Announcement

Collapse
No announcement yet.

Not keeping user logged in on mozilla

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Not keeping user logged in on mozilla

    I have created my own login page using forum functions that creates the cookies on login, but the problem is when I get login with my own login page and goes to forum page and leaves the site it keeps me logeed in on IE but not on mozilla .

    please let me know simple method to get login so that cookies remains when user comes back on mozilla or please let me know if I am missing something in the code.

    Here is the page code :

    require_once('global.php');
    include("includes/functions_user.php");
    require_once('includes/functions_login.php');

    //I have defined this function on the page
    function verify_authentication1($username, $password ,$send_cookies)
    {
    global $DB_site, $bbuserinfo, $_REQUEST, $_COOKIE;
    //echo "SELECT userid, usergroupid, membergroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '" . addslashes(htmlspecialchars_uni($username)) . "'";
    if ($bbuserinfo = $DB_site->query_first("SELECT userid, usergroupid, membergroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '" . addslashes(htmlspecialchars_uni($username)) . "'"))
    {
    if ($send_cookies)
    {
    if ($_REQUEST['cookieuser'])
    {
    vbsetcookie('userid', $bbuserinfo['userid']);
    vbsetcookie('password', md5($bbuserinfo['password'] . '4380a842'));
    }
    else if ($_COOKIE[COOKIE_PREFIX . 'userid'] AND $_COOKIE[COOKIE_PREFIX . 'userid'] != $bbuserinfo['userid'])
    {
    // we have a cookie from a user and we're logging in as
    // a different user and we're not going to store a new cookie,
    // so let's unset the old one
    vbsetcookie('userid', '');
    vbsetcookie('password', '');
    }
    }
    return true;
    }
    return false;
    }


    //Forum
    define('NO_REGISTER_GLOBALS', 1);
    define('THIS_SCRIPT', 'login');
    //define('SESSION_BYPASS', 1);
    // ################### PRE-CACHE TEMPLATES AND DATA ######################
    // get special phrase groups
    $phrasegroups = array();
    // get special data templates from the datastore
    $specialtemplates = array();
    // pre-cache templates used by all actions
    $globaltemplates = array();
    // pre-cache templates used by specific actions
    $actiontemplates = array(
    'lostpw' => array(
    'lostpw'
    )
    );

    //if form is posted with username and password validate it and get login

    if($_POST['hidlogin']=="Y")
    {
    //$username=trim($_POST['txtusername']);
    $email=trim($_POST['txtusername']);//for the sake of allowed email to be valida login
    $password=htmlspecialchars_uni(($_POST['txtpassword']));
    if(substr_count($email,"@")==0)
    $fld="username";
    else
    $fld="email";
    //echo $password;
    $sql_salt="select salt,userid,password,username from user where active=1 and $fld='".addslashes(htmlspecialchars_uni($email))."'";
    $rs_salt=mysql_query($sql_salt);
    $row_salt=mysql_num_rows($rs_salt);
    //echo"<br>'".$sql_salt."'<br>".$row_salt;
    if($row_salt!=0)
    {
    $salt_array=mysql_fetch_array($rs_salt);
    $salt=$salt_array[0];
    $username=$salt_array[3];
    }
    $password = md5(md5($password) . $salt);
    //echo"<br>".$salt;
    //$password=md5($username.$password);
    $strlclvalidlogin="select fldUserId from TBL_User_Master where fldUsername='".addslashes(htmlspecialchars_uni($username))."' and fldPassword='".$password."'";
    $rslogin=mysql_query($strlclvalidlogin);
    $row=mysql_num_rows($rslogin);
    //echo "<br>".$strlclvalidlogin;
    if($row!=0)
    {

    $flag=1;
    //Forum Code

    verify_authentication1($username, $password, true);


    $strikes = verify_strike_status($username);
    exec_unstrike_user($username);
    $DB_site->query("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . addslashes($session['dbsessionhash']) . "'");
    $session['sessionhash'] = fetch_sessionhash();
    $session['dbsessionhash'] = $session['sessionhash'];
    $DB_site->query("
    INSERT INTO " . TABLE_PREFIX . "session
    (sessionhash, userid, host, idhash, lastactivity, styleid, loggedin, bypass, useragent)
    VALUES
    ('" . addslashes($session['sessionhash']) . "', " . intval($bbuserinfo['userid']) . ", '" . addslashes(SESSION_HOST) . "', '" . addslashes(SESSION_IDHASH) . "', " . TIMENOW . ", $session[styleid], 1, " . iif ($logintype === 'cplogin', 1, 0) . ", '" . addslashes(USER_AGENT) . "')
    ");
    vbsetcookie('sessionhash', $session['sessionhash'], 0);
    if ($nosessionhash == 1)
    { // if user is working through cookies, blank out the sessionhash
    $shash = $session['sessionhash'] = '';
    $surl = $session['sessionurl'] = '';
    $surlJS = $session['sessionurl_js'] = '';
    }
    else
    {
    $shash = $session['sessionhash'];
    $surl = $session['sessionurl'] = 's=' . $session['sessionhash'] . '&amp;';
    $surlJS = $session['sessionurl_js'] = 's=' . $session['sessionhash'] . '&';
    }

    // admin control panel or upgrade script login
    if ($logintype === 'cplogin')
    {
    $permissions = cache_permissions($bbuserinfo, false);
    $bbuserinfo['permissions'] = &$permissions;
    if ($permissions['adminpermissions'] & CANCONTROLPANEL)
    {
    // update CSS preferences if administrator wants to
    globalize($_POST, array('cssprefs' => STR));
    if ($cssprefs != '')
    {
    $cssprefs = str_replace(array('..', '/', '\\'), '', $cssprefs); // get rid of harmful characters
    if ($cssprefs != '' AND @file_exists("./cpstyles/$cssprefs/controlpanel.css"))
    {
    $DB_site->query("UPDATE " . TABLE_PREFIX . "administrator SET cssprefs = '" . addslashes($cssprefs) . "' WHERE userid = $bbuserinfo[userid]");
    }
    }

    $cpsession = fetch_sessionhash();
    $DB_site->query("INSERT INTO " . TABLE_PREFIX . "cpsession (userid, hash, dateline) VALUES ($bbuserinfo[userid], '" . addslashes($cpsession) . "', " . TIMENOW . ")");
    vbsetcookie('cpsession', $cpsession, 0);

    if (!$_REQUEST['cookieuser'] AND empty($_COOKIE[COOKIE_PREFIX . 'userid']))
    {
    vbsetcookie('userid', $bbuserinfo['userid'], 0);
    vbsetcookie('password', md5($bbuserinfo['password'] . '4380a842'), 0);
    }
    }
    }

    // moderator control panel login
    if ($logintype === 'modcplogin')
    {
    $permissions = cache_permissions($bbuserinfo, false);
    $bbuserinfo['permissions'] = &$permissions;

    include_once('./includes/functions_calendar.php');
    if (can_moderate() OR can_moderate_calendar())
    {
    $cpsession = fetch_sessionhash();
    $DB_site->query("INSERT INTO " . TABLE_PREFIX . "cpsession (userid, hash, dateline) VALUES ($bbuserinfo[userid], '" . addslashes($cpsession) . "', " . TIMENOW . ")");
    vbsetcookie('cpsession', $cpsession, 0);

    if (!$_REQUEST['cookieuser'] AND empty($_COOKIE[COOKIE_PREFIX . 'userid']))
    {
    vbsetcookie('userid', $bbuserinfo['userid'], 0);
    vbsetcookie('password', md5($bbuserinfo['password'] . '4380a842'), 0);
    }
    }
    }

    if ($url == 'login.php' OR $url == "$vboptions[forumhome].php" OR strpos($url, 'do=logout') !== false)
    {
    $url = "$vboptions[forumhome].php?$surl";
    }
    else
    {
    $url = fetch_replaced_session_url($url);
    }

    $postvars = construct_hidden_var_fields($postvars);

    $temp = strpos($url, '?');
    if ($temp)
    {
    $formfile = substr($url, 0, $temp);
    }
    else
    {
    $formfile = $url;
    }
    //Forum Code End
    }
    else
    {
    echo "<script langauge='javascript'>";
    echo "alert('Invalid User Name or Password');";
    echo "</script>";
    $flag=0;
    }
    }

  • #2
    I recommend you post on www.vbulletin.org about this since it involves custom PHP code. You will have better luck there.

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X