02-01-2008, 06:32 PM
|
#2 (permalink)
|
|
The Prestige
Join Date: Sep 2007
Location: Sweden, Stockholm
Posts: 1,080
Thanks: 115
|
Okey, I noticed something.
I tried to login with the correct details, and it still didn't work.
So here's the whole code:
PHP Code:
case 'login':
if($tanaxia['user']->user_is_logged_in()) {
header("Location: account.php?act=home");
}
else {
if(isset($_POST['submit'])) {
$user = $_POST['user'];
$pass = $_POST['pass'];
$uid = $tanaxia['user']->user_check($user, $pass);
if(!isset($uid)) {
$_SESSION['error'] = '<font color="red">We couldn\'t find a user using those login details!</font>';
if(isset($_SESSION['error'])) {
header("Location: account.php?act=login");
}
else {
echo 'Could not set session';
}
}
else {
$tanaxia['user']->user_login($uid);
}
}
else {
include('header.php');
$tanaxia['template']->loadfile('loginform');
$msg = $_SESSION['error'];
$tanaxia['template']->parse(
array(
'error' => array(
'msg' => $msg
)
));
unset($_SESSION['error']);
include('footer.php');
}
}
// Login
break;
I know there's nothing wrong with the template class..
But here's the login methods used:
PHP Code:
public function user_check($user_name, $user_pass) {
$sql = sprintf(" SELECT
`%s`
FROM
`%s`
WHERE
`%s` = '%s' AND `%s` = md5('%s')
LIMIT 1",
$this->db->col['user_id'],
$this->db->table['users'],
$this->db->col['user_name'],
$user_name,
$this->db->col['user_pass'],
$user_pass);
$query = $this->db->query($sql);
if(@mysql_num_rows($query)) {
$user_info = $this->db->fetch($query);
return $user_info['user_id'];
}
else {
return false;
}
}
public function user_login($user_id) {
$sql = sprintf(" UPDATE
`%s`
SET
`%s` = '%s',
`%s` = NOW(),
`%s` = NOW()
WHERE
`%s` = '%d'",
$this->db->table['users'],
$this->db->col['user_session'],
session_id(),
$this->db->col['user_last_visit'],
$this->db->col['user_last_action'],
$this->db->col['user_id'],
$user_id);
$this->db->query($sql);
}
public function user_is_logged_in() {
$sql = sprintf(" SELECT
`%s`
FROM
`%s`
WHERE
`%s` = '%s'
LIMIT 1",
$this->db->col['user_id'],
$this->db->table['users'],
$this->db->col['user_session'],
session_id());
$query = $this->db->query($sql);
if(@mysql_num_rows($query)) {
return true;
}
return false;
}
Edit: Yes I know I didn't secure it.. |
|
|
|
Join the friendly bunch on IRC...
Linear Mode
