I have a script that sets a cookie on login. The first function actually sets the cookie up, the second one checks if the person logged in:
function login ($username, $password) {
if (!$username || !$password) {
return $error;
}
else {
if (!eregi("^[[:alnum:]_-]+$", $username)) {
return $error
}
if (!eregi("^[[:alnum:]_-]+$", $password)) {
return $error;
}
mysql_connect($this->server, $this->db_user, $this->db_pass);
mysql_select_db($this->database);
$query = mysql_query("select id from myTable where username = '$username' and password = '$password'");
$result = @mysql_num_rows($query);
mysql_close();
if ($result < 1) {
return false;
}
else {
list ($id) = mysql_fetch_row($query);
$hash = md5($username.$this->secret);
setcookie("auth", "$username:$hash:$id", time()+3600, "/");
return 2;
}
}
}
function logged () {
global $HTTP_COOKIE_VARS;
$session_vars = explode(":", $HTTP_COOKIE_VARS['auth]);
$hash = md5($session_vars[0].$this->secret);
if ($hash != $session_vars[1]) {
return false;
}
else {
return array($session_vars[0], $session_vars[2]);
}
}
Recently I discovered that on some machines this does not work properly. I looked at the settings of that particular machine and see cookies from other sites, but not from my. Since I use this script from under HTTPS could there be a problem here somewhere? And if I had to rewrite the part dealing with cookies, how would I go about it without screwing up the current site?
