hi there. a few weeks ago i posted a message that yielded a great reply about changing register_globals in recent versions of PHP. i've used PHP since early versions, but not recently and am a bit out of touch with recent thinking. the latest manifestation of this has just bit me.
i have an application that requires authentication, which i implemented yonks ago by accessing a mysql database, querying for user id, comparing provided password with an encrypted form of the user's password held in the database. a successful match returns a cookie containing an authentication flag and a reference to the user id. this works fine. i think.
a logout option attempts to send a cookie with the same name, but zero contents, and an already expired expiry time. in older versions of PHP, this works fine. i just cannot get it to play with PHP 4.3.3 (linux/suse 8.1). i have done a bit of debug, and think that the original cookie doesn't actually contain what I want it to contain.... and it all sounds a little bit like changed PHP behaviour, like the register_globals thing. i've looked at examples of how to do this kind of thing, and so far it makes sense. if anybody has a solid example online, or advice about what config variables I have messed up, i would welcome hearing from you.
thanks, happy coding.
ed chester
national space centre, uk
here's my logout code:
case 'reqout':
$DB = DB_connect();
if(isset($spodif)) {
$id = $HTTP_COOKIE_VARS["spodif"];
}
echo "ID: $id<p>";
setUserOnline($id,'out');
DB_close($D😎;
setcookie("spodif___");
//header("Location: index.php");
exit;
break;
and login:
case 'reqin':
$DB = DB_connect();
$q = 'SELECT * FROM '.$_TUsers.' u WHERE uid=\''.$fUid.'\'';
//echo $q;
$r = mysql_query($q,$D😎;
if ($r==0) { DB_error(); }
else {
while ($rec=mysql_fetch_array($r)) {
$id = $rec["id"];
$uid = $rec["uid"];
$name = $rec["name"];
$password = $rec["password"];
$level = $rec["level"];
$email = $rec["email"];
$enabled = $rec["enabled"];
$online = $rec["online"];
}
}
zap($r);
[some code snipped for good reasons]
$chkPwd = ($useEncryption=='y') ? $cryptPass : $fPwd;
if (($fUid==$uid)&&($enabled=='Y')&&($chkPwd==$password)) {
setUserOnline($id,'in');
$cookieTime = time()+(2*3600);
$cookieValue = $id;
setcookie("spodif___",$cookieValue,$cookieTime);
header("Location: index.php");
exit;
}
else {
// login failed
htmlheader($title,'local.css','_self');
echo "\n",'<body class="sel">',"\n";
echo "<b>Login failed, sorry</b>\n";
}
DB_close($DB);
