keyboard
09-25-2011, 07:52 AM
I have know changed my entire site (thanks mburt). Each page has a seprate folder. The login.php now submits to login_process.php. If The login is succesfull Than it adds a cookie and then redirects to echo time.php.
It is adding the cookie because when I go onto login_process.php and entire javascript:alert(document.cookie); It shows up. However, once it has redirected to echo time.php the cookie won't show up? Any help.
login_process.php
<?php
require "../database.php";
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
// header("Location: echo time.php");
// echo '<meta http-equiv="refresh" content="0;url=../echo time/">';
}
}
}
?>
<?php
//if the login form is submitted
if (isset($_POST['submit'])) {
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field. <a href="../login">Back</a>');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('I am sorry, the information entered was incorrect. <a href="../login">Back</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('I am sorry, the information entered was incorrect. <a href="../login">Back</a>');
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
$username42 = $info['username'];
$username44 = $info['id'];
$username43 = time();
$username49 = $username43+7200;
$username47 = date("h:i:s", $username49);
$fraig = strtotime('-1day');
$bobby = mysql_query("SELECT userid FROM online WHERE username = '$username42'")or die(mysql_error());
if( mysql_num_rows( $bobby ) != 1 )
{
$sql = mysql_query ("INSERT INTO online (id,username,userid,time,time2,ip) VALUES ('0','".$username42."','".$username44."','".$username43."','".$username47."','" . $_SERVER['REMOTE_ADDR']."')");
}
//then redirect them to the members area
echo '<meta http-equiv="refresh" content="0;url=../echo time">';
}
}
}
else
{
}
echo time.php
<?php
require "../database.php";
if(isset($_COOKIE['ID_my_site']))
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{ echo '<meta http-equiv="refresh" content="0;url=../echo time/">';
$eval = loggedin;
}
else
{
$eval = loggedin;
$userdata = $info['username'];
}
}
}
else
{
}
?>
<?php
require "../online.php";
if (isset ($_POST['submit']))
{
$comment = mysql_escape_string (trim (nl2br($_POST['comment'])));
// makes sure they filled it in
if(!$_POST['comment']) {
die('You didn\'t enter a comment.');
}
$username1 = $username;
$SQL = ("SELECT `id` FROM `users` WHERE `username`='$username1' AND `level`='6'");
if( mysql_num_rows( mysql_query( $SQL ) ) === 1 ){
$modmenosem = "(Moderator)";
}
$username1 = $username;
$SQL = "SELECT `id` FROM `users` WHERE `username`='$username1' AND `level`='9'";
if( mysql_num_rows( mysql_query( $SQL ) ) === 1 ){
$modmenosem = "(Admin)";
}
$date = time();
$cheese = "$comment <br /><hr /> ";
$guoc = "<b>$username</b> $modmenosem";
$sql = mysql_query ("INSERT INTO comments (id,comments,name,date,ip) VALUES ('0','".$cheese."','".$guoc."','".$date."','" . $_SERVER['REMOTE_ADDR']."')");
echo '<br /><br /><br /><br /><br /><br /><br /><br /><br /><center>Your comment has been entered successfully!</center>';
echo '<center><form method="post" action="echo time.php">';
echo '<input type="submit" value="Back" name="name"> <br />';
echo '</form>';
echo '</center>';
}
else
{
?>
<html>
<head>
</head>
<body>
<?php
echo "Hey <b> $userdata</b><br />";
// -------------------------------------------------------------------------------------------------------
$username1 = $username;
$SQL = "SELECT `id` FROM `users` WHERE `username`='$username1' AND `level`='6'";
if( mysql_num_rows( mysql_query( $SQL ) ) === 1 ){
echo "Welcome Moderator";
?><br /><br />
<?php
$crab = mysql_query("SELECT * FROM users WHERE level!='9'") or die(mysql_error());
?>
<br />
<br />
<br />
<br />
<br />
<h3> Number of registered accounts</h3><?php
echo mysql_num_rows($crab);
$check = mysql_query("SELECT * FROM users WHERE level='1'")or die(mysql_error());
?>
<br />
<br />
<br />
<br />
<br />
<h3>Usernames</h3><h5><u><b>CLICKING ON THESE WILL DELETE THE ACCOUNT</b></u></h5><?php
while ($info = mysql_fetch_array ($check)) {
echo "<a href=\"delete.php?ID=$info[id]name=$username\"> ".$info['username']."</a>";
?>
<br />
<?php
}
?>
<br />
<br />
<br />
<br />
<br />
<h3>Moderators</h3><h5><u><b>YOU DON'T HAVE PERMISSION TO DELETE THESE ACCOUNTS</b></u></h5><?php
$clrag = mysql_query("SELECT * FROM users WHERE level='6'")or die(mysql_error());
while ($info = mysql_fetch_array ($clrag)) {
?>
<font color=blue><u>
<?php
echo $info['username'];
?>
</u></font>
<br />
<?php
}
}
/*
*/
// -------------------------------------------------------------------------------------------------------
$SQL = "SELECT `id` FROM `users` WHERE `username`='$username1' AND `level`='9'";
if( mysql_num_rows( mysql_query( $SQL ) ) === 1 ){
echo "Welcome Grand Lord Of epicness";
?><br /><br />
<?php
$crab = mysql_query("SELECT * FROM `users`") or die(mysql_error());
?>
<br />
<br />
<br />
<br />
<br />
<h3> Number of registered accounts</h3><?php
echo mysql_num_rows($crab);
$check = mysql_query("SELECT * FROM users WHERE level='1'")or die(mysql_error());
?>
<br />
<br />
<br />
<br />
<br />
<h3>Users</h3><h5><u><b>CLICKING ON THESE WILL DELETE THE ACCOUNT</b></u></h5>
<?php
while ($info = mysql_fetch_array ($check)) {
echo "<a href=\"delete.php?ID=$info[id]name=$username\"> ".$info['username']."</a>";
?>
<br />
<?php
}
?>
<h3>Moderators</h3><h5><u><b>CLICKING ON THESE WILL DELETE THE ACCOUNT</b></u></h5>
<?php
$clrag = mysql_query("SELECT * FROM users WHERE level='6'")or die(mysql_error());
while ($info = mysql_fetch_array ($clrag)) {
echo "<a href=\"delete.php?ID=$info[id]name=$username\"> ".$info['username']."</a>";
?>
<br />
<?php
}
?>
<br />
<br />
<br />
<br />
<br />
<?php
}
// ---------------------------------------------------------------------------------------------------------------------
?>
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
<p><b><u>COMMENTS</u></b></p>
<?php
// POST data wasn\'t entered, so display the comments and comment form
// view comments from database
$sql = mysql_query ("SELECT * FROM comments ORDER BY date DESC") or die(mysql_error());;
while ($row = mysql_fetch_array ($sql)) {
?>
<table border="0" cellspacing="0" cellpadding="4" width="500">
<tr>
<td>
<?php
echo $row['name'].'<br />';
?>
</td>
<td>
<?php
echo date("d/m/y", $row['date']);
// echo $row['date'].'<br />';
?>
</td> </tr>
</table><br />
<?php
echo $row['comments'].'<br />';
}
echo '<br /><br />
<form action="echo time.php" method="post">
Comments:<br />
<textarea name="comment" cols="40" rows="7"></textarea>
<input type="submit" value="Submit" name="submit">
</form>';
}
?>
</body>
</html>
Any help would be great!
It is adding the cookie because when I go onto login_process.php and entire javascript:alert(document.cookie); It shows up. However, once it has redirected to echo time.php the cookie won't show up? Any help.
login_process.php
<?php
require "../database.php";
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
// header("Location: echo time.php");
// echo '<meta http-equiv="refresh" content="0;url=../echo time/">';
}
}
}
?>
<?php
//if the login form is submitted
if (isset($_POST['submit'])) {
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field. <a href="../login">Back</a>');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('I am sorry, the information entered was incorrect. <a href="../login">Back</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('I am sorry, the information entered was incorrect. <a href="../login">Back</a>');
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
$username42 = $info['username'];
$username44 = $info['id'];
$username43 = time();
$username49 = $username43+7200;
$username47 = date("h:i:s", $username49);
$fraig = strtotime('-1day');
$bobby = mysql_query("SELECT userid FROM online WHERE username = '$username42'")or die(mysql_error());
if( mysql_num_rows( $bobby ) != 1 )
{
$sql = mysql_query ("INSERT INTO online (id,username,userid,time,time2,ip) VALUES ('0','".$username42."','".$username44."','".$username43."','".$username47."','" . $_SERVER['REMOTE_ADDR']."')");
}
//then redirect them to the members area
echo '<meta http-equiv="refresh" content="0;url=../echo time">';
}
}
}
else
{
}
echo time.php
<?php
require "../database.php";
if(isset($_COOKIE['ID_my_site']))
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{ echo '<meta http-equiv="refresh" content="0;url=../echo time/">';
$eval = loggedin;
}
else
{
$eval = loggedin;
$userdata = $info['username'];
}
}
}
else
{
}
?>
<?php
require "../online.php";
if (isset ($_POST['submit']))
{
$comment = mysql_escape_string (trim (nl2br($_POST['comment'])));
// makes sure they filled it in
if(!$_POST['comment']) {
die('You didn\'t enter a comment.');
}
$username1 = $username;
$SQL = ("SELECT `id` FROM `users` WHERE `username`='$username1' AND `level`='6'");
if( mysql_num_rows( mysql_query( $SQL ) ) === 1 ){
$modmenosem = "(Moderator)";
}
$username1 = $username;
$SQL = "SELECT `id` FROM `users` WHERE `username`='$username1' AND `level`='9'";
if( mysql_num_rows( mysql_query( $SQL ) ) === 1 ){
$modmenosem = "(Admin)";
}
$date = time();
$cheese = "$comment <br /><hr /> ";
$guoc = "<b>$username</b> $modmenosem";
$sql = mysql_query ("INSERT INTO comments (id,comments,name,date,ip) VALUES ('0','".$cheese."','".$guoc."','".$date."','" . $_SERVER['REMOTE_ADDR']."')");
echo '<br /><br /><br /><br /><br /><br /><br /><br /><br /><center>Your comment has been entered successfully!</center>';
echo '<center><form method="post" action="echo time.php">';
echo '<input type="submit" value="Back" name="name"> <br />';
echo '</form>';
echo '</center>';
}
else
{
?>
<html>
<head>
</head>
<body>
<?php
echo "Hey <b> $userdata</b><br />";
// -------------------------------------------------------------------------------------------------------
$username1 = $username;
$SQL = "SELECT `id` FROM `users` WHERE `username`='$username1' AND `level`='6'";
if( mysql_num_rows( mysql_query( $SQL ) ) === 1 ){
echo "Welcome Moderator";
?><br /><br />
<?php
$crab = mysql_query("SELECT * FROM users WHERE level!='9'") or die(mysql_error());
?>
<br />
<br />
<br />
<br />
<br />
<h3> Number of registered accounts</h3><?php
echo mysql_num_rows($crab);
$check = mysql_query("SELECT * FROM users WHERE level='1'")or die(mysql_error());
?>
<br />
<br />
<br />
<br />
<br />
<h3>Usernames</h3><h5><u><b>CLICKING ON THESE WILL DELETE THE ACCOUNT</b></u></h5><?php
while ($info = mysql_fetch_array ($check)) {
echo "<a href=\"delete.php?ID=$info[id]name=$username\"> ".$info['username']."</a>";
?>
<br />
<?php
}
?>
<br />
<br />
<br />
<br />
<br />
<h3>Moderators</h3><h5><u><b>YOU DON'T HAVE PERMISSION TO DELETE THESE ACCOUNTS</b></u></h5><?php
$clrag = mysql_query("SELECT * FROM users WHERE level='6'")or die(mysql_error());
while ($info = mysql_fetch_array ($clrag)) {
?>
<font color=blue><u>
<?php
echo $info['username'];
?>
</u></font>
<br />
<?php
}
}
/*
*/
// -------------------------------------------------------------------------------------------------------
$SQL = "SELECT `id` FROM `users` WHERE `username`='$username1' AND `level`='9'";
if( mysql_num_rows( mysql_query( $SQL ) ) === 1 ){
echo "Welcome Grand Lord Of epicness";
?><br /><br />
<?php
$crab = mysql_query("SELECT * FROM `users`") or die(mysql_error());
?>
<br />
<br />
<br />
<br />
<br />
<h3> Number of registered accounts</h3><?php
echo mysql_num_rows($crab);
$check = mysql_query("SELECT * FROM users WHERE level='1'")or die(mysql_error());
?>
<br />
<br />
<br />
<br />
<br />
<h3>Users</h3><h5><u><b>CLICKING ON THESE WILL DELETE THE ACCOUNT</b></u></h5>
<?php
while ($info = mysql_fetch_array ($check)) {
echo "<a href=\"delete.php?ID=$info[id]name=$username\"> ".$info['username']."</a>";
?>
<br />
<?php
}
?>
<h3>Moderators</h3><h5><u><b>CLICKING ON THESE WILL DELETE THE ACCOUNT</b></u></h5>
<?php
$clrag = mysql_query("SELECT * FROM users WHERE level='6'")or die(mysql_error());
while ($info = mysql_fetch_array ($clrag)) {
echo "<a href=\"delete.php?ID=$info[id]name=$username\"> ".$info['username']."</a>";
?>
<br />
<?php
}
?>
<br />
<br />
<br />
<br />
<br />
<?php
}
// ---------------------------------------------------------------------------------------------------------------------
?>
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
<p><b><u>COMMENTS</u></b></p>
<?php
// POST data wasn\'t entered, so display the comments and comment form
// view comments from database
$sql = mysql_query ("SELECT * FROM comments ORDER BY date DESC") or die(mysql_error());;
while ($row = mysql_fetch_array ($sql)) {
?>
<table border="0" cellspacing="0" cellpadding="4" width="500">
<tr>
<td>
<?php
echo $row['name'].'<br />';
?>
</td>
<td>
<?php
echo date("d/m/y", $row['date']);
// echo $row['date'].'<br />';
?>
</td> </tr>
</table><br />
<?php
echo $row['comments'].'<br />';
}
echo '<br /><br />
<form action="echo time.php" method="post">
Comments:<br />
<textarea name="comment" cols="40" rows="7"></textarea>
<input type="submit" value="Submit" name="submit">
</form>';
}
?>
</body>
</html>
Any help would be great!