Mój pierwszy post wiąże sie z problemem na stronie www.e-kotwica.pl/klan
Wczoraj spotkała mnie niemiła niespodzianka.
Otóż zakończyła mi sie sesja. Zalogowałem sie ponownie, wyświetliło mi komunikat "Zalogowano pomyślnie", a potem... dalej byłem niezalogowany. Pomoże ktoś?
PS. Z tymi ? zamiast polskich liter to kwestia zmiany metody porównywania w MySQL, wiem jak to naprawić.
Kod:
login.php:
CODE
<?php
$_language->read_module('login');
if($loggedin) {
$username='<a href="index.php?site=profile&id='.$userID.'"><b>'.strip_tags(getnickname($userID)).'</b></a>';
if(isanyadmin($userID)) $admin='• <a href="admin/admincenter.php" target="_blank">'.$_language->module['admin'].'</a><br />';
else $admin='';
if(isclanmember($userID) or iscashadmin($userID)) $cashbox='• <a href="index.php?site=cash_box">'.$_language->module['cash-box'].'</a><br />';
else $cashbox='';
$anz=getnewmessages($userID);
if($anz) {
$newmessages=' (<b>'.$anz.'</b>)';
}
else $newmessages='';
if($getavatar = getavatar($userID)) $l_avatar='<img src="images/avatars/'.$getavatar.'" alt="Avatar" />';
else $l_avatar=$_language->module['n_a'];
eval ("\$logged = \"".gettemplate("logged")."\";");
echo $logged;
}
else {
//set sessiontest variable (checks if session works correctly)
$_SESSION['ws_sessiontest'] = true;
eval ("\$loginform = \"".gettemplate("login")."\";");
echo $loginform;
}
?>
$_language->read_module('login');
if($loggedin) {
$username='<a href="index.php?site=profile&id='.$userID.'"><b>'.strip_tags(getnickname($userID)).'</b></a>';
if(isanyadmin($userID)) $admin='• <a href="admin/admincenter.php" target="_blank">'.$_language->module['admin'].'</a><br />';
else $admin='';
if(isclanmember($userID) or iscashadmin($userID)) $cashbox='• <a href="index.php?site=cash_box">'.$_language->module['cash-box'].'</a><br />';
else $cashbox='';
$anz=getnewmessages($userID);
if($anz) {
$newmessages=' (<b>'.$anz.'</b>)';
}
else $newmessages='';
if($getavatar = getavatar($userID)) $l_avatar='<img src="images/avatars/'.$getavatar.'" alt="Avatar" />';
else $l_avatar=$_language->module['n_a'];
eval ("\$logged = \"".gettemplate("logged")."\";");
echo $logged;
}
else {
//set sessiontest variable (checks if session works correctly)
$_SESSION['ws_sessiontest'] = true;
eval ("\$loginform = \"".gettemplate("login")."\";");
echo $loginform;
}
?>
checklogin.php:
CODE
<?php
include("_mysql.php");
include("_settings.php");
// copy pagelock information for session test + deactivated pagelock for checklogin
$closed_tmp = $closed;
$closed = 0;
include("_functions.php");
//settings
$sleep = 1; //idle status for script if password is wrong?
//settings end
$_language->read_module('checklogin');
$get = safe_query("SELECT * FROM ".PREFIX."banned_ips WHERE ip='".$GLOBALS['ip']."'");
if(mysql_num_rows($get) == 0){
$ws_pwd = md5(stripslashes($_POST['pwd']));
$ws_user = $_POST['ws_user'];
$check = safe_query("SELECT * FROM ".PREFIX."user WHERE username='".$ws_user."'");
$anz = mysql_num_rows($check);
$login = 0;
if(!$closed_tmp AND !isset($_SESSION['ws_sessiontest'])) {
$error = $_language->module['session_error'];
}
else {
if($anz) {
$check = safe_query("SELECT * FROM ".PREFIX."user WHERE username='".$ws_user."' AND activated='1'");
if(mysql_num_rows($check)) {
$ds=mysql_fetch_array($check);
// check password
$login = 0;
if($ws_pwd == $ds['password']) {
//session
$_SESSION['ws_auth'] = $ds['userID'].":".$ws_pwd;
$_SESSION['ws_lastlogin'] = $ds['lastlogin'];
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
//remove sessiontest variable
if(isset($_SESSION['ws_sessiontest'])) unset($_SESSION['ws_sessiontest']);
//cookie
setcookie("ws_auth", $ds['userID'].":".$ws_pwd, time()+($sessionduration*60*60));
//Delete visitor with same IP from whoisonline
safe_query("DELETE FROM ".PREFIX."whoisonline WHERE ip='".$GLOBALS['ip']."'");
//Delete IP from failed logins
safe_query("DELETE FROM ".PREFIX."failed_login_attempts WHERE ip = '".$GLOBALS['ip']."'");
$login = 1;
$error = $_language->module['login_successful'];
}
elseif(!($ws_pwd == $ds['password'])) {
if($sleep) sleep(5);
$get = safe_query("SELECT wrong FROM ".PREFIX."failed_login_attempts WHERE ip = '".$GLOBALS['ip']."'");
if(mysql_num_rows($get)){
safe_query("UPDATE ".PREFIX."failed_login_attempts SET wrong = wrong+1 WHERE ip = '".$GLOBALS['ip']."'");
}
else{
safe_query("INSERT INTO ".PREFIX."failed_login_attempts (ip,wrong) VALUES ('".$GLOBALS['ip']."',1)");
}
$get = safe_query("SELECT wrong FROM ".PREFIX."failed_login_attempts WHERE ip = '".$GLOBALS['ip']."'");
if(mysql_num_rows($get)){
$ban = mysql_fetch_assoc($get);
if($ban['wrong'] == $max_wrong_pw){
$bantime = time() + (60*60*3); // 3 hours
safe_query("INSERT INTO ".PREFIX."banned_ips (ip,deltime,reason) VALUES ('".$GLOBALS['ip']."',".$bantime.",'Possible brute force attack')");
safe_query("DELETE FROM ".PREFIX."failed_login_attempts WHERE ip = '".$GLOBALS['ip']."'");
}
}
$error= $_language->module['invalid_password'];
}
}
else $error= $_language->module['not_activated'];
}
else $error=str_replace('%username%', htmlspecialchars($ws_user), $_language->module['no_user']);
}
}
else{
$login = 0;
$data = mysql_fetch_assoc($get);
$error = str_replace('%reason%', $data['reason'], $_language->module['ip_banned']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="Clanpage using webSPELL 4 CMS" />
<meta name="author" content="webspell.org" />
<meta name="keywords" content="webspell, webspell4, clan, cms" />
<meta name="copyright" content="Copyright © 2005 - 2009 by webspell.org" />
<meta name="generator" content="webSPELL" />
<title><?php echo PAGETITLE; ?></title>
<link href="_stylesheet.css" rel="stylesheet" type="text/css" />
<?php if($login) { echo '<meta http-equiv="refresh" content="1;URL=index.php?site=loginoverview" />'; } ?>
</head>
<body bgcolor="<?php echo PAGEBG; ?>">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td height="500" align="center">
<table width="350" border="0" cellpadding="10" cellspacing="0" style="border:1px solid <?php echo BORDER; ?>" bgcolor="<?php echo BG_1; ?>">
<tr>
<td align="center"><?php echo $error; ?></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
include("_mysql.php");
include("_settings.php");
// copy pagelock information for session test + deactivated pagelock for checklogin
$closed_tmp = $closed;
$closed = 0;
include("_functions.php");
//settings
$sleep = 1; //idle status for script if password is wrong?
//settings end
$_language->read_module('checklogin');
$get = safe_query("SELECT * FROM ".PREFIX."banned_ips WHERE ip='".$GLOBALS['ip']."'");
if(mysql_num_rows($get) == 0){
$ws_pwd = md5(stripslashes($_POST['pwd']));
$ws_user = $_POST['ws_user'];
$check = safe_query("SELECT * FROM ".PREFIX."user WHERE username='".$ws_user."'");
$anz = mysql_num_rows($check);
$login = 0;
if(!$closed_tmp AND !isset($_SESSION['ws_sessiontest'])) {
$error = $_language->module['session_error'];
}
else {
if($anz) {
$check = safe_query("SELECT * FROM ".PREFIX."user WHERE username='".$ws_user."' AND activated='1'");
if(mysql_num_rows($check)) {
$ds=mysql_fetch_array($check);
// check password
$login = 0;
if($ws_pwd == $ds['password']) {
//session
$_SESSION['ws_auth'] = $ds['userID'].":".$ws_pwd;
$_SESSION['ws_lastlogin'] = $ds['lastlogin'];
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
//remove sessiontest variable
if(isset($_SESSION['ws_sessiontest'])) unset($_SESSION['ws_sessiontest']);
//cookie
setcookie("ws_auth", $ds['userID'].":".$ws_pwd, time()+($sessionduration*60*60));
//Delete visitor with same IP from whoisonline
safe_query("DELETE FROM ".PREFIX."whoisonline WHERE ip='".$GLOBALS['ip']."'");
//Delete IP from failed logins
safe_query("DELETE FROM ".PREFIX."failed_login_attempts WHERE ip = '".$GLOBALS['ip']."'");
$login = 1;
$error = $_language->module['login_successful'];
}
elseif(!($ws_pwd == $ds['password'])) {
if($sleep) sleep(5);
$get = safe_query("SELECT wrong FROM ".PREFIX."failed_login_attempts WHERE ip = '".$GLOBALS['ip']."'");
if(mysql_num_rows($get)){
safe_query("UPDATE ".PREFIX."failed_login_attempts SET wrong = wrong+1 WHERE ip = '".$GLOBALS['ip']."'");
}
else{
safe_query("INSERT INTO ".PREFIX."failed_login_attempts (ip,wrong) VALUES ('".$GLOBALS['ip']."',1)");
}
$get = safe_query("SELECT wrong FROM ".PREFIX."failed_login_attempts WHERE ip = '".$GLOBALS['ip']."'");
if(mysql_num_rows($get)){
$ban = mysql_fetch_assoc($get);
if($ban['wrong'] == $max_wrong_pw){
$bantime = time() + (60*60*3); // 3 hours
safe_query("INSERT INTO ".PREFIX."banned_ips (ip,deltime,reason) VALUES ('".$GLOBALS['ip']."',".$bantime.",'Possible brute force attack')");
safe_query("DELETE FROM ".PREFIX."failed_login_attempts WHERE ip = '".$GLOBALS['ip']."'");
}
}
$error= $_language->module['invalid_password'];
}
}
else $error= $_language->module['not_activated'];
}
else $error=str_replace('%username%', htmlspecialchars($ws_user), $_language->module['no_user']);
}
}
else{
$login = 0;
$data = mysql_fetch_assoc($get);
$error = str_replace('%reason%', $data['reason'], $_language->module['ip_banned']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="Clanpage using webSPELL 4 CMS" />
<meta name="author" content="webspell.org" />
<meta name="keywords" content="webspell, webspell4, clan, cms" />
<meta name="copyright" content="Copyright © 2005 - 2009 by webspell.org" />
<meta name="generator" content="webSPELL" />
<title><?php echo PAGETITLE; ?></title>
<link href="_stylesheet.css" rel="stylesheet" type="text/css" />
<?php if($login) { echo '<meta http-equiv="refresh" content="1;URL=index.php?site=loginoverview" />'; } ?>
</head>
<body bgcolor="<?php echo PAGEBG; ?>">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td height="500" align="center">
<table width="350" border="0" cellpadding="10" cellspacing="0" style="border:1px solid <?php echo BORDER; ?>" bgcolor="<?php echo BG_1; ?>">
<tr>
<td align="center"><?php echo $error; ?></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>