 |
boardom
b2 message board
|
| View previous topic :: View next topic |
| Author |
Message |
Cyberian75
Joined: 26 Sep 2002
Posts: 1285
Location: Oregon
|
 Posted: Tue Dec 09, 2003 4:45 am Post subject: Logout cookie error causing login problem |
 |
|
The username and password cookies should be deleted from your system when you click on "logout" so that it doesn't generate "wrong username/password" error when you try to relogin with a different username/password. However, this isn't happening.
In b2login.php file under "logout" (action) section...
Locate:
| Code: |
setcookie("cafeloguser", $user_login, time()+30000000);
setcookie("cafelogpass", $user_pass, time()+30000000);
|
Replace it with:
| Code: |
setcookie("cafeloguser", "", time()-31536000);
setcookie("cafelogpass", "", time()-31536000);
|
_________________
Michael P.
 |
|
| Back to top |
|
 |
Cyberian75
Joined: 26 Sep 2002
Posts: 1285
Location: Oregon
|
| Posted: Mon Jan 26, 2004 1:57 am Post subject: |
|
|
Also, add in your domain and b2 directory into every instance of the setcookie function in b2login.php file -- especially if you have multiple b2 installed on the same domain -- to differentiate each blog in their own directories.
Example:
setcookie("cafeloguser", $user_login, time()+31536000, "yourdomain.com/b2mike");
_________________
Michael P.
|
|
| Back to top |
|
|
MemberNo.817
Joined: 08 Feb 2004
Posts: 3
Location: bayarea
|
| Posted: Sun Feb 08, 2004 1:23 pm Post subject: |
|
|
| that doesn't work for me. i tried doing it for both, then only for one and the closest i can get is one b2 account will logon but the other one wont. |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1285
Location: Oregon
|
| Posted: Sun Feb 08, 2004 7:24 pm Post subject: |
|
|
Did you change every instance of it in b2login.php? Altogether, there are about 5 instances of setcookie functiion in that file.
_________________
Michael P.
|
|
| Back to top |
|
|
MemberNo.817
Joined: 08 Feb 2004
Posts: 3
Location: bayarea
|
| Posted: Sun Feb 08, 2004 10:35 pm Post subject: |
|
|
yah i tried it. do i do it for both accounts for it to work. i tired that too. hmm... here's my codes.
| Code: |
<?php
require('./b2config.php');
require_once($b2inc.'/b2template.functions.php');
require_once($b2inc.'/b2functions.php');
require_once($b2inc.'/b2vars.php');
if (!function_exists('add_magic_quotes')) {
function add_magic_quotes($array) {
foreach ($array as $k => $v) {
if (is_array($v)) {
$array[$k] = add_magic_quotes($v);
} else {
$array[$k] = addslashes($v);
}
}
return $array;
}
}
if (!get_magic_quotes_gpc()) {
$HTTP_GET_VARS = add_magic_quotes($HTTP_GET_VARS);
$HTTP_POST_VARS = add_magic_quotes($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS);
}
$b2varstoreset = array('action','mode','error','text','popupurl','popuptitle');
for ($i = 0; $i < count($b2varstoreset); $i = $i + 1) {
$b2var = $b2varstoreset[$i];
if (!isset($$b2var)) {
if (empty($HTTP_POST_VARS["$b2var"])) {
if (empty($HTTP_GET_VARS["$b2var"])) {
$$b2var = '';
} else {
$$b2var = $HTTP_GET_VARS["$b2var"];
}
} else {
$$b2var = $HTTP_POST_VARS["$b2var"];
}
}
}
/* connecting the db */
$connexion = @mysql_connect($server,$loginsql,$passsql) or die("Can't connect to the database<br>".mysql_error());
mysql_select_db("$base");
switch($action) {
case "logout":
setcookie("cafeloguser", "eightoneseven.com/expel/b2");
setcookie("cafelogpass", "eightoneseven.com/expel/b2");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate"); // for HTTP/1.1
header("Pragma: no-cache");
if ($is_IIS) {
header("Refresh: 0;url=b2login.php");
} else {
header("Location: b2login.php");
}
exit();
break;
case "login":
if(!empty($HTTP_POST_VARS)) {
$log = $HTTP_POST_VARS["log"];
$pwd = $HTTP_POST_VARS["pwd"];
$redirect_to = $HTTP_POST_VARS["redirect_to"];
}
function login() {
global $server,$loginsql,$passsql,$base,$log,$pwd,$error,$user_ID;
global $tableusers, $pass_is_md5;
$user_login=$log;
$password=$pwd;
if (!$user_login) {
$error="<b>ERROR</b>: the login field is empty";
return false;
}
if (!$password) {
$error="<b>ERROR</b>: the password field is empty";
return false;
}
if (substr($password,0,4)=="md5:") {
$pass_is_md5 = 1;
$password = substr($password,4,strlen($password));
$query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND MD5(user_pass) = '$password' ";
} else {
$pass_is_md5 = 0;
$query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND user_pass = '$password' ";
}
$result = mysql_query($query) or die("Incorrect Login/Password request: ".mysql_error());
$lines = mysql_num_rows($result);
if ($lines<1) {
$error="<b>ERROR</b>: wrong login or password";
$pwd="";
return false;
} else {
$res=mysql_fetch_row($result);
$user_ID=$res[0];
if (($pass_is_md5==0 && $res[1]==$user_login && $res[2]==$password) || ($pass_is_md5==1 && $res[1]==$user_login && md5($res[2])==$password)) {
return true;
} else {
$error="<b>ERROR</b>: wrong login or password";
$pwd="";
return false;
}
}
}
if (!login()) {
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
if ($is_IIS) {
header("Refresh: 0;url=b2login.php");
} else {
header("Location: b2login.php");
}
exit();
} else {
$user_login=$log;
$user_pass=$pwd;
setcookie("cafeloguser",$user_login,time()+31536000, "eightoneseven.com/expel/b2");
if ($pass_is_md5) {
setcookie("cafelogpass",$user_pass,time()+31536000, "eightoneseven.com/expel/b2");
} else {
setcookie("cafelogpass",md5($user_pass),time()+31536000, "eightoneseven.com/expel/b2");
}
if (empty($HTTP_COOKIE_VARS["cafelogblogid"])) {
setcookie("cafelogblogid","1",time()+31536000);
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
switch($mode) {
case "bookmarklet":
$location="b2bookmarklet.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
break;
case "sidebar":
$location="sidebar.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
break;
case "profile":
$location="profile.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
break;
default:
$location="$redirect_to";
break;
}
if ($is_IIS) {
header("Refresh: 0;url=$location");
} else {
header("Location: $location");
}
}
break;
case "lostpassword":
?><html>
<head>
<title>b2 > Lost password ?</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="<?php echo $b2inc; ?>/b2.css" type="text/css">
<style type="text/css">
<!--
<?php
if (!preg_match("/Nav/",$HTTP_USER_AGENT)) {
?>
textarea,input,select {
background-color: #f0f0f0;
border-width: 1px;
border-color: #cccccc;
border-style: solid;
padding: 2px;
margin: 1px;
}
<?php
}
?>
-->
</style>
</head>
<body bgcolor="#ffffff" text="#000000" link="#cccccc" vlink="#cccccc" alink="#ff0000">
<table width="100%" height="100%">
<td align="center" valign="middle">
<table width="200" height="200" style="border: 1px solid #cccccc;" cellpadding="0" cellspacing="0">
<tr height="50">
<td height="50" width="50">
<a href="http://cafelog.com" target="_blank"><img src="b2-img/b2minilogo.png" border="0" alt="visit b2's homepage" /></a>
</td>
<td align="right" valign="top"> </td>
</tr>
<tr height="150"><td align="right" valign="bottom" height="150" colspan="2">
<p align="center" style="color: #b0b0b0">Type your login here and click OK. You will receive an email with your password.</p>
<?php
if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br /> </div>";
?>
<form name="" action="b2login.php" method="post">
<input type="hidden" name="action" value="retrievepassword" />
<table width="100" style="background-color: #ffffff">
<tr><td align="right">login</td>
<td><input type="text" name="user_login" value="" size="8" /> </td></tr>
<tr><td> </td>
<td><input type="submit" name="Submit2" value="OK" class="search"> </td></tr>
</table>
</form>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
<?php
break;
case "retrievepassword":
$user_login = $HTTP_POST_VARS["user_login"];
$user_data = get_userdatabylogin($user_login);
$user_email = $user_data["user_email"];
$user_pass = $user_data["user_pass"];
$message = "Login: $user_login\r\n";
$message .= "Password: $user_pass\r\n";
$m = mail($user_email, "your weblog's login/password", $message);
if ($m == false) {
echo "<p>The email could not be sent.<br />\n";
echo "Possible reason: your host may have disabled the mail() function...</p>";
die();
} else {
echo "<p>The email was sent successfully to $user_login's email address.<br />\n";
echo "<a href=\"b2login.php\">Click here to login !</a></p>";
die();
}
break;
default:
if((!empty($HTTP_COOKIE_VARS["cafeloguser"])) && (!empty($HTTP_COOKIE_VARS["cafelogpass"]))) {
$user_login = $HTTP_COOKIE_VARS["cafeloguser"];
$user_pass_md5 = $HTTP_COOKIE_VARS["cafelogpass"];
}
function checklogin() {
global $server,$loginsql,$passsql,$base;
global $user_login,$user_pass_md5,$user_ID;
$userdata = get_userdatabylogin($user_login);
if ($user_pass_md5 != md5($userdata["user_pass"])) {
return false;
} else {
return true;
}
}
if ( !(checklogin()) ) {
if (!empty($HTTP_COOKIE_VARS["cafeloguser"])) {
$error="Error: wrong login/password"; //, or your session has expired.";
}
} else {
header("Expires: Wed, 5 Jun 1979 23:41:00 GMT"); /* private joke: this is my birthdate - though officially it's on the 6th, since I'm GMT+1 :) */
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); /* different all the time */
header("Cache-Control: no-cache, must-revalidate"); /* to cope with HTTP/1.1 */
header("Pragma: no-cache");
header("Location: b2edit.php");
exit();
}
?><html>
<head>
<title>b2 > Login form</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="<?php echo $b2inc; ?>/b2.css" type="text/css">
<style type="text/css">
<!--
<?php
if (!preg_match("/Nav/",$HTTP_USER_AGENT)) {
?>
textarea,input,select {
background-color: #f0f0f0;
border-width: 1px;
border-color: #cccccc;
border-style: solid;
padding: 2px;
margin: 1px;
}
<?php
}
?>
-->
</style>
</head>
<body bgcolor="#ffffff" text="#000000" link="#cccccc" vlink="#cccccc" alink="#ff0000">
<table width="100%" height="100%">
<td align="center" valign="middle">
<table width="200" height="200" style="border: 1px solid #cccccc;" cellpadding="0" cellspacing="0">
<tr height="50">
<td height="50" width="50">
<a href="http://cafelog.com" target="_blank"><img src="b2-img/b2minilogo.png" border="0" alt="visit b2's homepage" /></a>
</td>
<td align="right" valign="top">
<a href="b2register.php" class="b2menutop">register ?</a><br />
<a href="b2login.php?action=lostpassword" class="b2menutop">lost your password ?</a>
</td>
</tr>
<tr height="150"><td align="right" valign="bottom" height="150" colspan="2">
<?php
if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br /> </div>";
?>
<form name="" action="b2login.php" method="post">
<?php if ($mode=="bookmarklet") { ?>
<input type="hidden" name="mode" value="<?php echo $mode ?>" />
<input type="hidden" name="text" value="<?php echo $text ?>" />
<input type="hidden" name="popupurl" value="<?php echo $popupurl ?>" />
<input type="hidden" name="popuptitle" value="<?php echo $popuptitle ?>" />
<?php } ?>
<input type="hidden" name="redirect_to" value="b2edit.php" />
<input type="hidden" name="action" value="login" />
<table width="100" style="background-color: #ffffff">
<tr><td align="right">login</td>
<td><input type="text" name="log" value="" size="8" /> </td></tr>
<tr><td align="right">password</td>
<td><input type="password" name="pwd" value="" size="8" /> </td></tr>
<tr><td> </td>
<td><input type="submit" name="Submit2" value="OK" class="search"> </td></tr>
</table>
</form>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
<?php
break;
}
?>
|
i tried everything from changing
setcookie("cafeloguser",$user_login,time()+31536000, "eightoneseven.com/expel/b2");
to
setcookie("cafeloguser", "" ,time()-31536000, "eightoneseven.com/expel/b2");
even deleting it. haha. what do you thinks wrong? |
|
| Back to top |
|
|
MemberNo.817
Joined: 08 Feb 2004
Posts: 3
Location: bayarea
|
| Posted: Sun Feb 08, 2004 10:36 pm Post subject: |
|
|
yah i tried it. do i do it for both accounts for it to work. i tired that too. hmm... here's my codes.
| Code: |
<?php
require('./b2config.php');
require_once($b2inc.'/b2template.functions.php');
require_once($b2inc.'/b2functions.php');
require_once($b2inc.'/b2vars.php');
if (!function_exists('add_magic_quotes')) {
function add_magic_quotes($array) {
foreach ($array as $k => $v) {
if (is_array($v)) {
$array[$k] = add_magic_quotes($v);
} else {
$array[$k] = addslashes($v);
}
}
return $array;
}
}
if (!get_magic_quotes_gpc()) {
$HTTP_GET_VARS = add_magic_quotes($HTTP_GET_VARS);
$HTTP_POST_VARS = add_magic_quotes($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS);
}
$b2varstoreset = array('action','mode','error','text','popupurl','popuptitle');
for ($i = 0; $i < count($b2varstoreset); $i = $i + 1) {
$b2var = $b2varstoreset[$i];
if (!isset($$b2var)) {
if (empty($HTTP_POST_VARS["$b2var"])) {
if (empty($HTTP_GET_VARS["$b2var"])) {
$$b2var = '';
} else {
$$b2var = $HTTP_GET_VARS["$b2var"];
}
} else {
$$b2var = $HTTP_POST_VARS["$b2var"];
}
}
}
/* connecting the db */
$connexion = @mysql_connect($server,$loginsql,$passsql) or die("Can't connect to the database<br>".mysql_error());
mysql_select_db("$base");
switch($action) {
case "logout":
setcookie("cafeloguser", "eightoneseven.com/expel/b2");
setcookie("cafelogpass", "eightoneseven.com/expel/b2");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate"); // for HTTP/1.1
header("Pragma: no-cache");
if ($is_IIS) {
header("Refresh: 0;url=b2login.php");
} else {
header("Location: b2login.php");
}
exit();
break;
case "login":
if(!empty($HTTP_POST_VARS)) {
$log = $HTTP_POST_VARS["log"];
$pwd = $HTTP_POST_VARS["pwd"];
$redirect_to = $HTTP_POST_VARS["redirect_to"];
}
function login() {
global $server,$loginsql,$passsql,$base,$log,$pwd,$error,$user_ID;
global $tableusers, $pass_is_md5;
$user_login=$log;
$password=$pwd;
if (!$user_login) {
$error="<b>ERROR</b>: the login field is empty";
return false;
}
if (!$password) {
$error="<b>ERROR</b>: the password field is empty";
return false;
}
if (substr($password,0,4)=="md5:") {
$pass_is_md5 = 1;
$password = substr($password,4,strlen($password));
$query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND MD5(user_pass) = '$password' ";
} else {
$pass_is_md5 = 0;
$query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND user_pass = '$password' ";
}
$result = mysql_query($query) or die("Incorrect Login/Password request: ".mysql_error());
$lines = mysql_num_rows($result);
if ($lines<1) {
$error="<b>ERROR</b>: wrong login or password";
$pwd="";
return false;
} else {
$res=mysql_fetch_row($result);
$user_ID=$res[0];
if (($pass_is_md5==0 && $res[1]==$user_login && $res[2]==$password) || ($pass_is_md5==1 && $res[1]==$user_login && md5($res[2])==$password)) {
return true;
} else {
$error="<b>ERROR</b>: wrong login or password";
$pwd="";
return false;
}
}
}
if (!login()) {
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
if ($is_IIS) {
header("Refresh: 0;url=b2login.php");
} else {
header("Location: b2login.php");
}
exit();
} else {
$user_login=$log;
$user_pass=$pwd;
setcookie("cafeloguser",$user_login,time()+31536000, "eightoneseven.com/expel/b2");
if ($pass_is_md5) {
setcookie("cafelogpass",$user_pass,time()+31536000, "eightoneseven.com/expel/b2");
} else {
setcookie("cafelogpass",md5($user_pass),time()+31536000, "eightoneseven.com/expel/b2");
}
if (empty($HTTP_COOKIE_VARS["cafelogblogid"])) {
setcookie("cafelogblogid","1",time()+31536000);
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
switch($mode) {
case "bookmarklet":
$location="b2bookmarklet.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
break;
case "sidebar":
$location="sidebar.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
break;
case "profile":
$location="profile.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
break;
default:
$location="$redirect_to";
break;
}
if ($is_IIS) {
header("Refresh: 0;url=$location");
} else {
header("Location: $location");
}
}
break;
case "lostpassword":
?><html>
<head>
<title>b2 > Lost password ?</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="<?php echo $b2inc; ?>/b2.css" type="text/css">
<style type="text/css">
<!--
<?php
if (!preg_match("/Nav/",$HTTP_USER_AGENT)) {
?>
textarea,input,select {
background-color: #f0f0f0;
border-width: 1px;
border-color: #cccccc;
border-style: solid;
padding: 2px;
margin: 1px;
}
<?php
}
?>
-->
</style>
</head>
<body bgcolor="#ffffff" text="#000000" link="#cccccc" vlink="#cccccc" alink="#ff0000">
<table width="100%" height="100%">
<td align="center" valign="middle">
<table width="200" height="200" style="border: 1px solid #cccccc;" cellpadding="0" cellspacing="0">
<tr height="50">
<td height="50" width="50">
<a href="http://cafelog.com" target="_blank"><img src="b2-img/b2minilogo.png" border="0" alt="visit b2's homepage" /></a>
</td>
<td align="right" valign="top"> </td>
</tr>
<tr height="150"><td align="right" valign="bottom" height="150" colspan="2">
<p align="center" style="color: #b0b0b0">Type your login here and click OK. You will receive an email with your password.</p>
<?php
if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br /> </div>";
?>
<form name="" action="b2login.php" method="post">
<input type="hidden" name="action" value="retrievepassword" />
<table width="100" style="background-color: #ffffff">
<tr><td align="right">login</td>
<td><input type="text" name="user_login" value="" size="8" /> </td></tr>
<tr><td> </td>
<td><input type="submit" name="Submit2" value="OK" class="search"> </td></tr>
</table>
</form>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
<?php
break;
case "retrievepassword":
$user_login = $HTTP_POST_VARS["user_login"];
$user_data = get_userdatabylogin($user_login);
$user_email = $user_data["user_email"];
$user_pass = $user_data["user_pass"];
$message = "Login: $user_login\r\n";
$message .= "Password: $user_pass\r\n";
$m = mail($user_email, "your weblog's login/password", $message);
if ($m == false) {
echo "<p>The email could not be sent.<br />\n";
echo "Possible reason: your host may have disabled the mail() function...</p>";
die();
} else {
echo "<p>The email was sent successfully to $user_login's email address.<br />\n";
echo "<a href=\"b2login.php\">Click here to login !</a></p>";
die();
}
break;
default:
if((!empty($HTTP_COOKIE_VARS["cafeloguser"])) && (!empty($HTTP_COOKIE_VARS["cafelogpass"]))) {
$user_login = $HTTP_COOKIE_VARS["cafeloguser"];
$user_pass_md5 = $HTTP_COOKIE_VARS["cafelogpass"];
}
function checklogin() {
global $server,$loginsql,$passsql,$base;
global $user_login,$user_pass_md5,$user_ID;
$userdata = get_userdatabylogin($user_login);
if ($user_pass_md5 != md5($userdata["user_pass"])) {
return false;
} else {
return true;
}
}
if ( !(checklogin()) ) {
if (!empty($HTTP_COOKIE_VARS["cafeloguser"])) {
$error="Error: wrong login/password"; //, or your session has expired.";
}
} else {
header("Expires: Wed, 5 Jun 1979 23:41:00 GMT"); /* private joke: this is my birthdate - though officially it's on the 6th, since I'm GMT+1 :) */
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); /* different all the time */
header("Cache-Control: no-cache, must-revalidate"); /* to cope with HTTP/1.1 */
header("Pragma: no-cache");
header("Location: b2edit.php");
exit();
}
?><html>
<head>
<title>b2 > Login form</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="<?php echo $b2inc; ?>/b2.css" type="text/css">
<style type="text/css">
<!--
<?php
if (!preg_match("/Nav/",$HTTP_USER_AGENT)) {
?>
textarea,input,select {
background-color: #f0f0f0;
border-width: 1px;
border-color: #cccccc;
border-style: solid;
padding: 2px;
margin: 1px;
}
<?php
}
?>
-->
</style>
</head>
<body bgcolor="#ffffff" text="#000000" link="#cccccc" vlink="#cccccc" alink="#ff0000">
<table width="100%" height="100%">
<td align="center" valign="middle">
<table width="200" height="200" style="border: 1px solid #cccccc;" cellpadding="0" cellspacing="0">
<tr height="50">
<td height="50" width="50">
<a href="http://cafelog.com" target="_blank"><img src="b2-img/b2minilogo.png" border="0" alt="visit b2's homepage" /></a>
</td>
<td align="right" valign="top">
<a href="b2register.php" class="b2menutop">register ?</a><br />
<a href="b2login.php?action=lostpassword" class="b2menutop">lost your password ?</a>
</td>
</tr>
<tr height="150"><td align="right" valign="bottom" height="150" colspan="2">
<?php
if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br /> </div>";
?>
<form name="" action="b2login.php" method="post">
<?php if ($mode=="bookmarklet") { ?>
<input type="hidden" name="mode" value="<?php echo $mode ?>" />
<input type="hidden" name="text" value="<?php echo $text ?>" />
<input type="hidden" name="popupurl" value="<?php echo $popupurl ?>" />
<input type="hidden" name="popuptitle" value="<?php echo $popuptitle ?>" />
<?php } ?>
<input type="hidden" name="redirect_to" value="b2edit.php" />
<input type="hidden" name="action" value="login" />
<table width="100" style="background-color: #ffffff">
<tr><td align="right">login</td>
<td><input type="text" name="log" value="" size="8" /> </td></tr>
<tr><td align="right">password</td>
<td><input type="password" name="pwd" value="" size="8" /> </td></tr>
<tr><td> </td>
<td><input type="submit" name="Submit2" value="OK" class="search"> </td></tr>
</table>
</form>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
<?php
break;
}
?>
|
i tried everything from changing
setcookie("cafeloguser",$user_login,time()+31536000, "eightoneseven.com/expel/b2");
to
setcookie("cafeloguser", "" ,time()-31536000, "eightoneseven.com/expel/b2");
even deleting it. haha. what do you thinks wrong? |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1285
Location: Oregon
|
| Posted: Mon Feb 09, 2004 12:18 am Post subject: |
|
|
Your "logout" setcookie functions are wrong. Refer to my first. After that, delete your cookies and then try.
_________________
Michael P.
|
|
| Back to top |
|
|
RamsayX
Joined: 13 Jul 2004
Posts: 10
Location: IaMCaNaDiAn
|
| Posted: Thu Aug 05, 2004 5:09 am Post subject: |
|
|
Could I possibly get some help with this topic? My code seems to be a little different from posted examples ... but I have the same problem. Please help, thanks!
| Code: | <?php
require('./b2config.php');
require_once($b2inc.'/b2template.functions.php');
require_once($b2inc.'/b2functions.php');
require_once($b2inc.'/b2vars.php');
if (!function_exists('add_magic_quotes')) {
function add_magic_quotes($array) {
foreach ($array as $k => $v) {
if (is_array($v)) {
$array[$k] = add_magic_quotes($v);
} else {
$array[$k] = addslashes($v);
}
}
return $array;
}
}
if (!get_magic_quotes_gpc()) {
$HTTP_GET_VARS = add_magic_quotes($HTTP_GET_VARS);
$HTTP_POST_VARS = add_magic_quotes($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS);
}
$b2varstoreset = array('action','mode','error','text','popupurl','popuptitle');
for ($i = 0; $i < count($b2varstoreset); $i = $i + 1) {
$b2var = $b2varstoreset[$i];
if (!isset($$b2var)) {
if (empty($HTTP_POST_VARS["$b2var"])) {
if (empty($HTTP_GET_VARS["$b2var"])) {
$$b2var = '';
} else {
$$b2var = $HTTP_GET_VARS["$b2var"];
}
} else {
$$b2var = $HTTP_POST_VARS["$b2var"];
}
}
}
/* connecting the db */
$connexion = @mysql_connect($server,$loginsql,$passsql) or die("Can't connect to the database<br>".mysql_error());
mysql_select_db("$base");
switch($action) {
case "logout":
setcookie("cafeloguser");
setcookie("cafelogpass");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate"); // for HTTP/1.1
header("Pragma: no-cache");
if ($is_IIS) {
header("Refresh: 0;url=b2login.php");
} else {
header("Location: b2login.php");
}
exit();
break;
case "login":
if(!empty($HTTP_POST_VARS)) {
$log = $HTTP_POST_VARS["log"];
$pwd = $HTTP_POST_VARS["pwd"];
$redirect_to = $HTTP_POST_VARS["redirect_to"];
}
function login() {
global $server,$loginsql,$passsql,$base,$log,$pwd,$error,$user_ID;
global $tableusers, $pass_is_md5;
$user_login=$log;
$password=$pwd;
if (!$user_login) {
$error="<b>ERROR</b>: the login field is empty";
return false;
}
if (!$password) {
$error="<b>ERROR</b>: the password field is empty";
return false;
}
if (substr($password,0,4)=="md5:") {
$pass_is_md5 = 1;
$password = substr($password,4,strlen($password));
$query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND MD5(user_pass) = '$password' ";
} else {
$pass_is_md5 = 0;
$query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND user_pass = '$password' ";
}
$result = mysql_query($query) or die("Incorrect Login/Password request: ".mysql_error());
$lines = mysql_num_rows($result);
if ($lines<1) {
$error="<b>ERROR</b>: wrong login or password";
$pwd="";
return false;
} else {
$res=mysql_fetch_row($result);
$user_ID=$res[0];
if (($pass_is_md5==0 && $res[1]==$user_login && $res[2]==$password) || ($pass_is_md5==1 && $res[1]==$user_login && md5($res[2])==$password)) {
return true;
} else {
$error="<b>ERROR</b>: wrong login or password";
$pwd="";
return false;
}
}
}
if (!login()) {
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
if ($is_IIS) {
header("Refresh: 0;url=b2login.php");
} else {
header("Location: b2login.php");
}
exit();
} else {
$user_login=$log;
$user_pass=$pwd;
setcookie("cafeloguser",$user_login,time()+31536000);
if ($pass_is_md5) {
setcookie("cafelogpass",$user_pass,time()+31536000);
} else {
setcookie("cafelogpass",md5($user_pass),time()+31536000);
}
if (empty($HTTP_COOKIE_VARS["cafelogblogid"])) {
setcookie("cafelogblogid","1",time()+31536000);
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
switch($mode) {
case "bookmarklet":
$location="b2bookmarklet.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
break;
case "sidebar":
$location="sidebar.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
break;
case "profile":
$location="profile.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
break;
default:
$location="$redirect_to";
break;
}
if ($is_IIS) {
header("Refresh: 0;url=$location");
} else {
header("Location: $location");
}
}
break;
case "lostpassword":
?><html>
<head>
<title>b2 > Lost password ?</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="<?php echo $b2inc; ?>/b2.css" type="text/css">
<style type="text/css">
<!--
<?php
if (!preg_match("/Nav/",$HTTP_USER_AGENT)) {
?>
textarea,input,select {
background-color: #f0f0f0;
border-width: 1px;
border-color: #cccccc;
border-style: solid;
padding: 2px;
margin: 1px;
}
<?php
}
?>
-->
</style>
</head>
<body bgcolor="#ffffff" text="#000000" link="#cccccc" vlink="#cccccc" alink="#ff0000">
<table width="100%" height="100%">
<td align="center" valign="middle">
<table width="200" height="200" style="border: 1px solid #cccccc;" cellpadding="0" cellspacing="0">
<tr height="50">
<td height="50" width="50">
<a href="http://cafelog.com" target="_blank"><img src="b2-img/b2minilogo.png" border="0" alt="visit b2's homepage" /></a>
</td>
<td align="right" valign="top"> </td>
</tr>
<tr height="150"><td align="right" valign="bottom" height="150" colspan="2">
<p align="center" style="color: #b0b0b0">Type your login here and click OK. You will receive an email with your password.</p>
<?php
if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br /> </div>";
?>
<form name="" action="b2login.php" method="post">
<input type="hidden" name="action" value="retrievepassword" />
<table width="100" style="background-color: #ffffff">
<tr><td align="right">login</td>
<td><input type="text" name="user_login" value="" size="8" /> </td></tr>
<tr><td> </td>
<td><input type="submit" name="Submit2" value="OK" class="search"> </td></tr>
</table>
</form>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
<?php
break;
case "retrievepassword":
$user_login = $HTTP_POST_VARS["user_login"];
$user_data = get_userdatabylogin($user_login);
$user_email = $user_data["user_email"];
$user_pass = $user_data["user_pass"];
$message = "Login: $user_login\r\n";
$message .= "Password: $user_pass\r\n";
$m = mail($user_email, "your weblog's login/password", $message);
if ($m == false) {
echo "<p>The email could not be sent.<br />\n";
echo "Possible reason: your host may have disabled the mail() function...</p>";
die();
} else {
echo "<p>The email was sent successfully to $user_login's email address.<br />\n";
echo "<a href=\"b2login.php\">Click here to login !</a></p>";
die();
}
break;
default:
if((!empty($HTTP_COOKIE_VARS["cafeloguser"])) && (!empty($HTTP_COOKIE_VARS["cafelogpass"]))) {
$user_login = $HTTP_COOKIE_VARS["cafeloguser"];
$user_pass_md5 = $HTTP_COOKIE_VARS["cafelogpass"];
}
function checklogin() {
global $server,$loginsql,$passsql,$base;
global $user_login,$user_pass_md5,$user_ID;
$userdata = get_userdatabylogin($user_login);
if ($user_pass_md5 != md5($userdata["user_pass"])) {
return false;
} else {
return true;
}
}
if ( !(checklogin()) ) {
if (!empty($HTTP_COOKIE_VARS["cafeloguser"])) {
$error="Error: wrong login/password"; //, or your session has expired.";
}
} else {
header("Expires: Wed, 5 Jun 1979 23:41:00 GMT"); /* private joke: this is my birthdate - though officially it's on the 6th, since I'm GMT+1 :) */
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); /* different all the time */
header("Cache-Control: no-cache, must-revalidate"); /* to cope with HTTP/1.1 */
header("Pragma: no-cache");
header("Location: b2edit.php");
exit();
}
?><html>
<head>
<title>b2 > Login form</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="<?php echo $b2inc; ?>/b2.css" type="text/css">
<style type="text/css">
<!--
<?php
if (!preg_match("/Nav/",$HTTP_USER_AGENT)) {
?>
textarea,input,select {
background-color: #f0f0f0;
border-width: 1px;
border-color: #cccccc;
border-style: solid;
padding: 2px;
margin: 1px;
}
<?php
}
?>
-->
</style>
</head>
<body bgcolor="#ffffff" text="#000000" link="#cccccc" vlink="#cccccc" alink="#ff0000">
<table width="100%" height="100%">
<td align="center" valign="middle">
<table width="200" height="200" style="border: 1px solid #cccccc;" cellpadding="0" cellspacing="0">
<tr height="50">
<td height="50" width="50">
<a href="http://cafelog.com" target="_blank"><img src="b2-img/b2minilogo.png" border="0" alt="visit b2's homepage" /></a>
</td>
<td align="right" valign="top">
<a href="b2register.php" class="b2menutop">register ?</a><br />
<a href="b2login.php?action=lostpassword" class="b2menutop">lost your password ?</a>
</td>
</tr>
<tr height="150"><td align="right" valign="bottom" height="150" colspan="2">
<?php
if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br /> </div>";
?>
<form name="" action="b2login.php" method="post">
<?php if ($mode=="bookmarklet") { ?>
<input type="hidden" name="mode" value="<?php echo $mode ?>" />
<input type="hidden" name="text" value="<?php echo $text ?>" />
<input type="hidden" name="popupurl" value="<?php echo $popupurl ?>" />
<input type="hidden" name="popuptitle" value="<?php echo $popuptitle ?>" />
<?php } ?>
<input type="hidden" name="redirect_to" value="b2edit.php" />
<input type="hidden" name="action" value="login" />
<table width="100" style="background-color: #ffffff">
<tr><td align="right">login</td>
<td><input type="text" name="log" value="" size="8" /> </td></tr>
<tr><td align="right">password</td>
<td><input type="password" name="pwd" value="" size="8" /> </td></tr>
<tr><td> </td>
<td><input type="submit" name="Submit2" value="OK" class="search"> </td></tr>
</table>
</form>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
<?php
break;
}
?> |
_________________
Garrett Ramsay
RamsayStudios.ca |
|
| Back to top |
|
|
RamsayX
Joined: 13 Jul 2004
Posts: 10
Location: IaMCaNaDiAn
|
| Posted: Fri Aug 06, 2004 3:45 am Post subject: |
|
|
Anyone please??
_________________
Garrett Ramsay
RamsayStudios.ca |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 906
Location: Oslo, Norway
|
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 906
Location: Oslo, Norway
|
| Posted: Wed Jan 19, 2005 9:33 am Post subject: |
|
|
I've logged in/out of blog 1. Then logged in in blog 2, @ /gcp/. Two cookies related to sigg3.net came up:
My cookie1 ([email protected][2]) shows:
| Code: | cafelogblogid
1
www.sigg3.net/
0
[color=cyan]bunchanumbers[/color]
* |
my cookie2 ([email protected][3]) shows:
| Code: | cafelogblogid
1
www.sigg3.net/
0
[color=cyan]bunchanumbers[/color]
* |
The numbers are equal, but if that's pwd then that's ok.
They can both be from blog 1, or one from each blog which indicates that the "www.sigg3.net/gcp" or "sigg3.net/gcp" at the end of each set_cookie string does not work.
Or I'm still logged in, as I can't log out...
Either way, isn't it a problem that in either cases both "cookie ID's" is set to cafelogblogid? And would that require editing a houndred files to change (re blog 2)?
I dunno, just brainstorming here...
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center | Fight my BattleImp! |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 906
Location: Oslo, Norway
|
| Posted: Tue Jan 25, 2005 10:49 am Post subject: |
|
|
Just wanted to repeat that question, since I might have put my words in a bad way..
I was wondering wether alot of files use the cafeblogid cookie "name"/variable, since I 'm thinking a cookie with different names would perhaps render out the problem.
But if there's a houndred files to change... :p
I noticed that the URL-variable in b2login doesn't work, since all cookies are marked with www.sigg3.net/, this could also be a part of the problem.
EDIT:
I wanted to read up on this, since I was at a real loss:) so I went on to php.net and found this example:
| Code: | <?php
$value = 'something from somewhere';
setcookie("TestCookie", $value);
setcookie("TestCookie", $value, time()+3600); /* expire in 1 hour */
setcookie("TestCookie", $value, time()+3600, "/~rasmus/", ".example.com", 1);
?> |
As you can see the /b2 2nd install folder/ (here /~rasmus/) is in a variable _in front of_ the domain.. I'll have a go at it and see what happens..
EDIT 2: No change
I read that _all_ setcookie's forth values should be / or /designated folder/ in any cases, but that doesn't make sense when "the default blog" is concerned.
I'm thinking about changing setcookie out with setrawcookie, to see wether this can make it easier for the browser to pick up the right one. The only difference is that rawcookies doesn't have the url encoded automatically. You think this is a security risk in any way?
EDIT 3: No cookie received?
Reading up on cookies I found several bugs on the expiring of cookies in IE (a flaw I suspect Firefox of having too, but I dunno anymore), when I came over a tip from some other board user: | Quote: | | I would suggest to set the option that IE should ask always before accepting a cookie, then you can click on details and see what you get send. |
Which I did in Firefox. Guess what? The b2login (2nd blog @ /gcp/) never sent a cookie! I was thrown out of boardom forum, and had to allow this site to send me cookies before I could log back on again which should mean the set up was working. BUT b2 never sent any.. Still, it refreshes to b2edit.php in the adress field..
EDIT 4: Disregard last
Now I got a cookie, settings in /gcp/b2login.php like:
| Code: |
case "logout":
setcookie("cafeloguser","",time()-31536000,"/gcp/");
setcookie("cafelogpass","",time()-31536000,"/gcp/");
and for case "login":
setcookie("cafeloguser", "",time()+31536000,"/gcp/");
if ($pass_is_md5) {
setcookie("cafelogpass",$user_pass,time()+31536000,"/gcp/");
} else {
setcookie("cafelogpass",md5($user_pass),time()+31536000,"/gcp/"); |
I thought it didn't make sense that the login cookie should have a negative time-set.
Now. I haven't edited the _original_ b2login.php in /, which probably doesn't delete the cookies on logout. I'll try doing that.
Btw, anyone knows where Firefox stores cookies?[/code]
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center | Fight my BattleImp! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB 2 © 2001, 2002 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
