}
-	else
+else
 	{
-		// SQL queries
+	// try to set cookie
-		$result = mysql_query("INSERT INTO creds (uid) VALUES ('')");
+$conn = mysql_connect('localhost','www-data','www-data') or die(mysql_error());
-		$uid =  mysql_query("SELECT MAX(uid) as id FROM creds");
+	if (!$conn)
-		$expiry = time() + (3600 * 24 * 30 * 12);
+		{
+		echo "Unable to connect to DB: " . mysql_error();
-		//create cookies
+		exit;
-		while ($db_field2 = mysql_fetch_assoc($uid)) {
+		}
-		 	setcookie('uid', $db_field2['id'] , $expiry, '/', '', 0);
+mysql_select_db('members');
-$gid = 0;
+	if (!mysql_select_db("members"))
-$currID = (string)$db_field2['id'];
+		{
+		echo "Unable to select mydbname: " . mysql_error();
-$groups = $mysql_query("INSERT INTO uid_gid (uid, gid) VALUES ('$currID', '$gid')");
+		exit;
-	        }
+		}
-		if (!isset($_COOKIE['uid']))
+	$sql1 = "INSERT INTO creds (uid) VALUES ('')";
-		{
+	$sql2 = "SELECT MAX(uid) as id FROM creds";
-			$currID = 1;
-			$uid = $currID;
+$result1 = mysql_query($sql1);
-		}
+	if (!$result1)
+		{
+		echo "Could not successfully run query ($sql1) from DB: " . mysql_error();
+		exit;
+		}
+$result2 = mysql_query($sql2);
+if (!$result2)
+	{
+echo "Could not successfully run query ($sql2) from DB: " . mysql_error();
+exit;
+	}
+//create cookies
+	if (mysql_num_rows($result2) == 0)
+		{
+		echo "No rows found, nothing to print so am exiting";
+		exit;
+		}
+while ($row = mysql_fetch_assoc($result2)) {
+setcookie('uid', $row['id'] , $expiry, '/', '', 0);
+	$uid = $row['id'];
+	$gid = 0;
+	//create uid & gid entry in uid_gid
+$sql3 = "INSERT INTO uid_gid (uid, gid, enum) VALUES ('$uid', '$gid', '')";
+$result3 = mysql_query($sql3);
+if (!$result3)
+{
+echo "Could not successfully run query ($sql3) from DB: " . mysql_error();
+exit;
+}
 	}
-	mysql_close();
+	mysql_free_result($result2);
-	// retrieve session cookie if it exists
+mysql_close();
+// need to refresh as browser does not autheniticate until restart...ARRGhh need a solution ... the below doesn't work
+header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '?' . 'uid=' . $uid);
+//exit;
+//header( 'refresh: 0; ' );
+	}
+	if (!isset($_COOKIE['uid']))
+		{
+	$currID = 1;
+	$uid = $currID;
+		}
 #	$real_password = password;
-	$mysql = new mysqli("localhost", "www-data", "www-data", "members");
+$mysql = new mysqli("localhost", "www-data", "www-data", "members");
-	$result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'");
+$result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'");
-	$row = $result->fetch_assoc();
+$row = $result->fetch_assoc();
-	$real_password = $row["password_md5"];
+$real_password = $row["password_md5"];
 create_session($mysql, $uid, $real_password);
-	$result->close();
+$result->close();
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>

changeset 15	3ad193634e5d
parent 13	bfe0d3de2764
child 20	b7f8324faded