my login does not working...

[rootKID]

yoyo w3s...im having a little trouble with my login page... here you can see the example: http://speed-scene.c...scene/login.php anyways, i allready knew about sessions and such, so i was thinking that it was time to expand my knowledge a little. so i was trying to make a login page that was using cookies to log me in, and while expanding, i was thinking that i could try it out on one of my projects on the following link i have allready given. but the trouble is that when im trying to login, then im just staying at the same page, and nofthing by then happends... here is all my login codes/pages im using: 1. bittorrent.php inside include folder from root (The functions im using to get the login thing to work...):

function dbconn($autoclean = false){global $SS;if (!@mysql_connect($SS['mysql_host'], $SS['mysql_user'], $SS['mysql_pass'])){  switch (mysql_errno())  {  case 1040:  case 2002:   if ($_SERVER['REQUEST_METHOD'] == "GET")	die("<html><head><meta http-equiv='refresh' content=\"5 $_SERVER[REQUEST_URI]\"></head><body><table border='0' width='100%' height='100%'><tr><td><h3 align='center'>The server load is very high at the moment. Retrying, please wait...</h3></td></tr></table></body></html>");   else	die("Too many users. Please press the Refresh button in your browser to retry.");  default:   die("[" . mysql_errno() . "] dbconn: mysql_connect: " . mysql_error());  }}mysql_select_db($SS['mysql_db'])  or die('dbconn: mysql_select_db: ' . mysql_error());//mysql_query("SET NAMES utf8");mysql_set_charset('utf8');userlogin();if ($autoclean)  register_shutdown_function("autoclean");}  /*LOGIN FUNCTIONS*/function sqlesc($x) {return "'".mysql_real_escape_string($x)."'";}function mkglobal($vars) {if (!is_array($vars))$vars = explode(":", $vars);foreach ($vars as $v) {if (isset($_GET[$v]))  $GLOBALS[$v] = unesc($_GET[$v]);elseif (isset($_POST[$v]))  $GLOBALS[$v] = unesc($_POST[$v]);else  return 0;}return 1;}function set_mycookie( $name, $value = "", $expires_in = 0, $sticky = 1 ){  global $SS;  if ( $sticky == 1 ){  $expires = time() + 60*60*24*365;}  else if ( $expires_in )  {   $expires = time() + ( $expires_in * 86400 );  }  else  {   $expires = FALSE;  }  $SS['cookie_domain'] = $SS['cookie_domain'] == "" ? ""  : $SS['cookie_domain'];  $SS['cookie_path']   = $SS['cookie_path']   == "" ? "/" : $SS['cookie_path'];  if ( PHP_VERSION < 5.2 )  {  if ( $SS['cookie_domain'] )  {  @setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'], $SS['cookie_domain'] . '; HttpOnly' );  }  else  {  @setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'] );  }}else{  @setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'], $SS['cookie_domain'], NULL, TRUE );}}function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff){set_mycookie( "uid", $id, $expires );set_mycookie( "pass", $passhash, $expires );if ($updatedb)  @mysql_query("UPDATE users SET last_login = ".TIME_NOW." WHERE id = $id");}function logoutcookie() {set_mycookie('uid', '-1');set_mycookie('pass', '-1');}function loggedinorreturn() {global $CURUSER, $SS;if (!$CURUSER){  header("Location: {$SS['baseurl']}/login.php?returnto=" . urlencode($_SERVER["REQUEST_URI"]));  exit();}}function get_mycookie($name){global $SS;  if (isset($_COOKIE[$SS['cookie_prefix'].$name]) AND !empty($_COOKIE[$SS['cookie_prefix'].$name]))  {   return urldecode($_COOKIE[$SS['cookie_prefix'].$name]);  }  else  {   return FALSE;  }}function userlogin() {global $SS;unset($GLOBALS["CURUSER"]);$ip = getip();$nip = ip2long($ip);require_once "cache/bans_cache.php";if(count($bans) > 0){foreach($bans as $k) {  if($nip >= $k['first'] && $nip <= $k['last']) {  header("HTTP/1.0 403 Forbidden");  print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address. Please, piss off... you had your chance.</body></html>\n";  exit();  }}unset($bans);}if (!$SS['site_online'] || !get_mycookie('uid') || !get_mycookie('pass'))return;$id = 0 + get_mycookie('uid');if (!$id || strlen( get_mycookie('pass') ) != 32)return;$res = mysql_query("SELECT * FROM users WHERE id = $id AND enabled='yes' AND status = 'confirmed'");// or die(mysql_error());$row = mysql_fetch_assoc($res);if (!$row)return;if (get_mycookie('pass') !== $row["passhash"])return;mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE id=" . $row["id"]);// or die(mysql_error());$row['ip'] = $ip;$GLOBALS["CURUSER"] = $row;}/*LOGIN FUNCTIONS*/

2. this is my password_functions.php file inside include folder from root:

<?phpfunction mksecret($len=5){  $salt = '';   for ( $i = 0; $i < $len; $i++ )  {   $num   = rand(33, 126);     if ( $num == '92' )   {	$num = 93;   }     $salt .= chr( $num );  }   return $salt;} function make_passhash_login_key($len=60){  $pass = mksecret( $len );   return md5($pass);} function make_passhash($salt, $md5_once_password){  return md5( md5( $salt ) . $md5_once_password );} function make_password(){  $pass = "";   $unique_id  = uniqid( mt_rand(), TRUE );  $prefix  = mksecret();  $unique_id .= md5( $prefix );   usleep( mt_rand(15000,1000000) );   mt_srand( (double)microtime()*1000000 );  $new_uniqueid = uniqid( mt_rand(), TRUE );   $final_rand = md5( $unique_id.$new_uniqueid );   mt_srand();   for ($i = 0; $i < 15; $i++)  {   $pass .= $final_rand{ mt_rand(0, 31) };  }   return $pass;  }?>

3. this is my login.php file from root:

<?phprequire_once("include/bittorrent.php");echo stdhead("Login");?> <form method="post" action="takelogin.php"><table class="login_table" align="center" border="1"><tr><td>Username</td><td><input type="text" name="username" id="username" size="35" /></td></tr><tr><td>Password</td><td><input type="password" name="password" id="password" size="35" /></td></tr><tr><td align="center" colspan="2"><input type="submit" name="login_submit" value="Login Now!" /></td></tr></table></form> <?phpecho stdfooter();?>

4. and at last, this is my takelogin.php file from root:

<?phprequire_once 'include/bittorrent.php';require_once "include/password_functions.php";echo stdhead("Login");if (!mkglobal('username:password'))die();dbconn();$lang = array_merge(load_language('takelogin'));$res = mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirmed'");$row = mysql_fetch_assoc($res);if (!$row)stderr($lang['tlogin_failed'], 'Username or password incorrect');if ($row['passhash'] != make_passhash($row['secret'], md5($password)))stderr($lang['tlogin_failed'], 'Username or password incorrect');if ($row['enabled'] == 'no')stderr($lang['tlogin_failed'], $lang['tlogin_disabled']);logincookie($row['id'], $row['passhash']);header("Location: {$SS['baseurl']}/index.php");echo stdfooter();?>

and now to the big question, what the heck is wrong since i cannot login?... ideas where to check... it seems for my eye that i cannot see where to edit, since its all looking pretty well for both me and 1 other guys online i am coding with sometimes ... but the login does not work, so it is obviously that the codes does not either...but in anyways... i would be very much happy if anyone in here could tell me where to have my eyes on... thanks alot! ... PS: if wish to see the whole project, then you can use the following .FTP user to grand acces to the server and read the files, just in case you need more information.. HOST: blackbitt.comUSER: ftp_reader@blackbitt.comPASS: Reader1PORT: 21 bittorrent.php file is the main design to the whole site, and all my functions. in this way i have maked a Global Based design... Hoping you guys once more can guid me on to the right road again, thanks alot in advance! ...

Edited July 23, 2012 by rootKID

[justsomeguy]

What have you tried so far? Have you added any debugging statements to help you see the process and figure out where it's going wrong?

[rootKID]

in the bittorrent.php file in the top i have like this:

/*ERROR CHECKING FOR POST,GET, AND SESSION ARRAY!*/echo "Sessions";echo "<pre>";print_r($_SESSION);echo "</pre>";echo "GET";echo "<pre>";print_r($_GET);echo "</pre>";echo "POST";echo "<pre>";print_r($_POST);echo "</pre>";echo "SERVER";echo "<pre>";print_r($_SERVER);echo "</pre>";/*ERROR CHECKING FOR POST,GET, AND SESSION ARRAY!*/

and i have activated it now online, so you will also be able to see on the test site...but what the point was of this, was to create a variable called (CURUSER) that stands for CurrentUser, and then we could be able to use it to row out stuff from the user table, and we have seemed this before in a open-source project called tbdev 09 final version, and its the exacly same coding way we are using to build up design and such on out project, just to make sure all works while we are trying some stuff out. and ive also tried to echo the variable, but im getting nofthing out of it... you can also see for yourself via FTP... ive given FTP acces via a test user ive created on my server....and backup and all are taken... so wont be a problem if we destroy the whole damn site while trying fixing it ... and right now for momment being, that is all ive tried so far...ive also tried to look into the functions, but after my little eye can spot, then all seems pretty good to me... that is why im kinda confuced where to go right now... and how i tried to solve problems so far inside the functions, was with the exit and die function... and all seems to come out right as my eye can spot it...so if you wish to try yourself with a go, then just login with ftp dude... and its late... so i will turn to bed for the day and reply tomorrow, and to see if any feedback from ya... thanks for today dude ... see ya...

[justsomeguy]

If your $CURUSER variable is empty then I would add debugging statements to the code that sets that variable to figure out why it's not getting set.

[rootKID]

hmm... could you give a example?... because im still a litte confuced when its comming to the bigger debugging ways... thanks.

[justsomeguy]

Just use echo statements to have the code tell you what it's doing. e.g.:

echo 'site online: ' . $SS['site_online'] . '<br>';echo 'cookie UID: ' . get_mycookie('uid') . '<br>';echo 'cookie password: ' . get_mycookie('pass') . '<br>';if (!$SS['site_online'] || !get_mycookie('uid') || !get_mycookie('pass')){  echo 'quitting';  return;}

The point is for you to be able to verify all of the data that your code is using and what path it is taking so that you can understand why it is doing what it is. If you don't understand why your code is doing something, then have it tell you why.

[rootKID]

ahh... thanks, will try to remember this kind of coding example, i did not knew how to echo it right i think since it was inside a array ... anyways... i did try as you said, and nofthing as a start... but when im trying to login again, im getting uid: 166 and pass = (MD5 STRING...) so that should be working as far as i can see... now, could it be the loggedinorreturn function?... because if it does get my login... then just why is it not putting me into the damn site... i just dont get it Oo... seems weird in a way to me...

[justsomeguy]

Keep adding debugging code. What I showed was a small example. You need much more than that. Every time you have an if statement, for example, print out the values you're checking. If you have a return statement, add an echo statement so that you know that the function returned at that point. Look at the output from your debugging statements and compare it with what you think should happen.

[rootKID]

ok, just one thing/problem.. i dont know if you have seemed my website build-up way with the ftp-datails ive given...but if so, youll might have seemed inside the file bittorrent.php inside include folder that inside the function called stdhead that the menu i have builded up, its the same ive used there, the code CURUSER variable, and i have allready posted that out into the global with the examble you gave me, is it possible to do so again inside a variable Oo... just that, will they not override each other, or is that even possible when they are on each site of the function?... just asking ... PS: Will try still what you told me to, to echo everything i seem to be a thing that i should be having a look at...and then i will post about what i have finded out... .

Edited July 25, 2012 by rootKID

[justsomeguy]

I don't understand what you're asking.

[rootKID]

dosent matter... that was me talking black for a second i think... sorry... anyways... my new question is, what to do now... ive tried looking over all the damn code,and i just dont know what to do now since i have no ideas about what im needing/doing wrong... im clueless right now actually...

[justsomeguy]

The point is to understand what your code is doing. If you understand what the code is doing then you can check that against what you think it should be doing, and then the problems will be obvious. So you need to print out as much information as possible to allow you to understand exactly what happens when you press the log in button. You can't add too much debugging information, add echo statements everywhere to get the code to tell you when it's going into an if statement, or starting a loop, or returning from a function, etc. Print out all of the data it's using. Do everything you can to make yourself understand exactly what the code does. Print out SQL queries it's about to run, print out the data that MySQL returned, etc. Print everything. Have your code tell you exactly what it's doing. That's the only way to debug, you need to know specifically what the code is doing, and also why it's doing that. If you're comparing a username and password from a database, print out all of the values you're comparing. Print the values and hashes from the form, print the values you got from the database, etc. If the values don't match then it will be obvious why you can't log in.

[rootKID]

ok, this is what i (was) expecting it to be like to do in the beginning: a user logins in via the login page a cookie is set with something that can identify a sole user then a redirection... The redirection forces the userlogin to be called again but this time you have a cookie so it will attempt to get the data associated with what was set. and that was kinda the whole idea, and that was also what me and my coding friend was talking about, on how to make it ... EDIT: anyways.. i have added files if you wish to see what ive done so far if you wish to see for yourself, just to understand what im trying to, i will be debugging some more on the code untill tomorrow... if you find out what the heck is wrong, give me a clue where to look.... thanks dude ...

Edited July 25, 2012 by rootKID

[justsomeguy]

So, you need to verify what the code is actually doing then. Since you're using headers to set the cookies and redirect then it probably won't help much to print debugging information, it will break the headers or you'll never see it. In that case you should use an error log, which is what I use normally anyway. Add code like this to a file that you include on all of your other pages:

error_reporting(E_ALL);ini_set('error_log', dirname(__FILE__) . DIRECTORY_SEPARATOR . 'error.log');ini_set('html_errors', 0);ini_set('log_errors', 1);ini_set('display_errors', 0);

That's going to have all errors go to a file called error.log in the same directory as the script where you put that code. You can check inside that file for all of your error messages, and you can also send your own data to that file for debugging. You can use the error_log function to write any text you want to the error log file to help you debug and understand your code. http://www.php.net/manual/en/function.error-log.php

[rootKID]

ok thanks, will try this tomorrow.since its pretty late, and im on vecation down on gran canarian islands. and i need to go up early tomorrow. because of going to a market tomorrow, just for fun .. but i will try tomorrow, and post feedback... PS: can't i just write on bittorrent.php file, then it will affect all files anyway... and then the error.log will just get up on include folder, right?...

[justsomeguy]

Say hi to Ingolme for me.

[rootKID]

Ingolme?... why... he's on vecation down here too?... and where to be exact?.. im in Puerto Rico on a hotel called (Altamar) ... PS: you did not say if i could use it on the bittorrent.php file ...

[justsomeguy]

I don't know exactly where Ingolme is, the GPS locator I implanted on him isn't working right now. You can put it in any file you want to, I suggest a file that gets included in all other files. If your bittorrent.php file gets included everywhere, then that's a good candidate. If you don't see the error.log file get created automatically then you may need to create it yourself and give PHP permission to write to it.

[rootKID]

ok, thanks. will give the details of the log tomorrow when i have tested it, have allready maked the code... just needing to see what it has written to me,but too tired right now, so will not post feedback untill tomorrow... so see ya tomorrow with an update ... Thanks for now.

[rootKID]

hello again, and sorry for late reply. i have now tested the log file on the following files by doing as you told me to do by making a including file on same place as each file (root)... login.phptakelogin.phpindex.php (just to make sure anything was getting inside there at all...) and i have now attached my log file, but as i seing it. then it does not mention anything related to curuser variable as far as i can see... and next thing/question, is if the curuser is not working, (witch it isn't) but im still getting a cookie that has been created, then i suppose the cookie creation is working 100%, but creating the curuser variable does not, right?... because i have maked a if isset inside bittorrent.php menu part inside stdhead function that says if a curuser isset, then it will show a normal menu, else the not-logged in menu as you can see right now on the site... so i suppose it is only the curuser variable that does not works right now for momment being -.-'... any new ideas? ...

Edited July 27, 2012 by rootKID

[justsomeguy]

Still the same. You need to add debugging output when you set the variable and when you're trying to get the value. When you set the variable print out the value that you're setting it to also. Again, you need to understand what your code is doing. That is literally the only way to program. It sounds like you still don't understand what your code is doing. That error log doesn't show any of your debugging output, it just shows error messages that you're trying to use variables that don't exist.

[rootKID]

i just dont know what to do, and yes. i really have tried to debug.but every damn time im trying, then i am getting nofthing out from my database. that is why im confuced, and still when i login. the cookie (is) created, but im getting nofthing out from the curuser variable Oo... that is why im confuced, and yes. im still trying.but like i said, just a little bit (ALOT) confuced. and yes, i do understand what my coding is doing .just that when it come to the part of debugging. im just a little slow at finding out where to look and such.

[justsomeguy]

Post the code you're using now.

[rootKID]

sorry for late reply, here you go now: bittorrent.phplogin.phptakelogin.phppassword_functions.php Files are all now attached ...

[justsomeguy]

I don't see any debugging information at all. When I say you need to debug everything, I mean everything. If you're not able to log in and you don't know why then you don't know what your code is doing, because if you did then you would know where the problem is and how to fix it. Assuming your code is set to use an error log, then use the error_log function like I said to send your debugging information there.

<?phprequire_once ("include/bittorrent.php");require_once ("include/password_functions.php");require_once ("errorlog_creater.php");echo stdhead("Login");  if (!mkglobal('username:password'))die();dbconn();$lang = array_merge(load_language('takelogin')); $res = mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirmed'");$row = mysql_fetch_assoc($res);error_log(__FILE__ . __LINE__ . ': record from database: ' . print_r($row)); if (!$row)stderr($lang['tlogin_failed'], 'Username or password incorrect');  error_log(__FILE__ . __LINE__ . ': calculate password hash: ' . make_passhash($row['secret'], md5($password));if ($row['passhash'] != make_passhash($row['secret'], md5($password)))stderr($lang['tlogin_failed'], 'Username or password incorrect');if ($row['enabled'] == 'no')stderr($lang['tlogin_failed'], $lang['tlogin_disabled']);  error_log(__FILE__ . __LINE__ . ': calling logincookie(' . $row['id'] . ',' . $row['passhash'] . ')');logincookie($row['id'], $row['passhash']); header("Location: {$SS['baseurl']}/index.php");echo stdfooter(); ?>

You should also add debugging code to the logincookie function, and whatever code checks the cookie. Do the same type of thing, have your code print out all of the data you're using in the log so that you can check it. Also, unless output buffering is on it's not going to work to output your head section before sending a header, and it's pointless to output anything after sending a location header.