Search the Community

yoyo w3s...im having a little trouble with my login page... here you can see the example: http://speed-scene.c...scene/login.php anyways, i allready knew about sessions and such, so i was thinking that it was time to expand my knowledge a little. so i was trying to make a login page that was using cookies to log me in, and while expanding, i was thinking that i could try it out on one of my projects on the following link i have allready given. but the trouble is that when im trying to login, then im just staying at the same page, and nofthing by then happends... here is all my login codes/pages im using: 1. bittorrent.php inside include folder from root (The functions im using to get the login thing to work...): function dbconn($autoclean = false){global $SS;if (!@mysql_connect($SS['mysql_host'], $SS['mysql_user'], $SS['mysql_pass'])){ switch (mysql_errno()) { case 1040: case 2002: if ($_SERVER['REQUEST_METHOD'] == "GET") die("<html><head><meta http-equiv='refresh' content=\"5 $_SERVER[REQUEST_URI]\"></head><body><table border='0' width='100%' height='100%'><tr><td><h3 align='center'>The server load is very high at the moment. Retrying, please wait...</h3></td></tr></table></body></html>"); else die("Too many users. Please press the Refresh button in your browser to retry."); default: die("[" . mysql_errno() . "] dbconn: mysql_connect: " . mysql_error()); }}mysql_select_db($SS['mysql_db']) or die('dbconn: mysql_select_db: ' . mysql_error());//mysql_query("SET NAMES utf8");mysql_set_charset('utf8');userlogin();if ($autoclean) register_shutdown_function("autoclean");} /*LOGIN FUNCTIONS*/function sqlesc($x) {return "'".mysql_real_escape_string($x)."'";}function mkglobal($vars) {if (!is_array($vars))$vars = explode(":", $vars);foreach ($vars as $v) {if (isset($_GET[$v])) $GLOBALS[$v] = unesc($_GET[$v]);elseif (isset($_POST[$v])) $GLOBALS[$v] = unesc($_POST[$v]);else return 0;}return 1;}function set_mycookie( $name, $value = "", $expires_in = 0, $sticky = 1 ){ global $SS; if ( $sticky == 1 ){ $expires = time() + 60*60*24*365;} else if ( $expires_in ) { $expires = time() + ( $expires_in * 86400 ); } else { $expires = FALSE; } $SS['cookie_domain'] = $SS['cookie_domain'] == "" ? "" : $SS['cookie_domain']; $SS['cookie_path'] = $SS['cookie_path'] == "" ? "/" : $SS['cookie_path']; if ( PHP_VERSION < 5.2 ) { if ( $SS['cookie_domain'] ) { @setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'], $SS['cookie_domain'] . '; HttpOnly' ); } else { @setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'] ); }}else{ @setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'], $SS['cookie_domain'], NULL, TRUE );}}function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff){set_mycookie( "uid", $id, $expires );set_mycookie( "pass", $passhash, $expires );if ($updatedb) @mysql_query("UPDATE users SET last_login = ".TIME_NOW." WHERE id = $id");}function logoutcookie() {set_mycookie('uid', '-1');set_mycookie('pass', '-1');}function loggedinorreturn() {global $CURUSER, $SS;if (!$CURUSER){ header("Location: {$SS['baseurl']}/login.php?returnto=" . urlencode($_SERVER["REQUEST_URI"])); exit();}}function get_mycookie($name){global $SS; if (isset($_COOKIE[$SS['cookie_prefix'].$name]) AND !empty($_COOKIE[$SS['cookie_prefix'].$name])) { return urldecode($_COOKIE[$SS['cookie_prefix'].$name]); } else { return FALSE; }}function userlogin() {global $SS;unset($GLOBALS["CURUSER"]);$ip = getip();$nip = ip2long($ip);require_once "cache/bans_cache.php";if(count($bans) > 0){foreach($bans as $k) { if($nip >= $k['first'] && $nip <= $k['last']) { header("HTTP/1.0 403 Forbidden"); print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address. Please, piss off... you had your chance.</body></html>\n"; exit(); }}unset($bans);}if (!$SS['site_online'] || !get_mycookie('uid') || !get_mycookie('pass'))return;$id = 0 + get_mycookie('uid');if (!$id || strlen( get_mycookie('pass') ) != 32)return;$res = mysql_query("SELECT * FROM users WHERE id = $id AND enabled='yes' AND status = 'confirmed'");// or die(mysql_error());$row = mysql_fetch_assoc($res);if (!$row)return;if (get_mycookie('pass') !== $row["passhash"])return;mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE id=" . $row["id"]);// or die(mysql_error());$row['ip'] = $ip;$GLOBALS["CURUSER"] = $row;}/*LOGIN FUNCTIONS*/ 2. this is my password_functions.php file inside include folder from root: <?phpfunction mksecret($len=5){ $salt = ''; for ( $i = 0; $i < $len; $i++ ) { $num = rand(33, 126); if ( $num == '92' ) { $num = 93; } $salt .= chr( $num ); } return $salt;} function make_passhash_login_key($len=60){ $pass = mksecret( $len ); return md5($pass);} function make_passhash($salt, $md5_once_password){ return md5( md5( $salt ) . $md5_once_password );} function make_password(){ $pass = ""; $unique_id = uniqid( mt_rand(), TRUE ); $prefix = mksecret(); $unique_id .= md5( $prefix ); usleep( mt_rand(15000,1000000) ); mt_srand( (double)microtime()*1000000 ); $new_uniqueid = uniqid( mt_rand(), TRUE ); $final_rand = md5( $unique_id.$new_uniqueid ); mt_srand(); for ($i = 0; $i < 15; $i++) { $pass .= $final_rand{ mt_rand(0, 31) }; } return $pass; }?> 3. this is my login.php file from root: <?phprequire_once("include/bittorrent.php");echo stdhead("Login");?> <form method="post" action="takelogin.php"><table class="login_table" align="center" border="1"><tr><td>Username</td><td><input type="text" name="username" id="username" size="35" /></td></tr><tr><td>Password</td><td><input type="password" name="password" id="password" size="35" /></td></tr><tr><td align="center" colspan="2"><input type="submit" name="login_submit" value="Login Now!" /></td></tr></table></form> <?phpecho stdfooter();?> 4. and at last, this is my takelogin.php file from root: <?phprequire_once 'include/bittorrent.php';require_once "include/password_functions.php";echo stdhead("Login");if (!mkglobal('username:password'))die();dbconn();$lang = array_merge(load_language('takelogin'));$res = mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirmed'");$row = mysql_fetch_assoc($res);if (!$row)stderr($lang['tlogin_failed'], 'Username or password incorrect');if ($row['passhash'] != make_passhash($row['secret'], md5($password)))stderr($lang['tlogin_failed'], 'Username or password incorrect');if ($row['enabled'] == 'no')stderr($lang['tlogin_failed'], $lang['tlogin_disabled']);logincookie($row['id'], $row['passhash']);header("Location: {$SS['baseurl']}/index.php");echo stdfooter();?> and now to the big question, what the heck is wrong since i cannot login?... ideas where to check... it seems for my eye that i cannot see where to edit, since its all looking pretty well for both me and 1 other guys online i am coding with sometimes ... but the login does not work, so it is obviously that the codes does not either...but in anyways... i would be very much happy if anyone in here could tell me where to have my eyes on... thanks alot! ... PS: if wish to see the whole project, then you can use the following .FTP user to grand acces to the server and read the files, just in case you need more information.. HOST: blackbitt.comUSER: ftp_reader@blackbitt.comPASS: Reader1PORT: 21 bittorrent.php file is the main design to the whole site, and all my functions. in this way i have maked a Global Based design... Hoping you guys once more can guid me on to the right road again, thanks alot in advance! ...