This won't set the cookies for a long period of time, just while the browser is open. Know what is wrong?
PHP Code:
<?
if (isset($_SESSION['db_is_logged_in']))
{
echo ("<center>Welcome <b> $_SESSION[username]</b>");
echo ("<br><center><a href=\"logout.php\">LogOut</a></center>");
}
Else
{
if (isset($_COOKIE['UserName']) && isset($_COOKIE['PassWord']))
{
include 'config2.php';
$userId = $_COOKIE['UserName'];
$password = $_COOKIE['PassWord'];
$password3=decrypt($password, $IV);
$password2 = md5($password3);
// check if the user id and password combination exist in database
$sql = "SELECT mgroup
FROM ibf_members
WHERE name = '$userId'
AND password = '$password2'";
$result = @mysql_query($sql);
//or die('Query failed. ' . mysql_error());
//=== DEBUG ===
// print("Rows: " . mysql_num_rows($result));
// exit;
//=== DEBUG ===
if( mysql_num_rows($result) == 1 )
{
// the user id and password match,
// set the session
$_SESSION['db_is_logged_in'] = true;
$_SESSION['username'] = $userId;
if( $row = mysql_fetch_object($result) )
{
if( $row->mgroup == "4" )
$_SESSION['admin_is_logged_in'] = true;
}
mysql_free_result($result);
// after login we move to the main page
createformandsubmit($userId, $password3);
}
else
RedirWithError('Invalid Login', 'index.php');
}
if (isset($_POST['UserName']) && isset($_POST['PassWord']))
{
include 'config2.php';
$userId = $_POST['UserName'];
$password = $_POST['PassWord'];
$password2 = md5($password);
$IV = '';
$password3 = encrypt($password, $IV);
// check if the user id and password combination exist in database
$sql = "SELECT mgroup
FROM ibf_members
WHERE name = '$userId'
AND password = '$password2'";
$result = @mysql_query($sql);
//or die('Query failed. ' . mysql_error());
//=== DEBUG ===
// print("Rows: " . mysql_num_rows($result));
// exit;
//=== DEBUG ===
if( mysql_num_rows($result) == 1 )
{
// the user id and password match,
// set the session
$_SESSION['db_is_logged_in'] = true;
$_SESSION['username'] = $userId;
setcookie("UserName", "$userId", time()+2147483647);
setcookie("PassWord", "$password3", time()+2147483647);
if( $row = mysql_fetch_object($result) )
{
if( $row->mgroup == "4" )
$_SESSION['admin_is_logged_in'] = true;
}
mysql_free_result($result);
// after login we move to the main page
createformandsubmit($userId, $password);
}
else
RedirWithError('Invalid Login', 'index.php');
}
else
{
echo ("<form action=\"loginproc.php\" method=\"post\" name=\"LOGIN\">");
echo ("<input type=\"hidden\" name=\"referer\" value=\"http://www.nerdhq.net/forum/index.php\" />");
echo ("<input type=\"hidden\" name=\"return\" value=\"http://www.nerdhq.net/\" />");
echo ("<input type=\"hidden\" name=\"Privacy\" value=\"1\" />");
echo (" <table class=\"tablebasic\" cellspacing=\"0\" width=\"100\">");
echo ("");
echo (" <tr>");
echo (" <td class=\"pformleftw\">Username</td>");
echo (" <td class=\"pformright\"><input type=\"text\" size=\"15\" maxlength=\"64\" name=\"UserName\" class=\"forminput\"></td>");
echo (" </tr>");
echo (" <tr>");
echo (" <td class=\"pformleftw\">Password</td>");
echo (" <td class=\"pformright\"><input type=\"password\" size=\"15\" name=\"PassWord\" class=\"forminput\" /></td>");
echo (" </tr>");
echo ("");
echo (" </table>");
echo (" <div class=\"pformstrip\">Options</div> ");
echo (" <table class=\"tablebasic\" cellspacing=\"1\" align=\"center\">");
echo (" <tr><td><b>Remember Me</b></td>");
echo (" <td class=\"pformright\"><input type=\"radio\" name=\"CookieDate\" value=\"1\" checked=\"checked\">Yes<br />");
echo ("<input type=\"radio\" name=\"CookieDate\" value=\"0\" />No</td>");
echo ("");
echo (" </tr>");
echo ("");
echo (" </table> ");
echo (" <center><input type=\"submit\" name=\"submit\" value=\"Log me in\" class=\"forminput\"></center>");
echo ("</form><center><a href=\"../forum/index.php?act=Reg&CODE=00\">Register</a></center> ");
}
}
//=======================================================================
function RedirWithError( $iErrorMessage, $iRedirURL )
{
$_SESSION["errMsg"] = trim($iErrorMessage);
header("Location: $iRedirURL");
exit;
}
//Encryption
function encrypt($input, &$iv) // Pass IV by reference
{
$key = "5s4d2d9s8g8d9f9329d9f9j";
$td = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_ECB, '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$iv = trim(base64_encode($iv));
return trim(base64_encode($encrypted_data));
}
//Decryption
function decrypt($input, $iv)
{
$key = "5s4d2d9s8g8d9f9329d9f9j";
$input = base64_decode($input);
$iv = base64_decode($iv);
$td = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($td, $key, $iv);
$decrypt = trim(mdecrypt_generic($td, $input));
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $decrypt;
}
function createformandsubmit ( $iUserName, $iPassword )
{
?>
<html>
<head>
</head>
<body onload="document.LOGIN.submit();">
<form action="../forum/index.php?act=Login&CODE=01" method="post" name="LOGIN">
<input type="hidden" name="referer" value="<?=($_SERVER["HTTP_REFERER"])?>" />
<input type="hidden" name="return" value="http://nerdhq.net/index.php" />
<input type="hidden" name="Privacy" value="0" />
<input type="hidden" name="UserName" value="<?=($iUserName)?>" />
<input type="hidden" name="PassWord" value="<?=($iPassword)?>" />
</form>
</body>
</html>
<?
exit;
}
?>