Mercurial Mercurial > code > n4c > HTMLrequester / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
with sessions
authorAlex McMahon <alex.mcmahon@cs.tcd.ie>
Tue, 19 May 2009 18:41:47 +0100
changeset 3 ad69d332e9dc
parent 1 29ae580f12bd
child 4 2c829de4b83c
with sessions
add_search.php file | annotate | diff | comparison | revisions
details.php file | annotate | diff | comparison | revisions
index.php file | annotate | diff | comparison | revisions 
--- a/add_search.php	Tue May 19 08:30:24 2009 +0100
+++ b/add_search.php	Tue May 19 18:41:47 2009 +0100
@@ -6,7 +6,7 @@
 	}
 	
 	// get user ID from cookie
-	$currID = $_COOKIE['n4c_ID'];
+	$currID = $_COOKIE['uid'];
 	
 	if ($currID == "") 
 	{
--- a/details.php	Tue May 19 08:30:24 2009 +0100
+++ b/details.php	Tue May 19 18:41:47 2009 +0100
@@ -1,6 +1,6 @@
 <?php 
 	// read user ID from cookie, if cookie doesn't exist, set to 1 (master)
-	$currID = $_COOKIE['n4c_ID'];
+	$currID = $_COOKIE['uid'];
 	
 	if ($currID == "") 
 	{
--- a/index.php	Tue May 19 08:30:24 2009 +0100
+++ b/index.php	Tue May 19 18:41:47 2009 +0100
@@ -1,34 +1,126 @@
 <?php
+function genID($seed, $length)
+{
+        $ID = "";
+        srand($seed);
+        for($i = 0; $i < $length; $i++)
+        {
+                $chtype = rand(1, 3);
+                switch($chtype)
+                {
+                case 1: // 0-9
+                        $ID .= chr(rand(48, 57));
+                        break;
+                case 2: // A-Z
+                        $ID .= chr(rand(65, 90));
+                        break;
+                case 3: // a-z
+                        $ID .= chr(rand(97, 122));
+                        break;
+                }
+        }
+        return $ID;
+
+}
+function create_session($mysql, $uid, $password)
+{
+        //
+        // Build list of existing SIDs
+        //
+        $result = $mysql->query("SELECT sid FROM sessions");
+        $num_rows = $result->num_rows;
+        while($num_rows > 0)
+        {
+                $row = $result->fetch_assoc();
+                $sids[$row["sid"]] = TRUE;
+                $num_rows--;
+        }
+        $result->close();
+        //
+        // Generate main SID (making sure it is unique)
+        //
+        $max_attempts = 500000;
+        $seed = crc32($password);
+        do
+        {
+                $sid1 = genID($seed + time(), 32);
+                $max_attempts--;
+        } while(isset($sids[$sid1]) && $max_attempts > 0);
+        if($max_attempts <= 0) // NOT GOOD
+                return FALSE;
+        $sid2 = genID(crc32($sid1) + time(), 32);
+        //
+        // Create the session: set the UID and SID in both the client's cookies and
+        // the MySQL session table.
+        //
+
+$uid = (string)$uid;
+        $mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date)
+                VALUES ('$sid1', '$sid2', '$uid', 'members', DATE_ADD(NOW(), INTERVAL 30 MINUTE),
+                DATE_ADD(NOW(), INTERVAL 8 HOUR))");
+        setcookie("sid1", $sid1, time() + 964224000);
+        setcookie("sid2", $sid2, time() + 964224000);
+	#setcookie("uid", $uid, time() + 964224000);
+    	exit();
+
+        return TRUE;
+}
+
+
 	$conn = mysql_connect('localhost','www-data','www-data') or die(mysql_error());
 	mysql_select_db('members');
 	
 	// retrieve cookie if it exists
-	if (isset($_COOKIE['n4c_ID'])) 
+	if (isset($_COOKIE['uid'])) 
 	{	
-		$currID = $_COOKIE['n4c_ID'];
+		$currID = $_COOKIE['uid'];
+		$uid = $currID;
 	} 
 	else 
 	{
 		// SQL queries
 		$result = mysql_query("INSERT INTO creds (uid) VALUES ('')");
-		$user_id =  mysql_query("SELECT MAX(uid) as id FROM creds");
+		$uid =  mysql_query("SELECT MAX(uid) as id FROM creds");
 		
 		$expiry = time() + (3600 * 24 * 30 * 12); 
 		
 		//create cookies
-		while ($db_field2 = mysql_fetch_assoc($user_id)) {		 
-		 	setcookie('n4c_ID', $db_field2['id'] , $expiry, '/', '', 0);
+		while ($db_field2 = mysql_fetch_assoc($uid)) {		 
+		 	setcookie('uid', $db_field2['id'] , $expiry, '/', '', 0);
 		}
 		
-		if (!isset($_COOKIE['n4c_ID'])) 
+		if (!isset($_COOKIE['uid'])) 
 		{
 			$currID = 1;
 		}
 	}
-	
 	mysql_close();
-	
-	header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/details.php');
+	// retrieve session cookie if it exists
+#	$real_password = password;
+$mysql = new mysqli("localhost", "www-data", "www-data", "members");
+/* check connection */
+#if (mysqli_connect_errno()) {
+#    printf("Connect failed: %s\n", mysqli_connect_error());
+#    exit();
+#}
+$result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'");
+$row = $result->fetch_assoc();
+$real_password = $row["password_md5"];
+
+	#print $uid;
+ 	#if ((isset($_COOKIE['sid1'])) && (isset($_COOKIE['sid2'])))
+        #{
+        #        $sid1 = $_COOKIE['sid1'];
+        #        $sid2 = $_COOKIE['sid2'];
+	#	print $sid1;
+	#	print $sid2;
+        #}
+
+	$mysql = new mysqli("localhost", "www-data", "www-data", "members");
+	create_session($mysql, $uid, $real_password);
+       	header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
+$result->close();
+
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
HTMLrequester