gameguy43
12-22-2005, 06:49 PM
so nobody actually looked at my source when i posted last time, hopefully i'll be more successful thsi time.
problem:
in this block of code, the if is satisfied and gets run, but the else gets executed as well (the else that isnt properly indented). Weird, huh? i know thats what its doing tho, because the cookie recreates itself unless i comment out the else statement. Is there a way to fix this weird behavior of php?
//LOGIN
//set the login function
//make sure the pass is (md5) encrypted before passing it to the function
function login($user, $pass){
//see if you can grab perms under that username and pass
$result = mysql_query("SELECT `perms` FROM `users` WHERE `username` = '$user' and `pass` = '$pass'")
//(display a message if there is a mysql error)
or die("Error retrieving user info from the database, MYSQL said: " . mysql_error());
//if you can grab those perms, then their login info was correct
if(mysql_num_rows($result) > 0){
//set their username and perms to sessions
$_SESSION['user'] = $user;
$_SESSION['perms'] = mysql_result($result, 0);
//if they dont have a cookie with login info
if(!$_COOKIE['userpass']){
//give em one
setcookie("userpass", $user . "[[[---___BREAK___---]]]" . $pass, time() + 3024000);
}
//tell the script theyre now logged in
return TRUE;
}
else{
//tell the script they must have entered the wrong login info
return FALSE;
}
}
//set the logout function
function logout(){
//kill their sessions
$_SESSION['user'] = FALSE;
$_SESSION['perms'] = FALSE;
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
$_COOKIE = array();
session_unset();
session_destroy();
//kill the cookie with their login info
setcookie("userpass", "" , time() - 999999999999);
$_SESSION['response'] = $_SESSION['response'] . " passed the logout function." . "<br />\n";
return TRUE;
}
//grab the action
$action = $_GET['action'];
//if they wanted to log out
if($action == "logout"){
logout();
//tell them it all went according to plan
$_SESSION['response'] = $_SESSION['response'] . "You are now logged out." . "<br />\n";
}
else{
//if they already have a cookie with login info
if(isset($_COOKIE['userpass'])){
//separate the username from the pass
$userpass_array = explode("[[[---___BREAK___---]]]", $_COOKIE['userpass']);
//log them in
if(!login($userpass_array[0], $userpass_array[1])){
//but if their login info was wrong, kill the cookie
setcookie("userpass", "" , mktime(12,0,0,1, 1, 1990));
}
}
//if theyre logged in, double check their info
if(isset($_SESSION['user'])){
$result = mysql_query("SELECT * FROM `users` WHERE `username` = '" . $_SESSION['user'] . "'")
or die("Error getting your user info, MySQL said: " . mysql_error());
$user_info = mysql_fetch_array($result, MYSQL_ASSOC);
//as long as their account isnt frozen, theyre good
if($user_info[perms] != -1 && $user_info[username]){
$_SESSION['user'] = $user_info[username];
$_SESSION['perms'] = $user_info[perms];
}
//if their account became frozen or was deleted, log them out
else{
logout();
}
}
}
problem:
in this block of code, the if is satisfied and gets run, but the else gets executed as well (the else that isnt properly indented). Weird, huh? i know thats what its doing tho, because the cookie recreates itself unless i comment out the else statement. Is there a way to fix this weird behavior of php?
//LOGIN
//set the login function
//make sure the pass is (md5) encrypted before passing it to the function
function login($user, $pass){
//see if you can grab perms under that username and pass
$result = mysql_query("SELECT `perms` FROM `users` WHERE `username` = '$user' and `pass` = '$pass'")
//(display a message if there is a mysql error)
or die("Error retrieving user info from the database, MYSQL said: " . mysql_error());
//if you can grab those perms, then their login info was correct
if(mysql_num_rows($result) > 0){
//set their username and perms to sessions
$_SESSION['user'] = $user;
$_SESSION['perms'] = mysql_result($result, 0);
//if they dont have a cookie with login info
if(!$_COOKIE['userpass']){
//give em one
setcookie("userpass", $user . "[[[---___BREAK___---]]]" . $pass, time() + 3024000);
}
//tell the script theyre now logged in
return TRUE;
}
else{
//tell the script they must have entered the wrong login info
return FALSE;
}
}
//set the logout function
function logout(){
//kill their sessions
$_SESSION['user'] = FALSE;
$_SESSION['perms'] = FALSE;
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
$_COOKIE = array();
session_unset();
session_destroy();
//kill the cookie with their login info
setcookie("userpass", "" , time() - 999999999999);
$_SESSION['response'] = $_SESSION['response'] . " passed the logout function." . "<br />\n";
return TRUE;
}
//grab the action
$action = $_GET['action'];
//if they wanted to log out
if($action == "logout"){
logout();
//tell them it all went according to plan
$_SESSION['response'] = $_SESSION['response'] . "You are now logged out." . "<br />\n";
}
else{
//if they already have a cookie with login info
if(isset($_COOKIE['userpass'])){
//separate the username from the pass
$userpass_array = explode("[[[---___BREAK___---]]]", $_COOKIE['userpass']);
//log them in
if(!login($userpass_array[0], $userpass_array[1])){
//but if their login info was wrong, kill the cookie
setcookie("userpass", "" , mktime(12,0,0,1, 1, 1990));
}
}
//if theyre logged in, double check their info
if(isset($_SESSION['user'])){
$result = mysql_query("SELECT * FROM `users` WHERE `username` = '" . $_SESSION['user'] . "'")
or die("Error getting your user info, MySQL said: " . mysql_error());
$user_info = mysql_fetch_array($result, MYSQL_ASSOC);
//as long as their account isnt frozen, theyre good
if($user_info[perms] != -1 && $user_info[username]){
$_SESSION['user'] = $user_info[username];
$_SESSION['perms'] = $user_info[perms];
}
//if their account became frozen or was deleted, log them out
else{
logout();
}
}
}