TalkPHP - View Single Post

Tanax · 02-01-2008, 06:32 PM

Okey, I noticed something.
I tried to login with the correct details, and it still didn't work.

So here's the whole code:

PHP Code:


			
        case 'login':
        
            if($tanaxia['user']->user_is_logged_in()) {
                
                header("Location: account.php?act=home");
                
            }
            
            else {
                
                if(isset($_POST['submit'])) {
                    
                    $user = $_POST['user'];
                    $pass = $_POST['pass'];
                    
                    $uid = $tanaxia['user']->user_check($user, $pass);
                    
                    if(!isset($uid)) {
                        
                        $_SESSION['error'] = '<font color="red">We couldn\'t find a user using those login details!</font>';
                        if(isset($_SESSION['error'])) {
                            
                            header("Location: account.php?act=login");
                            
                        }
                        
                        else {
                            
                            echo 'Could not set session';
                            
                        }
                        
                    }
                    
                    else {
                        
                        $tanaxia['user']->user_login($uid);
                        
                    }
                    
                }
                
                else {
                    
                    include('header.php');
                    
                    $tanaxia['template']->loadfile('loginform');
                    $msg = $_SESSION['error'];
                    $tanaxia['template']->parse(
                    
                    array(
                    
                        'error' => array(
                        
                            'msg' => $msg
                        
                        )
                    
                    ));
                    unset($_SESSION['error']);
                    
                    include('footer.php');
                    
                }
                    
            }
        
            // Login
            break;

I know there's nothing wrong with the template class..
But here's the login methods used:

PHP Code:


			
        public function user_check($user_name, $user_pass) {
            
            $sql = sprintf("    SELECT 
                                    `%s` 
                                FROM 
                                    `%s` 
                                WHERE 
                                    `%s` = '%s' AND `%s` = md5('%s')
                                LIMIT 1", 
                                
                                $this->db->col['user_id'],
                                $this->db->table['users'],
                                $this->db->col['user_name'],
                                $user_name,
                                $this->db->col['user_pass'],
                                $user_pass);
                                
            $query = $this->db->query($sql);
            
            if(@mysql_num_rows($query)) {
                
                $user_info = $this->db->fetch($query);
                
                return $user_info['user_id'];
                
            }
            
            else {
                
                return false;
                
            }
            
        }

        public function user_login($user_id) {
            
            $sql = sprintf("    UPDATE
                                    `%s`
                                SET
                                    `%s` = '%s',
                                    `%s` = NOW(),
                                    `%s` = NOW()
                                WHERE
                                    `%s` = '%d'",
                    
                                $this->db->table['users'],
                                $this->db->col['user_session'],
                                session_id(),
                                $this->db->col['user_last_visit'],
                                $this->db->col['user_last_action'],
                                $this->db->col['user_id'],
                                $user_id);
                                
            $this->db->query($sql);
            
        }

        public function user_is_logged_in() {
            
            $sql = sprintf("    SELECT
                                    `%s`
                                FROM
                                    `%s`
                                WHERE
                                    `%s` = '%s'
                                LIMIT 1",
                                
                                $this->db->col['user_id'],
                                $this->db->table['users'],
                                $this->db->col['user_session'],
                                session_id());
            
                            
            $query = $this->db->query($sql);
            
            if(@mysql_num_rows($query)) {
                
                return true;
                
            }
            
            return false;
            
            
        }

Edit: Yes I know I didn't secure it..

02-01-2008, 06:32 PM	#2 (permalink)
Tanax The Prestige Join Date: Sep 2007 Location: Sweden, Stockholm Posts: 1,080 Thanks: 115	Okey, I noticed something. I tried to login with the correct details, and it still didn't work. So here's the whole code: PHP Code: case 'login': if($tanaxia['user']->user_is_logged_in()) { header("Location: account.php?act=home"); } else { if(isset($_POST['submit'])) { $user = $_POST['user']; $pass = $_POST['pass']; $uid = $tanaxia['user']->user_check($user, $pass); if(!isset($uid)) { $_SESSION['error'] = '<font color="red">We couldn\'t find a user using those login details!</font>'; if(isset($_SESSION['error'])) { header("Location: account.php?act=login"); } else { echo 'Could not set session'; } } else { $tanaxia['user']->user_login($uid); } } else { include('header.php'); $tanaxia['template']->loadfile('loginform'); $msg = $_SESSION['error']; $tanaxia['template']->parse( array( 'error' => array( 'msg' => $msg ) )); unset($_SESSION['error']); include('footer.php'); } } // Login break; I know there's nothing wrong with the template class.. But here's the login methods used: PHP Code: public function user_check($user_name, $user_pass) { $sql = sprintf(" SELECT `%s` FROM `%s` WHERE `%s` = '%s' AND `%s` = md5('%s') LIMIT 1", $this->db->col['user_id'], $this->db->table['users'], $this->db->col['user_name'], $user_name, $this->db->col['user_pass'], $user_pass); $query = $this->db->query($sql); if(@mysql_num_rows($query)) { $user_info = $this->db->fetch($query); return $user_info['user_id']; } else { return false; } } public function user_login($user_id) { $sql = sprintf(" UPDATE `%s` SET `%s` = '%s', `%s` = NOW(), `%s` = NOW() WHERE `%s` = '%d'", $this->db->table['users'], $this->db->col['user_session'], session_id(), $this->db->col['user_last_visit'], $this->db->col['user_last_action'], $this->db->col['user_id'], $user_id); $this->db->query($sql); } public function user_is_logged_in() { $sql = sprintf(" SELECT `%s` FROM `%s` WHERE `%s` = '%s' LIMIT 1", $this->db->col['user_id'], $this->db->table['users'], $this->db->col['user_session'], session_id()); $query = $this->db->query($sql); if(@mysql_num_rows($query)) { return true; } return false; } Edit: Yes I know I didn't secure it..