Login of death |
 Mar 7 2010, 01:56 PM
Post
#1
|
|
|
Senior Member  Group: Member Posts: 1,237 Joined: May 2008 Member No: 648,123  |
I think I'm having a brain fart or something, because why this isn't working is completely passing me by. Oddly, about an hour ago it worked perfectly. I don't even remember changing anything.
Anyway, the script below is what I'm using to login to an application. It uses jQuery to send a request and check the database if the username/password exist. If it does, it sets a cookie and outputs "1". Back in jQuery, if the output is "1", it sends a post request to the same URL with "?true" tacked onto the URL. PHP checks if the cookie exists (if it doesn't, the script exits and jQuery redirects back to the login page), then goes through a bunch of database stuff in the "reset" class. If the request was made by jQuery, output "1" again and send the user to their account. If JavaScript is turned off, just do a header redirect to their account. I do two requests, because while it's doing the queries, a loading animation plays as it could take a while depending on how much is in the database. My problem is that suddenly the cookie isn't being set, which is causing the second request to fail and reload the login page. It's bugging me to no ends. :( Here's the part of the script that matters. For all intents and purposes, no HTML output occurs before this. It's just defining variables and constants. Any ideas are much appreciated! :) CODE <?php
if(isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] == 'true') { if(isset($_COOKIE['fms-user'])) { new reset(); if(isset($_POST['logged-in'])) echo 1; else header('Location: ' . ADMIN . '/dashboard'); exit; } header('Location: ' . ADMIN . '/login'); } setcookie('user', '', TIME - 3600, SITE); session_destroy(); session_start(); if(!empty($_POST)) { if($_SERVER['QUERY_STRING'] != 'forgot' && $stmt = $sql->prepare("SELECT `id`, `permissions` FROM `{$table}_users` WHERE `user` = ? AND `pass` = ?")) { $stmt->bind_param('ss', $_POST['user'], md5(sha1($_POST['pass']))); $stmt->execute(); $stmt->bind_result($id, $p); $stmt->fetch(); $stmt->close(); if($id > 0) { setcookie('user', $id, (isset($_POST['keep']) ? TIME + 2592000 : 0), SITE); $_SESSION['user']['permissions'] = $p; if(isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] == 'login') echo 1; else header('Location: ' . ADMIN . '/login?true'); exit; } else { $error = '<p class="error"><strong>Error</strong> ' . $error[1] . "</p>\n"; if(isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] == 'login') { echo $error; exit; } } } ... } |
|
|
|
 |
Replies
|
Mar 8 2010, 11:12 AM
Post
#2
|
|
 Senior Member Group: Staff Alumni Posts: 4,665 Joined: Aug 2008 Member No: 676,364 |
Closed&Moved to resolved.
|
|
|
|
Posts in this topic
fixtatik Login of death Mar 7 2010, 01:56 PM
fixtatik Nevermind; turns out there was a small error in th... Mar 8 2010, 08:20 AM
 |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members: