HELP PLEASE // probleem met inlog script \\HELP PLEASE

Overzicht Reageren

Sponsored by: Vacatures door Monsterboard

Raymond van Os

raymond van Os

27/08/2010 19:32:13
Quote Anchor link
heey PHPérs

ik heb een probleem met onderstaand script wat ik aan het maken ben voor mijn stage.
Quote:
/////FUNCTION.PHP/////
Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<?php
function isingelogd(){
    global $settings, $mysqli;
    // Kijken of er cookies zijn gezet, en controleren of ze valid zijn
    if(isset($_COOKIE['user_id']) && ctype_digit($_COOKIE['user_id']) && isset($_COOKIE['user_hash']) && ctype_alnum($_COOKIE['user_hash'])) {
        $query = "    SELECT
                        gebruikerID, hash_key
                    FROM
                        "
.$settings['db_sessions_table']."
                    WHERE
                        gebruikerID = '"
.$mysqli->real_escape_string($_COOKIE['user_id'])."'
                    AND
                        hash = '"
.$mysqli->real_escape_string($_COOKIE['user_hash'])."'
                    AND
                        ip = '"
.$mysqli->real_escape_string($_SERVER['REMOTE_ADDR'])."'";
        
        // Query uitvoeren
        if ($result = $mysqli->query($query)) {

            $userId = $result->fetch_assoc();

            if(ctype_digit($userId['gebruikerID'])) {
                // Controleren of de hash ook klopt (browsercheck)
                if(sha1($_COOKIE['user_id'] . $_SERVER['HTTP_USER_AGENT'] . $userId['hash_key']) == $_COOKIE['user_hash']) {
                    return true;
                }
else { // Browser is veranderd
                    // Niet ingelogd

                    $query = "    UPDATE
                                    "
.$settings['db_sessions_table']."
                                SET
                                    hash = NULL,
                                    hash_key = NULL,
                                    ip = '"
.$mysqli->real_escape_string($_SERVER['REMOTE_ADDR'])."'
                                WHERE
                                    gebruikerID = '"
.$mysqli->real_escape_string($_COOKIE['user_id'])."'";
                    
                    $mysqli->query($query);
                    
                    // Cookies verwijderen
                    setcookie('user_id', 0, time() - 3600, '/');
                    setcookie('user_hash', '', time() - 3600, '/');        
                    return false;                        
                }
                
            }  
        }    
        
    }
else {    
        // Geen geldige cookies gezet
        // Niet ingelogd

        return false;
    }        
}
  
?>



////INDEX.PHP///// (dit include ik op de home page voor het inloggen)/////
Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
include('config.inc.php');

/* ----------------------------------------------------------------------------------------------- */        
if(!isingelogd()) {
    // Anti-flood, na 5 keer verkeerd inloggen wordt je IP adres 24 uur geband
    $query = "    SELECT
                    COUNT(id) AS attempts
                FROM
                    "
.$settings['db_login_attempts_table']."
                WHERE
                    date_time > (NOW() - INTERVAL 1 MINUTE)                              
                AND
                    ip = '"
.$mysqli->real_escape_string($_SERVER['REMOTE_ADDR'])."'
                AND
                    sys_info = '"
.$mysqli->real_escape_string($_SERVER['HTTP_USER_AGENT'])."'";
    
    if ($result = $mysqli->query($query)) {    //bovenstaande ff aangepast voor test!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
        $login_attempt = $result->fetch_assoc();
        
        if($login_attempt['attempts'] > $settings['max_login_pogingen']) { // Controleren of je bent geband
            echo 'U bent tijdelijk geband<br>';
        }
else {
    
            if (mb_strtoupper($_SERVER['REQUEST_METHOD']) != 'POST') {                        
                $formulier = true;
            }
else {                        
                $formulier = false;                    
                if(ctype_digit($_POST['form']) && time() < strtotime("+1 minute", $_POST['form'])) {                 
                    $username = htmlspecialchars($_POST['username']);
                    $hashedPass = sha1($username.$_POST['pass']);
            
                    $query = "    SELECT
                                    ID
                                FROM
                                    "
.$settings['db_gebruikers_table']."
                                WHERE
                                    gebruikersnaam = '"
.$mysqli->real_escape_string($username)."'
                                AND
                                    wachtwoord = '"
.$mysqli->real_escape_string($hashedPass)."'";
            
                    if ($result = $mysqli->query($query)) {
            
                        $userId = $result->fetch_assoc();
            
                        if(ctype_digit($userId['ID'])) {        
                            $hash_key = uniqid(mt_rand(), true);
                            $hash = sha1($userId['ID'] . $_SERVER['HTTP_USER_AGENT'] . $hash_key);
                            // Cookies maken
                            setcookie('user_id', $userId['ID'], time() + 60*60*24*365, '/');
                            setcookie('user_hash', $hash, time() + 60*60*24*365, '/');            
                            // Update query samenstellen, ip en hash updaten
                         $sql = "    INSERT INTO
                                         "
.$settings['db_sessions_table']."
                                        (
                                            gebruikerID,
                                            hash,
                                            hash_key,
                                            datum,
                                            ip
                                        )
                                    VALUES (
                                        '"
.$mysqli->real_escape_string($userId['ID'])."',
                                        '"
.$hash."',
                                        '"
.$hash_key."',
                                        NOW(),
                                        '"
.$mysqli->real_escape_string($_SERVER['REMOTE_ADDR'])."'
                                    )"
;
                            // Query uitvoeren            
                            if(!$result = $mysqli->query($sql))    {
                                trigger_error('Fout in query: '.$mysqli->error);
                            }
else {
                                if($mysqli->affected_rows > 0) {
                                    echo 'Je bent ingelogd!';
                                }
                            }                                            
                        }
else {                            
                            $sql = "    INSERT INTO
                                            "
.$settings['db_login_attempts_table']."
                                            (
                                                date_time,
                                                ip,
                                                sys_info
                                            )
                                        VALUES (
                                            NOW(),
                                            '"
.$mysqli->real_escape_string($_SERVER['REMOTE_ADDR'])."',
                                            '"
.$mysqli->real_escape_string($_SERVER['HTTP_USER_AGENT'])."'
                                        )"
;                            
            
                            if(!$result = $mysqli->query($sql)) {
                                trigger_error('Fout in query: '.$mysqli->error);
                            }
/*else {
                                if($mysqli->affected_rows > 0) {
                                    echo 'Attempt ingevoerd<br>';
                                }
                            }
                            */

                            echo 'Het wachtwoord of gebruikersnaam was incorrect';
                            $formulier = true;
                        }
            
                    }
                    
                }
else {
                    echo 'Fout bij inloggen. Probeer het opnieuw.';
                }
            
            }

            if($formulier) {
                echo '    <form method="post" action="'.end(explode('/', $_SERVER["REQUEST_URI"])).'">                 
                    <p><label>Username:</label><input type="text" name="username" value="" /></p>
                    <p><label>Password:</label><input type="password" name="pass" value="" /></p>
                    <br><input type="hidden" name="form" value="'
.time().'" />                        
                    <p><input type="submit" value="Inloggen" /></p>                        
                    <p><a href="registration.php">registreren</p>
                    </form>
                '
;                
            }
            }
    }
else {
        trigger_error('Fout in query: '.$mysqli->error);
    }
 
}
else {
    echo 'U bent al ingelogd.';
}

?>


nou is mijn probleem waarop ik blijf steken dat als ik geregistreerd heb en daarna wil inloggen met de goede gebruikersnaam en wachtwoord dat hij blijft zeggen dat: Het wachtwoord of gebruikersnaam was incorrect. hij logt daarom ook niet in.

weet iemand misschien een goede oplossing voor mijn probleem?????
 
PHP hulp

PHP hulp

03/12/2024 22:09:49
 
Jurrian Nijland

Jurrian Nijland

27/08/2010 19:39:34
Quote Anchor link
Hash je de wachtwoorden die ingevoerd worden? Als je het ww controleert moet dat dan wel met die hash..

Verbind je wel met de goede database of..?
 
Raymond van Os

raymond van Os

27/08/2010 19:57:11
Quote Anchor link
de geregistreerde wachtwoorden worden automatisch gehasht.

als ik registreer dan worden ze gehasht en worden ze weergegeven in mijn database.
maar ik krijg wel soms de melding

(((
Warning: Cannot modify header information -
headers already sent by (output started at
G:\test\basis\home.php:212) in G:\test\index.php on line 50

Warning: Cannot modify header information - headers already
sent by (output started at G:\test\basis\home.php:212) in
G:\test\index.php on line 51
)))


script home is ff om te testen
///home///
Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
<html>
    <head>
    <title></title>
    <script type="javascript">
        //
    </script>
    
    <style type="text/css" media="all">
        <!--
            body
            {
                background-color: #d3d3d3;                
                margin-left: 0px;
                margin-top: 0px;
                margin-right: 0px;
                margin-bottom: 0px;                                
            }
            
            #menu
            {    
                position: center;                
                border: 0px solid #000000;
                top: 10;
                left: 500px;
                right: auto;
                width: 517px;
                height: 42px;                
            }                    
            
            #tekst1
            {    
                position: absolute;                
                border: 0px solid #000000;
                background-color: white;
                top: auto;
                left: 535px;
                right: auto;
                width: 437px;
                height: auto;                
            }
            
            #tekst2
            {    
                position: absolute;                
                border: 0px solid #000000;
                top: auto;
                left: 0px;
                right: 3px;
                width: 100px;
                height: 300px;                
            }
            
            /* navigatie in de kop */

            div#navigatie ul, div#zoeken ul {
              list-style-type:none;
              padding: 0;
              margin: 0;
            }

            div#navigatie li, div#zoeken li {
              float: left;
              background-image: none;
              padding: 0;
              margin: 0;
            }

            div#navigatie {
              width: 100%%;
              line-height: 1.15em;
            }
            html>body #navigatie {
              width: 100%;

            }

            /* hoofdmenu */
            #hoofdmenu {
              width: 100%;
              background-color: #000;
            }

            #hoofdmenu span, #servicemenu span{
              margin:0;
              padding: 0.8em 0em 0.75em 0em;
              font-size:70%;
              color:#fff;
              float: left;
            }

            #hoofdmenu a {
              float: left;
              text-decoration: none;
              font-weight: bold;
              color: #fff;
              padding: 0.7em 1.0em 0.75em 1.0em;
            }
            #hoofdmenu a.act, ul#hoofdmenu a.act:hover {
              /*background-color: #efeff1;*/
              background-color: #bbb;
              color: #000;
            }
            #hoofdmenu a:hover, #servicemenu a:hover{
              background-color: #4d4d4d;
              text-decoration:none;
            }

            #hoofdmenu li, #service li {
              display:inline;
              margin:0pt;
              padding:0pt 0px;
            }

            #hoofdmenu li {
              border-right:2px solid #4d4d4d;
            }
            <STYLE type="text/css">
        <!--

            BODY
            {
            scrollbar-3dlight-color: #0099FF;
            scrollbar-arrow-color: #0099FF;
            scrollbar-base-color: #789123;
            scrollbar-darkshadow-color:#000000;
            scrollbar-face-color: #000000;
            scrollbar-highlight-color: #789123;
            scrollbar-shadow-color: #0099FF;
            }
            
            <script language="Javascript">
            function lastModified()
            {
            var modiDate=new Date
            (document.lastModified)
            var showAs=modiDate.
            getDate()+"/" +
            (modiDate.getMonth()+1)
            showAs+="/"+modiDate.getYear()
            showAs+=" om " +modiDate.getHours()+":"+modiDate.getMinutes()
            return showAs
            }
            </script>
        -->
        
    -->
</style>
</head>

<body>
        <script language="JavaScript1.2">
            sfHover = function() {
            var sfEls = document.getElementById("nav").getElementsByTagName("LI");
            for (var i=0; i<sfEls.length; i++) {
            sfEls[i].onmouseover=function() {
            this.className+=" ie_does_hover";
            }
            sfEls[i].onmouseout=function() {
            this.className=this.className.replace(new RegExp(" ie_does_hover\\b"), "");
            }
            }
            }
            if (window.attachEvent) window.attachEvent("onload", sfHover);
        </script>
    
    <div align="center">    
        <div name="testDIV" id="menu">
            <div align="center">
                <div id="navigatie">
                    <ul id="hoofdmenu">

                        <li><a href="home.php" class="act">Home pagina</a></li>
                    
                        <li><a href="klant.php">Klant</a></li>
                        
                        <li><a href="dealer.php">Dealer</a></li>
                        
                        <li><a href="cms.php">CMS</a></li>
                        
                        <li><a href="../logout.php">uitloggen</a></li>
                    </ul>
                </div>                            
            </div>
        </div>
    </div>
    <div align="center">
        <div name="testDIV" id="tekst1">                
                </p>
            <table width="80%" border="0">
                <tr>
                    <td>
                        <strong><center><u>het bedrijf heet u welkom</u></center></strong>
                            </p>
                        <strong>
                            hier kan een lap tekst komen...
                            hier kan een lap tekst komen...
                            hier kan een lap tekst komen...
                            hier kan een lap tekst komen...
                        </strong>
                    </td>
                </tr>
            </table>
        </div>
    </div>    
    <div align="center">
        <div name="testDIV" id="tekst2">                    
            <table width="10%" border="1">
                <tr>
                    <td>
                    <?php include("../index.php"); ?>  
                    </td>
                </tr>
            </table>                            
        </div>
    </div>    
</body>
</html>


Toevoeging op 27/08/2010 19:59:53:

Raymond reniers op 27/08/2010 19:57:11:
de geregistreerde wachtwoorden worden automatisch gehasht.

als ik registreer dan worden ze gehasht en worden ze weergegeven in mijn database.
maar ik krijg wel soms de melding

(((
Warning: Cannot modify header information -
headers already sent by (output started at
G:\test\basis\home.php:212) in G:\test\index.php on line 50

Warning: Cannot modify header information - headers already
sent by (output started at G:\test\basis\home.php:212) in
G:\test\index.php on line 51
)))


script home is ff om te testen
///home///
Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<html>
<head>
<title></title>
    
</style>
</head>

<body>
        <script language="JavaScript1.2">
            sfHover = function() {
            var sfEls = document.getElementById("nav").getElementsByTagName("LI");
            for (var i=0; i<sfEls.length; i++) {
            sfEls[i].onmouseover=function() {
            this.className+=" ie_does_hover";
            }
            sfEls[i].onmouseout=function() {
            this.className=this.className.replace(new RegExp(" ie_does_hover\\b"), "");
            }
            }
            }
            if (window.attachEvent) window.attachEvent("onload", sfHover);
        </script>
    
    <div align="center">    
        <div name="testDIV" id="menu">
            <div align="center">
                <div id="navigatie">
                    <ul id="hoofdmenu">

                        <li><a href="home.php" class="act">Home pagina</a></li>
                    
                        <li><a href="klant.php">Klant</a></li>
                        
                        <li><a href="dealer.php">Dealer</a></li>
                        
                        <li><a href="cms.php">CMS</a></li>
                        
                        <li><a href="../logout.php">uitloggen</a></li>
                    </ul>
                </div>                            
            </div>
        </div>
    </div>
    <div align="center">
        <div name="testDIV" id="tekst1">                
                </p>
            <table width="80%" border="0">
                <tr>
                    <td>
                        <strong><center><u>het bedrijf heet u welkom</u></center></strong>
                            </p>
                        <strong>
                            hier kan een lap tekst komen...
                        </strong>
                    </td>
                </tr>
            </table>
        </div>
    </div>    
    <div align="center">
        <div name="testDIV" id="tekst2">                    
            <table width="10%" border="1">
                <tr>
                    <td>
                    <?php include("../index.php"); ?>  
                    </td>
                </tr>
            </table>                            
        </div>
    </div>    
</body>
</html>

Gelieve in het vervolg alle soorten code, tussen code tags te plaatsen.[/modedit]
Gewijzigd op 27/08/2010 20:23:41 door Bas IJzelendoorn
 
Www JdeRuijterNL

www JdeRuijterNL

27/08/2010 20:02:59
Quote Anchor link
51 setcookie('user_hash', $hash, time() + 60*60*24*365, '/');


Wait wut?
Je hashed een wachtwoord in iemand cookie?
Dat zijn juist gegevens die je niet in een cookie kwijt wilt.

Lekker hashed direct in je database verwerken en controleren of de ingevoerde hash overeenkomt met wat in het DB staat en dan een user_id meegeven die in je DB gekoppeld is aan je gebruiker.
 
Niels K

Niels K

27/08/2010 20:42:13
Quote Anchor link
Leuke titel trouwens...
 



Overzicht Reageren

 
 

Om de gebruiksvriendelijkheid van onze website en diensten te optimaliseren maken wij gebruik van cookies. Deze cookies gebruiken wij voor functionaliteiten, analytische gegevens en marketing doeleinden. U vindt meer informatie in onze privacy statement.