i created login/register system scratch following various tutorials , reading articles online. system works there bug don't understand. when user tries login first time, returns error account not found, if user tries login again, proceeds logging in. tested if stores session cookie , turns out doesn't (at least not first time). next time user tries log in, stores cookie properly.
this first part of login script, 1 checks if captcha entered correct , sets session cookies , redirects user login page script checks if user exists.
<?php session_start(); $mode = $_get['mode']; if($mode == 'login') { require_once('recaptchalib.php'); $privatekey = "---"; $resp = recaptcha_check_answer ($privatekey, $_server["remote_addr"], $_post["recaptcha_challenge_field"], $_post["recaptcha_response_field"]); if (!$resp->is_valid) { // happens when captcha entered incorrectly header('location: http://cpalander.net/login.php?option=captcha'); } else { $user = $_post['username2']; $pass = $_post['password3']; $_session['pass3'] = $pass; $_session['user3'] = $user; header('location: http://cpalander.net/login.php?option=checkuser'); } die(); } else if($mode == 'sendticket') { require_once('recaptchalib.php'); $privatekey = "---"; $resp = recaptcha_check_answer ($privatekey, $_server["remote_addr"], $_post["recaptcha_challenge_field"], $_post["recaptcha_response_field"]); if (!$resp->is_valid) { // happens when captcha entered incorrectly header('location: http://cpalander.net/dashboard.php?option=sendticket&error=captcha'); } else { $subject = $_post['subject']; $message = $_post['message']; header('location: http://cpalander.net/dashboard.php?option=sendticket&subject=' . urlencode($subject) . '&message=' . urlencode($message)); } die(); } else { require_once('recaptchalib.php'); $privatekey = "---"; $resp = recaptcha_check_answer ($privatekey, $_server["remote_addr"], $_post["recaptcha_challenge_field"], $_post["recaptcha_response_field"]); if (!$resp->is_valid) { // happens when captcha entered incorrectly header('location: http://cpalander.net/register.php?option=captcha'); } else { $_session['user2'] = $_post['username']; $_session['pass2'] = $_post['password']; $_session['mail2'] = $_post['email']; header('location: http://cpalander.net/makeacc.php'); } die(); } ?> and part of code checks if user exists , redirects user in case of error:
<?php session_start(); $data = $_get["option"]; $user = $_session['user3']; $pass = $_session['pass3']; function generaterandomstring($length = 10) { $characters = '0123456789abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz'; $randomstring = ''; ($i = 0; $i < $length; $i++) { $randomstring .= $characters[rand(0, strlen($characters) - 1)]; } return $randomstring; } ?> <!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>....</head>... <body>... ...<?php if ($data == 'checkuser') { $user = $_session['user3']; $link = new mysqli('127.0.0.1', '*******', '*******', '*******'); if ($link->connect_errno) { die('failed connect mysql: (' . $mysqli->connect_errno . ') ' . $mysqli->connect_error); } $result = $link->query("select * users username='$user' , active=1 , banned=0"); $numrows = $result->num_rows; if($numrows == 0) { $link->close(); session_destroy(); echo '<meta http-equiv="refresh" content="0; url=login.php?option=notfound&user=' . $user . '">'; // part used check if $user variable set exit; } $row = $result->fetch_assoc(); $sid = $row['salt']; $pass_h = hash('sha256', $sid . $pass); $result = $link->query("select * users username='$user' , password='$pass_h' , active=1 , banned=0"); $numrows = $result->num_rows; if($numrows == 0) { $link->close(); session_destroy(); echo '<meta http-equiv="refresh" content="0; url=login.php?option=notfound">'; exit; } else { $link->close(); $_session['user'] = $user; echo '<meta http-equiv="refresh" content="0; url=dashboard.php?option=home&user=' . $user . '">'; exit; } $link->close(); }...</body> can me out on one? also, session_start(); on top of login page code.
session_start should present in files need access $_session variable. means, if acessing unrelated files, need add session_id() or session_start(); them (the session_id() or session_start(); part make sure dread session started warning doesn't show if require/include same file made in same request)
session_destroy() destroys session, might want session_unset() instead, since session_destroy() recreate session when session_start() anew called again. if want destroy session , start again, cross browser way call both session_unset() , session_destroy() (cough ie cough)
also, should take notice apart question itself, allowing xss vulnerability on code passing raw $_post data url without checking it.
Comments
Post a Comment