The main problem is that the user loggs of unintentionally when refreshing the page or pressing an update button. I found out through debugging that browsers (yes, I tested several different ones) won't read my if conditions correctly:
if(!empty($_POST)) {
if (isset($_POST['btnLogin'])) {
In this condition the $_SESSION objects are set, so that the user won't stay logged in. The code runs on a mobile web page (subdomain, php 5.4) in a one page design. On the main homepage (not one page-design), the code runs perfectly stable. I asked a friend to look at this problem and researched for hours, with no result. I also checked, if theres anywhere a session_destroy operation in the code. Thx for the help.
<?php
require_once("models/config.php");
$debug=array();
if (isset($_POST["btnLogoff"]) )
{
if(isUserLoggedIn()) {$loggedInUser->userLogOut();};
}
$debug[]="before";
if(!empty($_POST)) {
$debug[]="before 2";
if (isset($_POST['btnLogin'])) {
$errors = array();
$username = trim($_POST["username"]);
$password = trim($_POST["password"]);
$remember_choice = trim($_POST["remember_me"]);
$debug[]="after";
//Perform some validation
//Feel free to edit / change as required
if($username == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
if($password == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}
//End data validation
if(count($errors) == 0)
{
//A security note here, never tell the user which credential was incorrect
if(!usernameExists($username))
{
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
}
else
{
$userdetails = fetchUserDetails($username);
//See if the user's account is activation
if($userdetails["active"]==0)
{
$errors[] = lang("ACCOUNT_INACTIVE");
}
else
{
//Hash the password and use the salt from the database to compare the password.
$entered_pass = generateHash($password,$userdetails["password"]);
if($entered_pass != $userdetails["password"])
{
//Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
}
else
{
//passwords match! we're good to go'
//Construct a new logged in user object
//Transfer some db data to the session object
$loggedInUser = new loggedInUser();
$loggedInUser->email = $userdetails["email"];
$loggedInUser->user_id = $userdetails["user_id"];
$user_id = $userdetails["user_id"];
$loggedInUser->hash_pw = $userdetails["password"];
$loggedInUser->display_username = $userdetails["username"];
$loggedInUser->clean_username = $userdetails["username_clean"];
$loggedInUser->strasse = $userdetails["strasse"];
$loggedInUser->anrede = $userdetails["anrede"];
$loggedInUser->vorname = $userdetails["vorname"];
$loggedInUser->name = $userdetails["name"];
$loggedInUser->plz = $userdetails["plz"];
$loggedInUser->ort = $userdetails["ort"];
$loggedInUser->geb_dat = $userdetails["geb_dat"];
$loggedInUser->tel_p = $userdetails["tel_p"];
$loggedInUser->tel_mob = $userdetails["tel_mob"];
$loggedInUser->tel_g = $userdetails["tel_g"];
$loggedInUser->eintritts_jahr = $userdetails["eintritts_jahr"];
$loggedInUser->vorstand = $userdetails["vorstand"];
$loggedInUser->vorstand_fkt = $userdetails["vorstand_fkt"];
$loggedInUser->mitgl_typ = $userdetails["mitgl_typ"];
$loggedInUser->fruhere_jahre = $userdetails["fruhere_jahre"];
$loggedInUser->anz_volker = $userdetails["anz_volker"];
$loggedInUser->beitrag_bez = $userdetails["beitrag_bez"];
$loggedInUser->last_sign_in = $userdetails["last_sign_in"];
$loggedInUser->systemVar = $userdetails["system"];
$loggedInUser->counter_showdata = "0";
$loggedInUser->group_id = $userdetails["group_id"];
$loggedInUser->remember_me = $remember_choice;
$loggedInUser->remember_me_sessid = generateHash(uniqid(rand(), true));
$debug[]=$remember_choice;
$debug[]="test2";
if($loggedInUser->remember_me == 0)
$_SESSION["userPieUser"] = $loggedInUser;
else if($loggedInUser->remember_me == 1) {
$db->sql_query("INSERT INTO ".$db_table_prefix."sessions VALUES('".time()."', '".serialize($loggedInUser)."', '".$loggedInUser->remember_me_sessid."')");
setcookie("userPieUser", $loggedInUser->remember_me_sessid, time()+parseLength($remember_me_length));
}
//Update last sign in
$last_sign_in = time();
$sql = "UPDATE Bienenusers
SET last_sign_in = '".$last_sign_in."'
WHERE user_id = '".$db->sql_escape(sanitize($user_id))."' " ;
$result=$db->sql_query($sql);
if (!$result)
{
$errors[]="Letztes Login-Datum aktualisieren fehlgeschlagen!";
die (mysql_error());
};
//Redirect to user account page
header("Location: home.php#Mitgliederbereich");
die();
}
}
}
}
}
}
And here the config file:
<?php
/*
UserPie Version: 1.0
http://userpie.com
*/
if(is_dir("install/"))
{
header("Location: install/");
die();
}
require_once("settings.php");
//Dbal Support - Thanks phpBB ; )
require_once("db/".$dbtype.".php");
//Construct a db instance
$db = new $sql_db();
if(is_array($db->sql_connect(
$db_host,
$db_user,
$db_pass,
$db_name,
$db_port,
false,
false
))) {
die("Unable to connect to the database");
}
if(!isset($language)) $langauge = "ger";
require_once("lang/".$langauge.".php");
require_once("class.user.php");
require_once("class.mail.php");
require_once("funcs.user.php");
require_once("funcs.general.php");
require_once("class.newuser.php");
//require_once("funcs.events.php");
//require_once("class.newevent.php");
session_start();
//Global User Object Var
//loggedInUser can be used globally if constructed
if(isset($_SESSION["userPieUser"]) && is_object($_SESSION["userPieUser"]))
$loggedInUser = $_SESSION["userPieUser"];
else if(isset($_COOKIE["userPieUser"])) {
$db->sql_query("SELECT session_data FROM ".$db_table_prefix."sessions WHERE session_id = '".$_COOKIE['userPieUser']."'");
$dbRes = $db->sql_fetchrowset();
if(empty($dbRes)) {
$loggedInUser = NULL;
setcookie("userPieUser", "", -parseLength($remember_me_length));
}
else {
$obj = $dbRes[0];
$loggedInUser = unserialize($obj["session_data"]);
}
}
else {
$db->sql_query("DELETE FROM ".$db_table_prefix."sessions WHERE ".time()." >= (session_start+".parseLength($remember_me_length).")");
$loggedInUser = NULL;
}
?>
Aucun commentaire:
Enregistrer un commentaire