1 <?php |
1 <?php |
|
2 function genID($seed, $length) |
|
3 { |
|
4 $ID = ""; |
|
5 srand($seed); |
|
6 for($i = 0; $i < $length; $i++) |
|
7 { |
|
8 $chtype = rand(1, 3); |
|
9 switch($chtype) |
|
10 { |
|
11 case 1: // 0-9 |
|
12 $ID .= chr(rand(48, 57)); |
|
13 break; |
|
14 case 2: // A-Z |
|
15 $ID .= chr(rand(65, 90)); |
|
16 break; |
|
17 case 3: // a-z |
|
18 $ID .= chr(rand(97, 122)); |
|
19 break; |
|
20 } |
|
21 } |
|
22 return $ID; |
|
23 |
|
24 } |
|
25 function create_session($mysql, $uid, $password) |
|
26 { |
|
27 // |
|
28 // Build list of existing SIDs |
|
29 // |
|
30 $result = $mysql->query("SELECT sid FROM sessions"); |
|
31 $num_rows = $result->num_rows; |
|
32 while($num_rows > 0) |
|
33 { |
|
34 $row = $result->fetch_assoc(); |
|
35 $sids[$row["sid"]] = TRUE; |
|
36 $num_rows--; |
|
37 } |
|
38 $result->close(); |
|
39 // |
|
40 // Generate main SID (making sure it is unique) |
|
41 // |
|
42 $max_attempts = 500000; |
|
43 $seed = crc32($password); |
|
44 do |
|
45 { |
|
46 $sid1 = genID($seed + time(), 32); |
|
47 $max_attempts--; |
|
48 } while(isset($sids[$sid1]) && $max_attempts > 0); |
|
49 if($max_attempts <= 0) // NOT GOOD |
|
50 return FALSE; |
|
51 $sid2 = genID(crc32($sid1) + time(), 32); |
|
52 // |
|
53 // Create the session: set the UID and SID in both the client's cookies and |
|
54 // the MySQL session table. |
|
55 // |
|
56 |
|
57 $uid = (string)$uid; |
|
58 $mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date) |
|
59 VALUES ('$sid1', '$sid2', '$uid', 'members', DATE_ADD(NOW(), INTERVAL 30 MINUTE), |
|
60 DATE_ADD(NOW(), INTERVAL 8 HOUR))"); |
|
61 setcookie("sid1", $sid1, time() + 964224000); |
|
62 setcookie("sid2", $sid2, time() + 964224000); |
|
63 #setcookie("uid", $uid, time() + 964224000); |
|
64 exit(); |
|
65 |
|
66 return TRUE; |
|
67 } |
|
68 |
|
69 |
2 $conn = mysql_connect('localhost','www-data','www-data') or die(mysql_error()); |
70 $conn = mysql_connect('localhost','www-data','www-data') or die(mysql_error()); |
3 mysql_select_db('members'); |
71 mysql_select_db('members'); |
4 |
72 |
5 // retrieve cookie if it exists |
73 // retrieve cookie if it exists |
6 if (isset($_COOKIE['n4c_ID'])) |
74 if (isset($_COOKIE['uid'])) |
7 { |
75 { |
8 $currID = $_COOKIE['n4c_ID']; |
76 $currID = $_COOKIE['uid']; |
|
77 $uid = $currID; |
9 } |
78 } |
10 else |
79 else |
11 { |
80 { |
12 // SQL queries |
81 // SQL queries |
13 $result = mysql_query("INSERT INTO creds (uid) VALUES ('')"); |
82 $result = mysql_query("INSERT INTO creds (uid) VALUES ('')"); |
14 $user_id = mysql_query("SELECT MAX(uid) as id FROM creds"); |
83 $uid = mysql_query("SELECT MAX(uid) as id FROM creds"); |
15 |
84 |
16 $expiry = time() + (3600 * 24 * 30 * 12); |
85 $expiry = time() + (3600 * 24 * 30 * 12); |
17 |
86 |
18 //create cookies |
87 //create cookies |
19 while ($db_field2 = mysql_fetch_assoc($user_id)) { |
88 while ($db_field2 = mysql_fetch_assoc($uid)) { |
20 setcookie('n4c_ID', $db_field2['id'] , $expiry, '/', '', 0); |
89 setcookie('uid', $db_field2['id'] , $expiry, '/', '', 0); |
21 } |
90 } |
22 |
91 |
23 if (!isset($_COOKIE['n4c_ID'])) |
92 if (!isset($_COOKIE['uid'])) |
24 { |
93 { |
25 $currID = 1; |
94 $currID = 1; |
26 } |
95 } |
27 } |
96 } |
28 |
|
29 mysql_close(); |
97 mysql_close(); |
30 |
98 // retrieve session cookie if it exists |
31 header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/details.php'); |
99 # $real_password = password; |
|
100 $mysql = new mysqli("localhost", "www-data", "www-data", "members"); |
|
101 /* check connection */ |
|
102 #if (mysqli_connect_errno()) { |
|
103 # printf("Connect failed: %s\n", mysqli_connect_error()); |
|
104 # exit(); |
|
105 #} |
|
106 $result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'"); |
|
107 $row = $result->fetch_assoc(); |
|
108 $real_password = $row["password_md5"]; |
|
109 |
|
110 #print $uid; |
|
111 #if ((isset($_COOKIE['sid1'])) && (isset($_COOKIE['sid2']))) |
|
112 #{ |
|
113 # $sid1 = $_COOKIE['sid1']; |
|
114 # $sid2 = $_COOKIE['sid2']; |
|
115 # print $sid1; |
|
116 # print $sid2; |
|
117 #} |
|
118 |
|
119 $mysql = new mysqli("localhost", "www-data", "www-data", "members"); |
|
120 create_session($mysql, $uid, $real_password); |
|
121 header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php'); |
|
122 $result->close(); |
|
123 |
32 ?> |
124 ?> |
33 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
125 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
34 <html xmlns="http://www.w3.org/1999/xhtml"> |
126 <html xmlns="http://www.w3.org/1999/xhtml"> |
35 <head> |
127 <head> |
36 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
128 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |