--- a/index.php Fri Jun 19 16:55:15 2009 +0100
+++ b/index.php Tue Jun 23 13:35:45 2009 +0100
@@ -44,12 +44,33 @@
$seed = crc32($password);
do
{
- $sid1 = genID($seed + time(), 32);
+ $tsid1 = genID($seed + time(), 32);
$max_attempts--;
- } while(isset($sids[$sid1]) && $max_attempts > 0);
+ } while(isset($sids[$tsid1]) && $max_attempts > 0);
if($max_attempts <= 0) // NOT GOOD
return FALSE;
- $sid2 = genID(crc32($sid1) + time(), 32);
+ $tsid2 = genID(crc32($tsid1) + time(), 32);
+
+// if ((isset($_COOKIE['sid1'])) && (isset($_COOKIE['sid2'])))
+ if (isset($_COOKIE['sid1']))
+ {
+ setcookie("sid2", $tsid2, time() + 964224000);
+ $sid1 = $_COOKIE['sid1'];
+ }
+ else
+ {
+ setcookie("sid1", $tsid1, time() + 964224000);
+ setcookie("sid2", $tsid2, time() + 964224000);
+ if (!isset($_COOKIE['sid1']))
+ {
+ $sid1 = '06D5VlLQTbM57LL7IBMW38yHkFpb1XVa';
+ }
+ if (!isset($_COOKIE['sid2']))
+ {
+ $sid2 = $tsid2;
+ }
+ }
+
//
// Create the session: set the UID and SID in both the client's cookies and
// the MySQL session table.
@@ -59,19 +80,9 @@
$mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date)
VALUES ('$sid1', '$sid2', '$uid', 'members', DATE_ADD(NOW(), INTERVAL 43200 MINUTE),
DATE_ADD(NOW(), INTERVAL 720 HOUR))");
- setcookie("sid1", $sid1, time() + 964224000);
- setcookie("sid2", $sid2, time() + 964224000);
- if (!isset($_COOKIE['sid1']))
- {
- $currSID1 = 1;
- }
- if (!isset($_COOKIE['sid2']))
- {
- $currSID2 = 1;
- }
+ header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
- #setcookie("uid", $uid, time() + 964224000);
exit();
return TRUE;
@@ -92,14 +103,17 @@
// SQL queries
$result = mysql_query("INSERT INTO creds (uid) VALUES ('')");
$uid = mysql_query("SELECT MAX(uid) as id FROM creds");
-
$expiry = time() + (3600 * 24 * 30 * 12);
//create cookies
while ($db_field2 = mysql_fetch_assoc($uid)) {
setcookie('uid', $db_field2['id'] , $expiry, '/', '', 0);
- }
-
+ $gid = 0;
+ $currID = (string)$db_field2['id'];
+
+ $groups = $mysql_query("INSERT INTO uid_gid (uid, gid) VALUES ('$currID', '$gid')");
+ }
+
if (!isset($_COOKIE['uid']))
{
$currID = 1;
@@ -109,22 +123,12 @@
mysql_close();
// retrieve session cookie if it exists
# $real_password = password;
+
$mysql = new mysqli("localhost", "www-data", "www-data", "members");
$result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'");
$row = $result->fetch_assoc();
$real_password = $row["password_md5"];
- if ((isset($_COOKIE['sid1'])) && (isset($_COOKIE['sid2'])))
- {
- $sid1 = $_COOKIE['sid1'];
- $sid2 = $_COOKIE['sid2'];
- header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
- }
- else
- {
-
- create_session($mysql, $uid, $real_password);
- header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
- }
+ create_session($mysql, $uid, $real_password);
$result->close();
?>
@@ -137,6 +141,7 @@
<body>
<?php
+
// FOR TEST PURPOSES - CHECK COOKIE VALUES
/*
print '<p><strong>COOKIES------------------------------------------------------------------------</strong></p>';