1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help: "authorization" script...

Discussion in 'General PHP and MySQL Discussions' started by Mr. Goodie2Shoes, Jan 18, 2012.

  1. Mr. Goodie2Shoes

    Mr. Goodie2Shoes Well-Known Member

    Hello there, I am just trying to create a script and users need to log-in with the details in "login.php" and the info will be forwarded to "./lib/authorize.php" using the "POST" method and here's the code snippet for the "authorize.php" file:
    PHP:
    <?php
    if(!isset($_GET['do'])){
        die();
    }else{
        switch (
    $_GET['do']){
            case 
    logout:
                
    setcookie('ooht-session-start'''time()-3600"/"$_SERVER['HTTP_HOST']);
                
    setcookie('ooht-session-ip'''time()-3600"/"$_SERVER['HTTP_HOST']);
                
    setcookie('ooht-authorize-id'''time()-3600"/"$_SERVER['HTTP_HOST']);
                
    header('Location: ../login.php');
            break;
            
            case 
    login:
                
    $user_login_request $_POST['name'];
                
    $pass_login_request $_POST['authorize_code'];
                
                include(
    'config.php');
                
    $DB_connect_zero mysql_connect($xenCODE_OOHT_DB_server$xenCODE_OOHT_DB_user$xenCODE_OOHT_DB_pass);
                
    $DB_connect mysql_select_db($xenCODE_OOHT_DB_name$DB_connect_zero);
                
    $DB_query mysql_query("SELECT * FROM ooht_users WHERE users_name = `$user_login_request`");
                
    $DB_field mysql_fetch_array($DB_query);
                
                if(
    $user_login_request != $DB_field['users_name']){
                    echo 
    "There's no such username!";
                }else{
                    if(
    $DB_field['users_password'] != sha1(sha1($pass_login_request).$DB_field['users_salt'])){
                        echo 
    "Username and password doesn't match!";
                    }else{
                        if(
    $_POST['remember'] == "on"){
                            
    $cookie_life 60*60*24*30;
                        }else{
                            
    $cookie_life 60*60*1;
                        }
                        
    $session_start_time time();
                        
                        
    setcookie('ooht-name'$user_login_requesttime()+60*60*24*30"/"$_SERVER['HTTP_HOST']);
                        
    setcookie('ooht-session-start'$session_start_timetime()+$cookie_life"/"$_SERVER['HTTP_HOST']);
                        
    setcookie('ooht-session-ip'sha1($_SERVER["REMOTE_ADDR"]), time()+$cookie_life"/"$_SERVER['HTTP_HOST']);
                        
    setcookie('ooht-authorize-id'md5(sha1($user_login_request).$session_start_time.sha1($_SERVER['REMOTE_ADDR'])), time()+$cookie_life"/"$_SERVER['HTTP_HOST']);
                        
                        
    header('Location: ../index.php');
                    }
                }
            break;
        }
    ?>
    I tried debugging the code but no result, only a blank page :|
  2. Robbo

    Robbo Well-Known Member

    That isn't even sanitized. Adding `;DROP TABLE ooht_users would drop that table for example. Surely there is a library you can include to use instead? If it is to do with XenForo you could use Zend_Db. And also Zend_Request_Http. Those are from memory so might be wrong.

Share This Page