PDA

View Full Version : PHP Login Script / Browser Problems



JordanReich
02-07-2009, 08:45 PM
Hey,

I'm running into a couple of problems. I use a login system on my website, this system is used for a variety of purposes. However one part of it is that the login system runs through as spam filter to keep bots off my website. The problem with this is I engrained the script into my registration link on my forums, that way you have to be logged into the website before the forums will allow you to register, removing my bot based problems.

Now while this works perfectly on Internet Explorer, you log in then go back to the forums and continue registering. On Firefox or Chrome the login doesnt work, you login back to the link and then it wants you to log in again. As though it never remembered that it just happened.

Attached below is my login script code, looking for ideas


<?php
session_start();
$MM_authorizedUsers = "1,2,3,4,5,6,7,8,9,10,11,12,13,45";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = "http://www.uba-clan.com/v3/needtologin.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_AdminMainUserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
session_unregister('MM_Username');
session_unregister('MM_AdminMainUserGroup');

$logoutGoTo = "http://www.uba-clan.com/";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
$log_file = "botprevent.txt";
$ip = getenv('REMOTE_ADDR');
$record = date ("m/d/Y", mktime ($hour,$minute,$seconds,$month,$day,$year));
$fp = fopen("$log_file", "a");
fputs($fp, "$ip - $record\n");
flock($fp, 3);
fclose($fp);
//PRINT("<center>Your Ip was logged $duhdumduh .....$ip</center>");
?>