A
Anonymous
Guest
Once again, i come here to ask you guys something
I've got a problem with a logon system.
I've got this form to enter a password and a username and also a check box that says "remember my logon"; when the check box is checked, a cookie should by send and the next time you enter the website, it should log you on automatically.
When its not checked, the cookies will expire after 15 minutes. (this works)
The problem is when it's checked, it doesn't log you out on that website, but when i close my browser and re-enter it, i'm not logged in anymore...
Anyone wanna help me out?
Thanks!
I've got a problem with a logon system.
I've got this form to enter a password and a username and also a check box that says "remember my logon"; when the check box is checked, a cookie should by send and the next time you enter the website, it should log you on automatically.
When its not checked, the cookies will expire after 15 minutes. (this works)
The problem is when it's checked, it doesn't log you out on that website, but when i close my browser and re-enter it, i'm not logged in anymore...
Anyone wanna help me out?
Thanks!
Code:
/////////////////////////////////
/// Users' Profile Settings ///
/////////////////////////////////
$MyIP=$_SERVER['REMOTE_ADDR'];
if (getenv('REMOTE_ADDR') != "") {
$HostIP = @GetHostByAddr(getenv('REMOTE_ADDR'));
} else {
$HostIP = @GetHostByAddr($_SERVER['REMOTE_ADDR']);
}
// This user logged in or logging in?
// Set vars:
$IsLogged=False;
$MemberName="Guest";
$USR_TYPE="gst";
if($Action=="login"){
//////////////////////////////////////////////////////////
/// This guest is logging in, so validate post data ///
//////////////////////////////////////////////////////////
$GetUSR=$_POST['UserName'];
$GetPWD=md5($_POST['Password']); // Encrypt for data match
$result=MySQL_Query("SELECT Password, IsActive, IsBanned, USR_TYPE FROM tblUsers WHERE UserName='$GetUSR';");
$num=MySQL_Num_Rows($result);
if($num!=0){
//////////////////////////////////////////
// User exists, get data and process! //
//////////////////////////////////////////
$ThisPassword=MySQL_Result($result,0,"Password");
$TIsActive=MySQL_Result($result,0,"IsActive");
$TIsBanned=MySQL_Result($result,0,"IsBanned");
$USR_TYPE=MySQL_Result($result,0,"USR_TYPE");
if($TIsBanned!="true"){
// I'm not banned
if($GetPWD==$ThisPassword){
// Passwords match
if($TIsActive!="false"){
// I'm activated
$IsLogged=true;
if(IsSet($_POST['RememberLogon'])){
// Checkbox to remember logon is checked
// Create cookie without session time
setcookie("JPCS_PWD",$ThisPassword);
setcookie("JPCS_USR",$GetUSR);
} else{
// Checkbox is not checked
// Create cookie, expire after 15 minutes
setcookie("JPCS_PWD",$ThisPassword, time()+15*60); // 15 minutes
setcookie("JPCS_USR",$GetUSR, time()+15*60); // 15 minutes
}
$MemberName=$GetUSR; // Set my name
// Update Online list
$TimeSpan=time();
MySQL_Query("UPDATE tblUsers SET Time='$TimeSpan' WHERE UserName='$GetUSR';");
} else{
// I'm not activated!
$Page="inactive";
}
} else{
// Passwords didn't match
$Page="invalid_logon";
}
} else{
// I'm banned
$Page="banned";
}
} else{
// No such user here
$Page="invalid_logon";
}
} else{
//////////////////////////////////////////////////
/// Guest didn't login, so check for cookies ///
//////////////////////////////////////////////////
if(IsSet($_COOKIE['JPCS_USR']) && IsSet($_COOKIE['JPCS_PWD'])){
/// Check cookies:
$GetUSR=$_COOKIE['JPCS_USR'];
$GetPWD=$_COOKIE['JPCS_PWD'];
$result=MySQL_Query("SELECT Password, IsActive, IsBanned, USR_TYPE FROM tblUsers WHERE UserName='$GetUSR';");
$num=MySQL_Num_Rows($result);
if($num==0){
// UserName does not exists
// remove cookies:
setcookie("JPCS_USR","",time()-60);
setcookie("JPCS_PWD","",time()-60);
} else{
//////////////////////////////////////
// User exists, get data process! //
//////////////////////////////////////
$ThisPassword=MySQL_Result($result,0,"Password");
$TIsActive=MySQL_Result($result,0,"IsActive");
$TIsBanned=MySQL_Result($result,0,"IsBanned");
$USR_TYPE=MySQL_Result($result,0,"USR_TYPE");
if($TIsActive=="true"){
// I'm active
if($TIsBanned=="false"){
// I'm not banned
if($GetPWD==$ThisPassword){
// Password match
$IsLogged=true;
$MemberName=$GetUSR;
// Update Online list
$TimeSpan=time();
MySQL_Query("UPDATE tblUsers SET Time='$TimeSpan' WHERE UserName='$GetUSR';");
} else{
// Incorrect logon information, so
// Destroy cookies:
setcookie("JPCS_USR","",time()-60);
setcookie("JPCS_PWD","",time()-60);
}
} else{
// I'm banned
$Page="banned";
}
} else{
// I'm not activated
$Page="inactive";
}
}
}
}