Alrighty, I've been working on my own personal forums (a side project, yes, I know that vBulletin is available :rolleyes: )
ALL HELP IS GREATLY APPRECIATED, this has set me back about 2 weeks =\
I'm trying to validate cookies that are set by a script with a function to check them. Everything works fine (apostrophes, regular letters, etc) until I try to pass a space through, the function jumps me back to the validation script. Everything is urlencoded(), so we it should work... below are the validation functions and the authorization script, as well as the call to the function that is being made by the redirect page (viewthreads.php).
If you check out http://stray.getitconnected.net/forums , you can try it out yourself (it's not very pretty yet: forum passwords are 'bob').
-------------------- viewthreads.php------------------
(script that calls checkauth)
$parent = $HTTP_GET_VARS["parent"];
$parent = urldecode($parent);
$parent_encoded = urlencode(StripSlashes($parent));
checkAuth($parent_encoded, $connection);
------------------ pwauth.php ----------------------
(the actual cookie setting)
<?php
include ("functions.php");
include ("CONNECTION_SCRIPT_HERE.php");
$forum = $HTTP_GET_VARS["forum"];
$forum_decoded = urldecode($forum);
$forum_encoded = urlencode(StripSlashes($forum));
$forum_stripped = StripSlashes($forum_decoded);
if (!$forum)
{
include ("header.php");
echo "<b><h1><font color=\"blue\">Passworded</font> Forum</font></h1></b>";
echo "<strong>ERROR: Required parameter missing.</strong>";
echo "A required parameter was missing. Please return to the index and try again.";
echo "<p><a href=\"index.php\">Index</a>";
include ("footer.php");
}
else
{
//There is $forum, now we get choices
if ($submit)
{
//It's been submitted, now here's when we do the actual validation
$forum_name = AddSlashes(urldecode($forum));
$validation_q = "SELECT * FROM forums WHERE name='$forum_decoded' AND password=password('$password')";
$validation_r = get_number_of($validation_q, $connection);
if ($validation_r == 1)
{
$forum_decoded = urldecode($forum);
$forum_decoded = StripSlashes($forum_decoded);
//Set the cookie and use the header location to return to the threads
setcookie($forum_stripped, "yes", time() + 86400);
header ("Location: viewthreads.php?parent=$forum_encoded");
include ("header.php");
echo "<b><h1><font color=\"blue\">Passworded</font> Forum</font></h1></b>";
echo "<strong>You have been logged in.</strong>";
echo "You were logged in. Redirecting...";
echo "<p><a href=\"index.php\">Index</a>";
include ("footer.php");
}
else
{
$forum_decoded = StripSlashes($forum_decoded);
//The password was incorrect, so... redisplay the form.
include ("header.php");
echo "<b><h1><font color=\"blue\">Passworded</font> Forum</font></h1></b>";
echo "<strong>Logging in to forum: " . StripSlashes($forum_decoded) . ".</strong>";
echo "<br>The password you entered was incorrect. Please try again.";
$forum_decoded = StripSlashes($forum_decoded);
$forum = urlencode($forum_decoded);
?>
<form method=post action="pwauth.php?forum=<?php echo $forum; ?>">
<p>Password:
<br><input type="password" name="password">
<p><input type="submit" name="submit" value="Enter Password">
</form>
<p><a href="index.php">Index</a>
<?
include ("footer.php");
}
}
else
{
//Nothing has been submitted, display the form.
include ("header.php");
echo "<b><h1><font color=\"blue\">Passworded</font> Forum</font></h1></b>";
echo "<strong>Logging in to forum: " . StripSlashes($forum_decoded) . ".</strong>";
echo "<br>Please enter your password in the space below.";
$forum_decoded = StripSlashes($forum_decoded);
$forum = urlencode($forum_decoded);
?>
<form method=post action="pwauth.php?forum=<?php echo $forum; ?>">
<p>Password:
<br><input type="password" name="password">
<p><input type="submit" name="submit" value="Enter Password">
</form>
<p><a href="index.php">Index</a>
<?
include ("footer.php");
}
}
?>
---------------- function.php ------------------
function checkAuth($forum_encoded, $connection)
{
$forum = $forum_encoded;
$forum_decoded = urldecode($forum_encoded);
$forum_unstripped = AddSlashes($forum_decoded);
$forum_stripped = StripSlashes($forum_decoded);
$cookie_set = $_COOKIE[$forum_stripped];
$passworded_q = "SELECT passworded FROM forums WHERE name='$forum_unstripped'";
$passworded_r = get_contents_of ($passworded_q, $connection);
$parent_q = "SELECT parent FROM forums WHERE name='$forum_unstripped'";
$parent_r = get_contents_of ($parent_q, $connection);
$parent_encoded = urlencode(StripSlashes($parent_r));
if ($passworded_r == "yes")
{
if (isset($cookie_set) && $cookie_set=="yes")
{
if ($parent_r == "self" || $forum_decoded == "self")
{
}
else
{
checkAuth($parent_encoded, $connection);
}
}
else
{
header ("Location: pwauth.php?forum=$forum_encoded");
}
}
else
{
if ($parent_r == "self" || $forum_decoded == "self")
{
}
else
{
checkAuth($parent_encoded, $connection);
}
}
}
