I’m trying to write a class for authentication. I’ve got it going quite good but there are some problems I’m not shure how to deal with.
First, here's the idea: When the class is called, the constructor checks a session variable to see if the user is logged in. If not, it checks if a client-cookie is set. If the user is already logged in, the checksession function checks a database to see if ip matches and so on. If all that matces, the session is updated. If on the other hand a client-cookie is set, the cookie is compared to the database and if true, the session is updated. Now, when the user logs in, he can check a box if he wants to remembered. Then, a cookie is generated and sent to client. The problem is, a cookie seems to be generated, even if I don't check the check box. Further more, when I log in, the session seems to be set. When I refresh, a cookie that isn't supposed to exist is checked and the session variables don't work. Then if I refresh again the session is ok but cookie is not checked etc... If someone has the time it would be great if he or she could take a look at the code. Thanks in advance for any help. Class.auth.php ----------------------------------------- <?php class Auth { var $id=0; var $failed=false; var $debug; var $mysql=null; function auth($debug=0){ $this->debug=$debug; $this->mysql=dbConnect($debug); if ($_SESSION['logged']) { $this->_checkSession(); } elseif ( isset($_COOKIE['auth']) ) { $this->_checkRemembered($_COOKIE['auth']); } } function _checkLogin($username,$password,$remember){ if($this->debug) echo "<b>checking login...</b><br>"; if($remember="true"){ $remember=true; } else{ $remember=false; } $username=$this->mysqlEsc($username); $password=$this->mysqlEsc(md5($password)); if($this->mysql->query("SELECT * FROM member WHERE username=$username AND password=$password")){ if($this->mysql->num_rows() > 0){ while($this->mysql->movenext()){ $values=$this->mysql->getrow(); } $this->_setSession($values,$remember); return true; } else{ $this->failed=true; $this->_logout(); return false; } } else{ print "could not connect db."; } } function _setSession(&$values,$remember,$init=true){ if($this->debug) echo "<b>Setting session...</b><br>"; $this->id = $values[id]; if(!$values[cookie] && $remember==true){ $cookie=$this->generateCookie(); $_SESSION['cookie'] = $cookie; } else{ $_SESSION['cookie'] = $values[cookie]; $cookie=$values[cookie]; } $_SESSION['uid'] = $this->id; $_SESSION['username'] = htmlspecialchars($values[username]); $_SESSION['logged'] = true; if($remember==true) { $this->updateCookie($cookie, true); } if($init) { $session = $this->mysqlEsc(session_id()); $ip = $this->mysqlEsc($_SERVER['REMOTE_ADDR']); $sql = "UPDATE member SET session=$session, ip=$ip WHERE ". "id = $this->id"; $this->mysql->query($sql); } } function _checkSession() { if($this->debug) echo "<b>checking session...</b><br>"; $username = $this->mysqlEsc($_SESSION['username']); $cookie = $this->mysqlEsc($_SESSION['cookie']); $session = $this->mysqlEsc(session_id()); $ip = $this->mysqlEsc($_SERVER['REMOTE_ADDR']); $sql = "SELECT * FROM member WHERE " . "(username = $username) AND (cookie = $cookie) AND " . "(session = $session) AND (ip = $ip)"; if($this->mysql->query($sql)){ while($this->mysql->movenext()){ $result=$this->mysql->getrow(); } } if (is_object($result) ) { $this->_setSession($result, false, false); } else{ $this->_logout(); } } function updateCookie($cookie, $save) { if($this->debug) echo "<b>Updating cookie...</b><br>"; $_SESSION['cookie'] = $cookie; if ($save) { $cookie=$this->mysqlEsc($cookie); $sql = "UPDATE member SET cookie=$cookie WHERE ". "id = $this->id"; $this->mysql->query($sql); $cookie = base64_encode(serialize(array($_SESSION['username'], $cookie))); setcookie('auth', $cookie, time() + 31104000, '/', 'www.reddast.is'); } } function generateCookie(){ if($this->debug) echo "<b>Generating cookie...</b><br>"; $cookie=md5(uniqid(mt_rand(1, mt_getrandmax()))); return $cookie; } function deleteCookie($name) { if (!headers_sent() ) { if($this->debug) echo "<b>Deleting cookie...</b><br>"; $id=$this->mysqlEsc($this->id); $sql = "UPDATE member SET cookie='' WHERE ". "id = $this->id"; $this->mysql->query($sql); setcookie($name, 'bogus', time() - 3600, '/'); } } function _checkRemembered($cookie) { $cookie=base64_decode($cookie); if($this->debug) echo "<b>checking cookie ".$cookie."...</b><br>"; list($username, $cookie) = @unserialize($cookie); if (!$username or !$cookie){ if($this->debug) echo "<b>Cookie does not exist...</b><br>"; return; } $username = $this->mysqlEsc($username); //$cookie = $this->mysqlEsc($cookie); $sql = "SELECT * FROM member WHERE " . "(username = $username) AND (cookie = $cookie)"; if($this->mysql->query($sql)){ while($this->mysql->movenext()){ $result=$this->mysql->getrow(); } } if ($this->mysql->hm) { if($this->debug) echo "<b>Cookie exists...</b><br>"; $this->_setSession($result, true); } } function proxyIp($ip){ $ip = explode('.', $ip); array_pop($ip); $ip = implode('.', $ip); return $ip; } function _logout(){ sessionDefaults(); } function mysqlEsc($str){ return("'".mysql_escape_string($str)."'"); } } ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php