login script creates lots of temp files in TMP folder!

A

Anonymous

Guest
The following script are for some reason creating a lot of .wrk files in the servers /TMP folder, and i have been told to stop using my scripts, now no one can login, please help.

I am after just a simple yet secure login script that checks login name and password in a mysql database is that that was typed in and if so allows the signed member to view the page

these are the scripts i have at the moment.

thanks in advance for any help.

Code: 
<? // mypage.php
session_start();
// my secure page
include("checkloggedin.php");
if (!isset($_SESSION['username'])) {
include("loginbox.php");
} else {
// show the page
echo ("logged in");
}
?>

i have the following that are the scripts i was given along time ago.

Code: 
<?php //auth.php
session_start();
// still need to sanitise login inputs, auth.php file
header("Cache-control: private");
include("dbconfigfile.php");

if($_POST) {
	$_SESSION['username'] = trim($_POST[username]);
	$password = trim($_POST[password]);
	$res = mysql_query("SELECT username FROM admins WHERE username = '".$_SESSION['username']."' AND passwordfield = '$password' LIMIT 1") or die(mysql_error());

		//if user is valid
		if(mysql_num_rows($res) == 1) {
		$datetimenow = time();
		$res = mysql_query("UPDATE admins SET lastloginip = '$ip',  lastlogindatetime = '$datetimenow' WHERE username = '".$_SESSION['username']."' LIMIT 1") or die(mysql_error());
		header("Location: index.php" . $_SESSION['gets']);
		} else {
			unset($_SESSION['username']);
			header("Location: index.php");
			}

} elseif (isset($_SESSION['username'])) {
$res = mysql_query("SELECT lastlogindatetime FROM admins WHERE username = '".$_SESSION['username']."' LIMIT 1") or die(mysql_error());
$lastlogin = mysql_result( $res, 0 ,'lastlogindatetime');
$datetimenow = time();
$dif = $datetimenow - $lastlogin;  // this is the line that needs the function to work out the difference.
	if ($dif >= $maxtimeonline) {
	echo('dif '.$dif.' timenow '.$timenow.' was '.$lastlogindatetime);
	unset($_SESSION['username']);
	header("Location: index.php");
	} else {
	$res = mysql_query("UPDATE admins SET lastloginip = '$ip',  lastlogindatetime = '$datetimenow' WHERE username = '".$_SESSION['username']."' LIMIT 1") or die(mysql_error());
	header("Location: index.php" . $_SESSION['gets']);
	}
}
mysql_close;
?>

Code: 
<? // checkloggedin.php
if (isset($_SESSION['username'])) {
$res = mysql_query("SELECT lastlogindatetime FROM admins WHERE username='".$_SESSION['username']."' LIMIT 1") or die(mysql_error());
$lastlogin = mysql_result( $res, 0 ,'lastlogindatetime');
$datetimenow = time();
$dif = $datetimenow - $lastlogin;
// setup ukdatetime in readable format ukdatetime
$ukdatetime = date("D j M Y G:i:s T");
echo("checkloggedin " . $lastlogin . '^' . $datetimenow . '^' . $dif);
	if ($dif >= $maxtimeonline) {
	unset($_SESSION['username']);
	} else {
	$res = mysql_query("UPDATE admins SET lastloginip = '$ip', lastlogindatetime = '$datetimenow', ukdatetime = '$ukdatetime' WHERE username = '".$_SESSION['username']."' LIMIT 1") or die(mysql_error());
	}
}
?>

loginbox.php
Code: 
<form name="loginbox" method="post" action="auth.php<? echo($_SESSION['gets'])?>">
  <table width="100%" style="border-collapse: collapse; border-width: 0">
    <tr> 
      <td width="10%" bgcolor="#000000"> <div align="center"><strong><font color="#FFCC66" size="2">.: 
          Login :.</font></strong></div></td>
      <td width="5%" bgcolor="#FFCC66"> </td>
      <td width="31%" bgcolor="#FFCC66"><font size="2"><strong>Username:</strong></font><font size="2"> 
        <input type="text" name="username" size=17>
        </font></td>
      <td width="29%" bgcolor="#FFCC66"> <div align="left"><font size="2"><strong>Password:</strong></font><font size="2"> 
          <input type="password" name="password" size=17>
          </font></div></td>
      <td width="25%" align="center" bgcolor="#FFCC66"><font size="2"> 
        <input type="submit" name="login" value="Log In">
        <br>
        <a href="index.php?ac=fp">forgot password</a></font></td>
    </tr>
  </table>
</form>

Code: 
<?php // logout.php
session_start();
$_SESSION = array();
session_destroy();
flush();
header("Location: index.php");
exit;
?>
 
Many servers save the sessions in the tmp folder. You can configure it in the php.ini. afaik is the standard directory for saving sessionvariables the tmp folder. So it isn't bad that there are many temp files.
 
how do i config it? or what do i tell my host to do! be nice! ;-)

thanks

how do i find out if it is already config'd without asking them? is it shown in the php system vars file that you can access via a php command, i can not remember off hand what it is but remember using it once before.
 
Just make a php file with the function phpinfo()
save this and upload it to your server.
then search for: save_path in the category session and then you will see, where they will be saved.
 
You must log in or register to reply here.
Back
Top