--- a/index.php Tue Jun 23 13:41:45 2009 +0100
+++ b/index.php Tue Jul 07 19:14:12 2009 +0100
@@ -22,6 +22,8 @@
return $ID;
}
+
+
function create_session($mysql, $uid, $password)
{
@@ -51,85 +53,153 @@
return FALSE;
$tsid2 = genID(crc32($tsid1) + time(), 32);
-// if ((isset($_COOKIE['sid1'])) && (isset($_COOKIE['sid2'])))
- if (isset($_COOKIE['sid1']))
+ if ((isset($_COOKIE['sid1'])) && (isset($_COOKIE['sid2'])))
{
- setcookie("sid2", $tsid2, time() + 964224000);
$sid1 = $_COOKIE['sid1'];
+ $sid2 = $_COOKIE['sid2'];
}
else
{
- setcookie("sid1", $tsid1, time() + 964224000);
- setcookie("sid2", $tsid2, time() + 964224000);
+ setcookie("sid1", $tsid1, time() + 86400);
+ setcookie("sid2", $tsid2, time() + 86400);
+ $sid1 = $_COOKIE['sid1'];
+ $sid2 = $_COOKIE['sid2'];
+
if (!isset($_COOKIE['sid1']))
{
- $sid1 = '06D5VlLQTbM57LL7IBMW38yHkFpb1XVa';
+ $sid1 = '06D5VlLQTbM57LL7IBMW38yHkFpb1XVa';
+// $sid1 = $tsid1;
+//echo $sid1;
}
if (!isset($_COOKIE['sid2']))
{
$sid2 = $tsid2;
+//echo $uid;
+//echo $sid2;
+ // $sid2 = '06D5VlLQTbM57LL7IBMW38yHkFpb1XVa';
}
- }
+ }
//
// Create the session: set the UID and SID in both the client's cookies and
// the MySQL session table.
//
-#$uid = (string)$uid;
- $mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date)
- VALUES ('$sid1', '$sid2', '$uid', 'members', DATE_ADD(NOW(), INTERVAL 43200 MINUTE),
- DATE_ADD(NOW(), INTERVAL 720 HOUR))");
+ if ($uid != '1')
+ {
+ $mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date, enum)
+ VALUES ('$sid1', '$sid2', '$uid', 'members', DATE_ADD(NOW(), INTERVAL 1440 MINUTE),
+ DATE_ADD(NOW(), INTERVAL 24 HOUR), '$enum')");
+ $enum = $mysql->query("SELECT MAX(enum) as id FROM sessions");
+////uncomment next line to not send uid sid and gid in GET
+# header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
+ header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php' . '?' . 'uid=' . $uid . '&' . 'sid1=' . $sid1 . '&' . 'sid2=' . $sid2);
- header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
-
- exit();
-
- return TRUE;
+ }
+ else
+ {
+ $mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date, enum)
+ VALUES ('$sid1', '$sid2', '$uid', 'public', DATE_ADD(NOW(), INTERVAL 1440 MINUTE),
+ DATE_ADD(NOW(), INTERVAL 24 HOUR), '$enum')");
+ $enum = $mysql->query("SELECT MAX(enum) as id FROM sessions");
+ // Initialize the session
+// session_start( );
+# header ('Cookie:' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2);
+ header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php' . '?' . 'uid=' . $uid . '&' . 'sid1=' . $sid1 . '&' . 'sid2=' . $sid2);
}
+# header ('Cookie' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2);
+# header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
+#header ('Cookie:' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2);
+#header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
+#header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php' . '?Cookie' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2);
+#header ('Set-Cookie: uid=' . $uid);
- $conn = mysql_connect('localhost','www-data','www-data') or die(mysql_error());
- mysql_select_db('members');
-
- // retrieve cookie if it exists
- if (isset($_COOKIE['uid']))
+ exit();
+ return TRUE;
+}
+#header ('Cookie:' . ' ' . 'uid=' . $uid . ';' . ' ' . 'sid1=' . $sid1 . ';' . ' ' . 'sid2=' . $sid2);
+$expiry = time() + (3600 * 24 * 30 * 12);
+// retrieve cookie if it exists
+if (isset($_COOKIE['uid']))
{
- $currID = $_COOKIE['uid'];
- $uid = $currID;
+ $currID = $_COOKIE['uid'];
+ $uid = $currID;
}
- else
+else
{
- // SQL queries
- $result = mysql_query("INSERT INTO creds (uid) VALUES ('')");
- $uid = mysql_query("SELECT MAX(uid) as id FROM creds");
- $expiry = time() + (3600 * 24 * 30 * 12);
-
- //create cookies
- while ($db_field2 = mysql_fetch_assoc($uid)) {
- setcookie('uid', $db_field2['id'] , $expiry, '/', '', 0);
- $gid = 0;
- $currID = (string)$db_field2['id'];
+ // try to set cookie
+ $conn = mysql_connect('localhost','www-data','www-data') or die(mysql_error());
+ if (!$conn)
+ {
+ echo "Unable to connect to DB: " . mysql_error();
+ exit;
+ }
+ mysql_select_db('members');
+ if (!mysql_select_db("members"))
+ {
+ echo "Unable to select mydbname: " . mysql_error();
+ exit;
+ }
+
+ $sql1 = "INSERT INTO creds (uid) VALUES ('')";
+ $sql2 = "SELECT MAX(uid) as id FROM creds";
+
+ $result1 = mysql_query($sql1);
+ if (!$result1)
+ {
+ echo "Could not successfully run query ($sql1) from DB: " . mysql_error();
+ exit;
+ }
+
+ $result2 = mysql_query($sql2);
+ if (!$result2)
+ {
+ echo "Could not successfully run query ($sql2) from DB: " . mysql_error();
+ exit;
+ }
- $groups = $mysql_query("INSERT INTO uid_gid (uid, gid) VALUES ('$currID', '$gid')");
- }
-
- if (!isset($_COOKIE['uid']))
+ //create cookies
+ if (mysql_num_rows($result2) == 0)
{
- $currID = 1;
- $uid = $currID;
+ echo "No rows found, nothing to print so am exiting";
+ exit;
}
+ while ($row = mysql_fetch_assoc($result2)) {
+ setcookie('uid', $row['id'] , $expiry, '/', '', 0);
+ $uid = $row['id'];
+ $gid = 0;
+ //create uid & gid entry in uid_gid
+ $sql3 = "INSERT INTO uid_gid (uid, gid, enum) VALUES ('$uid', '$gid', '')";
+ $result3 = mysql_query($sql3);
+ if (!$result3)
+ {
+ echo "Could not successfully run query ($sql3) from DB: " . mysql_error();
+ exit;
+ }
}
- mysql_close();
- // retrieve session cookie if it exists
+ mysql_free_result($result2);
+ mysql_close();
+// need to refresh as browser does not autheniticate until restart...ARRGhh need a solution ... the below doesn't work
+ header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '?' . 'uid=' . $uid);
+//exit;
+//header( 'refresh: 0; ' );
+
+ }
+
+ if (!isset($_COOKIE['uid']))
+ {
+ $currID = 1;
+ $uid = $currID;
+ }
# $real_password = password;
- $mysql = new mysqli("localhost", "www-data", "www-data", "members");
- $result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'");
- $row = $result->fetch_assoc();
- $real_password = $row["password_md5"];
- create_session($mysql, $uid, $real_password);
- $result->close();
+$mysql = new mysqli("localhost", "www-data", "www-data", "members");
+$result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'");
+$row = $result->fetch_assoc();
+$real_password = $row["password_md5"];
+create_session($mysql, $uid, $real_password);
+$result->close();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">