Search Results

Search found 1926 results on 78 pages for 'cookie monster'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 57/78 | < Previous Page | 53 54 55 56 57 58 59 60 61 62 63 64  | Next Page >

  • Django BigInteger auto-increment field as primary key?

    - by Alex Letoosh
    Hi all, I'm currently building a project which involves a lot of collective intelligence. Every user visiting the web site gets created a unique profile and their data is later used to calculate best matches for themselves and other users. By default, Django creates an INT(11) id field to handle models primary keys. I'm concerned with this being overflown very quickly (i.e. ~2.4b devices visiting the page without prior cookie set up). How can I change it to be represented as BIGINT in MySQL and long() inside Django itself? I've found I could do the following (http://docs.djangoproject.com/en/dev/ref/models/fields/#bigintegerfield): class MyProfile(models.Model): id = BigIntegerField(primary_key=True) But is there a way to make it autoincrement, like usual id fields? Additionally, can I make it unsigned so that I get more space to fill in? Thanks!

    Read the article

  • Invalidating ASP.NET FormsAuthentication server side

    - by Rob Walker
    I am experimenting with FormsAuthentication (using ASP.NET MVC2) and it is working fairly well. However, one case I can't work out how to deal with is validating the user identity on the server to ensure it is still valid from the server's perspective. eg. User logs in ... gets a cookie/ticket Out of band the user is deleted on the server side User makes a new request to the server. HttpContext.User.Identity.Name is set to the deleted user. I can detect this fine, but what is the correct way to handle it? Calling FormsAuthentication.SignOut in the OnAuthorization on OnActionExecuting events is too late to affect the current request. Alternatively I would like to be able to calls FormsAuthentication.InvalidateUser(...) when the user is deleted (or database recreated) to invalidate all tickets for a given (or all) users. But I can't find an API to do this.

    Read the article

  • Ruby on Rails protect_from_forgery best practice

    - by randombits
    I'm currently working on building a RESTful web api with ruby on rails. I haven't bothered putting a proper authentication scheme into the API yet as I'm ensuring that tests and the basic behavior of the API is working all locally first. Upon testing non-HTTP GET type requests such as HTTP POST/DELETE/PUT, stuff chokes because protect_from_forgery is on by default. How does this work when I'm working in practice since essentially the idea is in a RESTful API that there is no state. The client does not have a session or a cookie associated with the server. Each request is an atomic, self-executed request. The user will supply some credentials to ensure they are who they say they are, but other than that, does protect_from_forgery make sense at this point? Should it remain enabled?

    Read the article

  • convert.php does not run in a screen session

    - by Tobias
    I am trying to convert a big forum. At the moment I have to do this via ssh and start convert.php with "php5 -f convert.php -- $OPTIONS". But my internet connection is a bit buggy and so it is often killed. If i start the above working command in a screen session it does not work. Instead php gives me the HTML code of the "convert.php" back. head of the page: X-Powered-By: PHP/5.2.12 Set-Cookie: PHPSESSID=6bc4370b2d8d40ff8c3ab23672ff4135; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-type: text/html Does it has something to do with the Sessions? But why does it work on the same ssh-connection without screen?

    Read the article

  • On iPhone, how do I show a login screen to get username and password before giving access to iPhone

    - by MikeN
    On iPhone, how do I show a login screen to get username and password before giving access to iPhone app? Also, does the iPhone store a cookie to the secure website like a web browser? I was thinking of giving users to my website a long API key to store in the settings of their iPhone instead of asking them to login with a username/password (seems to be the Slicehost iPhone app approach.) Which is the best way to get a user to login securely? I have full control over the design of the iPhone app and website so have a lot of flexibility.

    Read the article

  • Facebook Connect and Hash Password Encryption

    - by JamesStrocel
    I'm trying to integrate a Zen Cart site with Facebook Connect. So far, I've been able to get Zen Cart to recognize that the user has a facebook account and is logged in, but that's it. True authentication into Zen Cart eludes me because I can't figure out where a password could be stored and how to get it to Zen Cart to be compared with the password hash. I know Facebook Connect has been implemented with webapps that have such passwords like wordpress, so I know there must be a way to do it. Is the password stored in a cookie? In the Facebook application itself? Any help would be appreciated, even if it's just a place to start searching.

    Read the article

  • Reading xml document in firefox

    - by Searock
    I am trying to read customers.xml using javascript. My professor has taught us to read xml using `ActiveXObjectand he has given us an assignment to create a sample login page which checks username and password by reading customers.xml. I am trying to use DOMParser so that it works with firefox. But when I click on Login button I get this error. Error: syntax error Source File: file:///C:/Users/Searock/Desktop/home/project/project/login.html Line: 1, Column: 1 Source Code: customers.xml Here's my code. login.js var xmlDoc = 0; function checkUser() { var user = document.login.txtLogin.value; var pass = document.login.txtPass.value; //xmlDoc = new ActiveXObject("Microsoft.XMLDOM"); /* xmlDoc = document.implementation.createDocument("","",null); xmlDoc.async = "false"; xmlDoc.onreadystatechange = redirectUser; xmlDoc.load("customers.xml"); */ var parser = new DOMParser(); xmlDoc = parser.parseFromString("customers.xml", "text/xml"); alert(xmlDoc.documentElement.nodeName); xmlDoc.async = "false"; xmlDoc.onreadystatechange = redirectUser; } function redirectUser() { alert(''); var user = document.login.txtLogin.value; var pass = document.login.txtPass.value; var log = 0; if(xmlDoc.readyState == 4) { xmlObj = xmlDoc.documentElement; var len = xmlObj.childNodes.length; for(i = 0; i < len; i++) { var nodeElement = xmlObj.childNodes[i]; var userXml = nodeElement.childNodes[0].firstChild.nodeValue; var passXml = nodeElement.childNodes[1].firstChild.nodeValue; var idXML = nodeElement.attributes[0].value if(userXml == user && passXml == pass) { log = 1; document.cookie = escape(idXML); document.login.submit(); } } } if(log == 0) { var divErr = document.getElementById('Error'); divErr.innerHTML = "<b>Login Failed</b>"; } } customers.xml <?xml version="1.0" encoding="UTF-8"?> <customers> <customer custid="CU101"> <user>jack</user> <pwd>PW101</pwd> <email>[email protected]</email> </customer> <customer custid="CU102"> <user>jill</user> <pwd>PW102</pwd> <email>[email protected]</email> </customer> <customer custid="CU103"> <user>john</user> <pwd>PW103</pwd> <email>[email protected]</email> </customer> <customer custid="CU104"> <user>jeff</user> <pwd>PW104</pwd> <email>[email protected]</email> </customer> </customers> I get parsererror message on line alert(xmlDoc.documentElement.nodeName); I don't know what's wrong with my code. Can some one point me in a right direction? Edit : Ok, I found a solution. var xmlDoc = 0; var xhttp = 0; function checkUser() { var user = document.login.txtLogin.value; var pass = document.login.txtPass.value; var err = ""; if(user == "" || pass == "") { if(user == "") { alert("Enter user name"); } if(pass == "") { alert("Enter Password"); } return; } if (window.XMLHttpRequest) { xhttp=new XMLHttpRequest(); } else // IE 5/6 { xhttp=new ActiveXObject("Microsoft.XMLHTTP"); } xhttp.onreadystatechange = redirectUser; xhttp.open("GET","customers.xml",true); xhttp.send(); } function redirectUser() { var log = 2; var user = document.login.txtLogin.value; var pass = document.login.txtPass.value; if (xhttp.readyState == 4) { log = 0; xmlDoc = xhttp.responseXML; var xmlUsers = xmlDoc.getElementsByTagName('user'); var xmlPasswords = xmlDoc.getElementsByTagName('pwd'); var userLen = xmlDoc.getElementsByTagName('customer').length; var xmlCustomers = xmlDoc.getElementsByTagName('customer'); for (var i = 0; i < userLen; i++) { var xmlUser = xmlUsers[i].childNodes[0].nodeValue; var xmlPass = xmlPasswords[i].childNodes[0].nodeValue; var xmlId = xmlCustomers.item(i).attributes[0].nodeValue; if(xmlUser == user && xmlPass == pass) { log = 1; document.cookie = xmlId; document.login.submit(); break; } } } if(log == 0) { alert("Login failed"); } } Thanks.

    Read the article

  • MVC Site - Ensuring the default entry view is always correct

    - by Klaptrap
    I have a MVC site with AD authorization. This is all working fine. I publish the site to the webserver and call the site directly (http://intranet). If I have not logged in for a while (I have an authorised cookie with a 30 minute TTL), I am prompted to log-in and if successful I am redirected to the homeController's index view. This is great and as expected. If I keep the session open (browser open) and browse away from the site, if I then browse back to http://intranet, I am not challenged as I have recently authenticated but the default page is from a different controller and not the home page view. How can I stop this from happening? It cannot be a session setting as this is not a new session and the routes appear correct - they are not beng called at this point anyhow. Please MVC guru's advise....!

    Read the article

  • Interfacing my application with existing authentication systems

    - by Karan Bhangui
    I'm writing a web based application that will have its own authorization/authentication mechanism (traditional cookie/session based user/pass). However, depending on the organization that licenses the software, I want them to be able to plug in their own existing internal authentication system as a way to replace mine. Ideally, they'd have to run as little code as possible on their end; I'm trying to make this a mostly hosted service. I'm aware of the existence of OAuth, but don't entirely understand how I would go about implementing the system at a higher level. Any tips would be appreciated.

    Read the article

  • Re-send POST request easily - what tools?

    - by Fabien
    I am looking for an easy way to re-send POST request to the server within the browser mainly for debug purposes. Say you have a XHR request which contains POST parameters that is to be send to the server. After having changed the script on the server side, you would like to resent the very same request for analyzing the output. What tool could help? I guess it is a browser's extension. I already tried extension Tamper Data for Firefox which does the job as you can "Replay in browser". But for my taste, it is not enough straight forward, as there are 3 - 4 clicks to get the result of the request. Unfortunately, curl would not be suitable for my needs as my application has a session's cookie.

    Read the article

  • Cookies with urllib

    - by CMC
    This will probably seem like a really simple question, and I am quite confused as to why this is so difficult for me. I would like to write a function that takes three inputs: [url, data, cookies] that will use urllib (not urllib2) to get the contents of the requested url. I figured it'd be simple, so I wrote the following: def fetch(url, data = None, cookies = None): if isinstance(data, dict): data = urllib.urlencode(data) if isinstance(cookies, dict): # TODO: find a better way to do this cookies = "; ".join([str(key) + "=" + str(cookies[key]) for key in cookies]) opener = urllib.FancyURLopener() opener.addheader("Cookie", cookies) obj = opener.open(url, data) result = obj.read() obj.close() return result This doesn't work, as far as I can tell (can anyone confirm that?) and I'm stumped.

    Read the article

  • .htaccess add hidden php get variable for language selection

    - by Eric Di Bari
    I have a multiple language website, and I use a php get variable to set the cookie for the language setting. I have multiple subfolders (http://www.site.com/es and http://www.site.com/de) that each have a respective .htaccess file. When accessing these folders, the .htaccess file does this to "silently" redirect the user and add the appropriate php variable: ------- Options +FollowSymlinks RewriteEngine on RewriteOptions MaxRedirects=10 rewriterule ^http://www.site.com/es/$ http://www.site.com/?l=es [P,R=301] rewriterule ^(.*)$ http://www.site.com/$1?l=es [P,R=301] ------- When someone accesses the root directory: http://www.site.com, I want to add a ?l=en suffix "silently" to the url. How do I do that? Thanks.

    Read the article

  • Authkit - deferring action for HTTP '401' response to client application

    - by jon
    Form, Redirect and Forward all send an unauthenticated user to a Form on a login page specified within an Authkit middleware application. I'd like to allow a client application to request a service via XHR and then present a custom 'client side' form if a HTTP status code of 401 is returned, which would then post to Authkit for authentication until valid authentication/authorization occured. Specifically, 1) a jquery $.get request might request a resource. 2) if an Authkit cookie check confirmed previous authorization the content would be returned. 3) if not I would like Authkit to simply return the '401 response' (and not redirect to another page, or return a form template) where a client side exception handler would notify the user and present an authentication form. Can Authkit work like this?

    Read the article

  • Facebook Graph and PHP API

    - by Wes
    I've been working at this for a few hours, but the poor documentation is of no help. All I want to do is grab the data that exists at https://graph.facebook.com/cocacola/ as an example, and I cant even do that. I'm using the latest php API from facebook. This is my code, which returns nothing: <?php require '../src/facebook.php'; // Create our Application instance. $facebook = new Facebook(array( 'appId' => '254752073152', 'secret' => '904270b68a2cc3d54485323652da4d14', 'cookie' => true, )); $coke = $facebook->api('/cocacola'); echo '<pre>'; print_r($coke); echo '</pre>'; Any idea?

    Read the article

  • How to use sessions with django piston auth?

    - by xyld
    The problem is that I want to store authentication in a cookie that I can present to django piston rather than requiring user/password to be typed in each time (without hardcoding or storing the user/pass combo somewhere on disk). I was hoping to accomplish this with cookies like someone would without the piston API. Am I missing something? Django Piston doesn't seem to care about session cookies at all? Or can someone suggest a good alternative? Maybe I shouldn't use Piston?

    Read the article

  • PHP Session Cookies fail with users changing IP

    - by Columbo
    Hello, I have a login script for a small application that works by storing session cookies and checking them on each page to make sure the user is logged in. One of the two users who uses the system keeps getting logged out randomly. This appears to be down to the session cookie that shows then authenticated no longer being present. After a lot of investigation the only thing I can see that is different about this user is that their IP address is changing (today it was changing every hour (their on Sky)). The only thing is the change of IP address has happened 5 times this morning and only once has the user been logged off. Has anyone had a similar issue? Are session cookies in someway tied to IP addresses? Any help or links much appreciated. Thanks C

    Read the article

  • Google App Engine - Calling getSession().invalidate(); causes app engine to act weird.

    - by Spines
    When I call hreq.getSession().invalidate(); app engine slows down tremendously. I looked at appstats and saw that on a page where no database calls are made, it was calling memcache.get and datastore.get 23 times each. The stack trace of these calls showed that it was being called from getSession(). This only happens on the production server. Every time I make a request to a page, it makes a bunch of memcache and datastore calls. This slow down goes away though when i restart my browser. When I changed the code to simply set the isLoggedIn property of the session to false, rather than calling hreq.getSession().invalidate();, everything was fine. As a test, I didn't invalidate my session, but I changed the value of my browser's session cookie, and the app engine exhibited the same behavior. Is this a bug with the app engine?

    Read the article

  • Is Rails default CSRF protection insecure

    - by schickb
    By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

    Read the article

  • How do I change JAVASCRIPT_DEFAULT_SOURCES for my application?

    - by Adam Lassek
    When you call javascript_include_tag :defaults you usually get: prototype.js, effects.js, dragdrop.js, and controls.js. These are stored in a constant in ActionView::Helpers::AssetTagHelper called 'JAVASCRIPT_DEFAULT_SOURCES`. My application uses jQuery, so I want to replace the Prototype references with something more useful. I added an initializer with these lines, based on the source code from jRails: ActionView::Helpers::AssetTagHelper::JAVASCRIPT_DEFAULT_SOURCES = %w{ jquery-1.4.min jquery-ui jquery.cookie } ActionView::Helpers::AssetTagHelper::reset_javascript_include_default But when I do this, I get: warning: already initialized constant JAVASCRIPT_DEFAULT_SOURCES during startup. What's the correct way of changing this value? In the source code it checks for the constant before setting it, but apparently that happens before it runs the initializer scripts. The Rails 3.0 release will provide much greater flexibility with choice of JS libraries, so I guess this is a problem with an expiration date.

    Read the article

  • Best way to deal with session handling in Zend Framework

    - by JACK IN THE CRACK
    So I'm starting up in Zend framework and looking to implement a site-wide "User" session.... something I can easily access from ALL modules/controllers in the application. I'm like, should I make a new namespace in the library and extend the controller, like: MyLib_Controller_Action extends Zend_Controller_Action { protected $_userSession; function preDispatch(Zend_Controller_Request_Abstract $req) { $this->_userSession = new Zend_Session_Namespace('user'); } } ANd then have all my controllers/modules/etc extend from that? Or should I create a Plugin or what? How would you go about making this plugin to pass the user session to the controller? Or do I do it in the bootstrap?? Again how to pass to controller? Also should I use Zend_Session_Namespace or Zend_Http_Cookie and also how do I encrypt and xss clean the cookie or is that did automagically?

    Read the article

  • Machine restricted login access

    - by Sunil Shenoy
    I am working on a project that has a requirement such that login details can only be accessed from one machine at one time. For example, if I grant you access to my website and you login from your home machine, the system will store this settings in a cookie/database. Now if you try the same login details on your work machine or any other machine, the system will not let you log into the system. The login will now only work from home machine. Any suggestions on how to achieve this would be helpful. Any resources you can point me towards would also be appreciated.

    Read the article

  • Remove HTTP headers from a raw response

    - by Ed
    Let's say we make a request to a URL and get back the raw response, like this: HTTP/1.1 200 OK Date: Wed, 28 Apr 2010 14:39:13 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 Set-Cookie: PREF=ID=e2bca72563dfffcc:TM=1272465553:LM=1272465553:S=ZN2zv8oxlFPT1BJG; expires=Fri, 27-Apr-2012 14:39:13 GMT; path=/; domain=.google.co.uk Server: gws X-XSS-Protection: 1; mode=block Connection: close <!doctype html><html><head>...</head><body>...</body></html> What would be the best way to remove the HTTP headers from the response in C#? With regexes? Parsing it into some kind of HTTPResponse object and using only the body? EDIT: I'm using SOCKS to make the request, that's why I get the raw response.

    Read the article

  • Google bot .net and AspxAutoDetectCookieSupport dilemma

    - by nLL
    Hi, i have a .net mobile web site where i use sesion state and due to nature of mobile networks/phones (not all supports session cookies) i had to use <sessionState cookieless="AutoDetect"/> It works fine but because each new session redirected with "AspxAutoDetectCookieSupport=1" i have a feeling that google won't like this. Here is a small sample from my server logs supportForumReadTopic.aspx id=38 80 - 66.249.71.80 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) 302 supportForumReadTopic.aspx id=38&AspxAutoDetectCookieSupport=1 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) 200 As you see each new hit from google will get 302 to itself. I have a genericmozilla5.browser file where i define google bot as cookie supporting browser in order to get .net not to use cookieless urls but not sure how this 302 would effect me. Any one had smilar exprience? Any ideas? Suggestions? Thanks

    Read the article

  • Can't get Zend Studio and PHPunit to work together

    - by dimbo
    I have a created a simple doctrine2/zend skeleton project and am trying to get unit testing working with zend studio. The tests work perfectly through the PHPunit CLI but I just can't get them to work in zend studio. It comes up with an error saying : 'No Tests was executed' and the following output in the debug window : X-Powered-By: PHP/5.2.14 ZendServer/5.0 Set-Cookie: ZendDebuggerCookie=127.0.0.1%3A10137%3A0||084|77742D65|1016; path=/ Content-type: text/html <br /> <b>Warning</b>: Unexpected character in input: '\' (ASCII=92) state=1 in <b>/var/www/z2d2/tests/application/models/UserModelTest.php</b> on line <b>8</b><br /> <br /> <b>Warning</b>: Unexpected character in input: '\' (ASCII=92) state=1 in <b>/var/www/z2d2/tests/application/models/UserModelTest.php</b> on line <b>8</b><br /> <br /> <b>Parse error</b>: syntax error, unexpected T_STRING in <b>/var/www/z2d2/tests/application/models/UserModelTest.php</b> on line <b>8</b><br /> The test is as follows: <?php require_once 'Zend/Application.php'; require_once 'Zend/Test/PHPUnit/ControllerTestCase.php'; abstract class ControllerTestCase extends Zend_Test_PHPUnit_ControllerTestCase { public function setUp() { $this->bootstrap = new Zend_Application( 'testing', APPLICATION_PATH . '/configs/application.ini' ); parent::setUp(); } public function tearDown() { parent::tearDown(); } } <?php class IndexControllerTest extends ControllerTestCase { public function testDoesHomePageExist() { $this->dispatch('/'); $this->assertController('index'); $this->assertAction('index'); } } <?php class ModelTestCase extends PHPUnit_Framework_TestCase { protected $em; public function setUp() { $application = new Zend_Application( 'testing', APPLICATION_PATH . '/configs/application.ini' ); $bootstrap = $application->bootstrap()->getBootstrap(); $this->em = $bootstrap->getResource('entityManager'); parent::setUp(); } public function tearDown() { parent::tearDown(); } } <?php class UserModelTest extends ModelTestCase { public function testCanInstantiateUser() { $this->assertInstanceOf('\Entities\User', new \Entities\User); } public function testCanSaveAndRetrieveUser() { $user = new \Entities\User; $user->setFirstname('wjgilmore-test'); $user->setemail('[email protected]'); $user->setpassword('jason'); $user->setAddress1('calle san antonio'); $user->setAddress2('albayzin'); $user->setSurname('testman'); $user->setConfirmed(TRUE); $this->em->persist($user); $this->em->flush(); $user = $this->em->getRepository('Entities\User')->findOneByFirstname('wjgilmore-test'); $this->assertEquals('wjgilmore-test', $user->getFirstname()); } public function testCanDeleteUser() { $user = new \Entities\User; $user = $this->em->getRepository('Entities\User')->findOneByFirstname('wjgilmore-test'); $this->em->remove($user); $this->em->flush(); } } And the bootstrap: <?php define('BASE_PATH', realpath(dirname(__FILE__) . '/../../')); define('APPLICATION_PATH', BASE_PATH . '/application'); set_include_path( '.' . PATH_SEPARATOR . BASE_PATH . '/library' . PATH_SEPARATOR . get_include_path() ); require_once 'controllers/ControllerTestCase.php'; require_once 'models/ModelTestCase.php'; Here is the new error after setting PHP Executable to 5.3 as Gordon suggested: X-Powered-By: PHP/5.3.3 ZendServer/5.0 Set-Cookie: ZendDebuggerCookie=127.0.0.1%3A10137%3A0||084|77742D65|1000; path=/ Content-type: text/html <br /> <b>Fatal error</b>: Class 'ModelTestCase' not found in <b>/var/www/z2d2/tests/application/models/UserModelTest.php</b> on line <b>4</b><br />

    Read the article

  • Session caching problem

    - by Levani
    I have a strange problem with php sessions. I use them for authorization on my site. I store two variables - currently logged in user's id and username in session. When I log in with one username, than log out and log in again with another username the previous user's id is returned using the session variable instead of the current user. The most strange thing is that this happens only when it comes to insert some data into database. When I directly echo this variable the correct id is displayed, but when I insert new record into database this variable sends incorrect id. Here is the php code I use for sending data into database: <?php session_start(); //connect database require_once 'dbc.php'; $authorID = $_SESSION['user_id']; if ( $authorID != 0 ) { $content = htmlentities($_POST["answ_content"],ENT_COMPAT,'UTF-8'); $dro = date('Y-m-d H:i:s'); $qID = $_POST["question_ID"]; $author = 'avtori'; $sql="INSERT INTO comments (comment_ID, comment_post_ID, comment_author, comment_date, comment_content, user_id) VALUES (NULL, '$qID', '$author', '$dro', '$content', '$authorID')"; $result = mysql_query($sql); } else { echo 'error'; } ?> Can anyone please help? Here is the logout function: function logout() { global $db; session_start(); if(isset($_SESSION['user_id']) || isset($_COOKIE['user_id'])) { mysql_query("update `users` set `ckey`= '', `ctime`= '' where `id`='$_SESSION[user_id]' OR `id` = '$_COOKIE[user_id]'") or die(mysql_error()); } /************ Delete the sessions****************/ unset($_SESSION['user_id']); unset($_SESSION['user_name']); unset($_SESSION['user_level']); unset($_SESSION['HTTP_USER_AGENT']); session_unset(); session_destroy(); /* Delete the cookies*******************/ setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); header("Location: index.php"); } Here is the authentication script: include 'dbc.php'; $err = array(); foreach($_GET as $key => $value) { $get[$key] = filter($value); //get variables are filtered. } if ($_POST['doLogin']=='Login') { foreach($_POST as $key => $value) { $data[$key] = filter($value); // post variables are filtered } $user_email = $data['usr_email']; $pass = $data['pwd']; if (strpos($user_email,'@') === false) { $user_cond = "user_name='$user_email'"; } else { $user_cond = "user_email='$user_email'"; } $result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE $user_cond AND `banned` = '0' ") or die (mysql_error()); $num = mysql_num_rows($result); // Match row found with more than 1 results - the user is authenticated. if ( $num > 0 ) { list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result); if(!$approved) { //$msg = urlencode("Account not activated. Please check your email for activation code"); $err[] = "Account not activated. Please check your email for activation code"; //header("Location: login.php?msg=$msg"); //exit(); } //check against salt if ($pwd === PwdHash($pass,substr($pwd,0,9))) { // this sets session and logs user in session_start(); session_regenerate_id (true); //prevent against session fixation attacks. // this sets variables in the session $_SESSION['user_id']= $id; $_SESSION['user_name'] = $full_name; $_SESSION['user_level'] = $user_level; $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); //update the timestamp and key for cookie $stamp = time(); $ckey = GenKey(); mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error()); //set a cookie if(isset($_POST['remember'])){ setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/"); } if(empty($err)){ header("Location: myaccount.php"); } } else { //$msg = urlencode("Invalid Login. Please try again with correct user email and password. "); $err[] = "Invalid Login. Please try again with correct user email and password."; //header("Location: login.php?msg=$msg"); } } else { $err[] = "Error - Invalid login. No such user exists"; } }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 53 54 55 56 57 58 59 60 61 62 63 64  | Next Page >