--- a/index.php Tue May 19 08:30:24 2009 +0100
+++ b/index.php Tue May 19 18:41:47 2009 +0100
@@ -1,34 +1,126 @@
<?php
+function genID($seed, $length)
+{
+ $ID = "";
+ srand($seed);
+ for($i = 0; $i < $length; $i++)
+ {
+ $chtype = rand(1, 3);
+ switch($chtype)
+ {
+ case 1: // 0-9
+ $ID .= chr(rand(48, 57));
+ break;
+ case 2: // A-Z
+ $ID .= chr(rand(65, 90));
+ break;
+ case 3: // a-z
+ $ID .= chr(rand(97, 122));
+ break;
+ }
+ }
+ return $ID;
+
+}
+function create_session($mysql, $uid, $password)
+{
+ //
+ // Build list of existing SIDs
+ //
+ $result = $mysql->query("SELECT sid FROM sessions");
+ $num_rows = $result->num_rows;
+ while($num_rows > 0)
+ {
+ $row = $result->fetch_assoc();
+ $sids[$row["sid"]] = TRUE;
+ $num_rows--;
+ }
+ $result->close();
+ //
+ // Generate main SID (making sure it is unique)
+ //
+ $max_attempts = 500000;
+ $seed = crc32($password);
+ do
+ {
+ $sid1 = genID($seed + time(), 32);
+ $max_attempts--;
+ } while(isset($sids[$sid1]) && $max_attempts > 0);
+ if($max_attempts <= 0) // NOT GOOD
+ return FALSE;
+ $sid2 = genID(crc32($sid1) + time(), 32);
+ //
+ // Create the session: set the UID and SID in both the client's cookies and
+ // the MySQL session table.
+ //
+
+$uid = (string)$uid;
+ $mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date)
+ VALUES ('$sid1', '$sid2', '$uid', 'members', DATE_ADD(NOW(), INTERVAL 30 MINUTE),
+ DATE_ADD(NOW(), INTERVAL 8 HOUR))");
+ setcookie("sid1", $sid1, time() + 964224000);
+ setcookie("sid2", $sid2, time() + 964224000);
+ #setcookie("uid", $uid, time() + 964224000);
+ exit();
+
+ return TRUE;
+}
+
+
$conn = mysql_connect('localhost','www-data','www-data') or die(mysql_error());
mysql_select_db('members');
// retrieve cookie if it exists
- if (isset($_COOKIE['n4c_ID']))
+ if (isset($_COOKIE['uid']))
{
- $currID = $_COOKIE['n4c_ID'];
+ $currID = $_COOKIE['uid'];
+ $uid = $currID;
}
else
{
// SQL queries
$result = mysql_query("INSERT INTO creds (uid) VALUES ('')");
- $user_id = mysql_query("SELECT MAX(uid) as id FROM creds");
+ $uid = mysql_query("SELECT MAX(uid) as id FROM creds");
$expiry = time() + (3600 * 24 * 30 * 12);
//create cookies
- while ($db_field2 = mysql_fetch_assoc($user_id)) {
- setcookie('n4c_ID', $db_field2['id'] , $expiry, '/', '', 0);
+ while ($db_field2 = mysql_fetch_assoc($uid)) {
+ setcookie('uid', $db_field2['id'] , $expiry, '/', '', 0);
}
- if (!isset($_COOKIE['n4c_ID']))
+ if (!isset($_COOKIE['uid']))
{
$currID = 1;
}
}
-
mysql_close();
-
- header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/details.php');
+ // retrieve session cookie if it exists
+# $real_password = password;
+$mysql = new mysqli("localhost", "www-data", "www-data", "members");
+/* check connection */
+#if (mysqli_connect_errno()) {
+# printf("Connect failed: %s\n", mysqli_connect_error());
+# exit();
+#}
+$result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'");
+$row = $result->fetch_assoc();
+$real_password = $row["password_md5"];
+
+ #print $uid;
+ #if ((isset($_COOKIE['sid1'])) && (isset($_COOKIE['sid2'])))
+ #{
+ # $sid1 = $_COOKIE['sid1'];
+ # $sid2 = $_COOKIE['sid2'];
+ # print $sid1;
+ # print $sid2;
+ #}
+
+ $mysql = new mysqli("localhost", "www-data", "www-data", "members");
+ create_session($mysql, $uid, $real_password);
+ header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
+$result->close();
+
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">