Jump to content
MakeWebGames

Validation auto-login problems


gurpreet

Recommended Posts

My basic set up is this:

The user registers and they get sent a validation link, and their info gets put into the table 'validating'

The user clicks the validation link in their email and they get a confirmation message and their info gets put into the users table.

However, I'm trying to make it so once they have received their confirmation and their account has been created, then they should be auto-logged in and redirected to the game. This is what I got:

 

<?php
include "config.php";

global $_CONFIG;
define("MONO_ON", 1);
require "class/class_db_{$_CONFIG['driver']}.php";
$db=new database;
$db->configure($_CONFIG['hostname'],
$_CONFIG['username'],
$_CONFIG['password'],
$_CONFIG['database'],
$_CONFIG['persistent']);
$db->connect();
$c=$db->connection_id;
$set=array();
$settq=$db->query("SELECT * FROM settings");
while($r=$db->fetch_row($settq))
{
$set[$r['conf_name']]=$r['conf_value'];
}
$token = ctype_alnum($_GET['token']);
$q = mysql_query("SELECT * FROM validating WHERE vdID='$token'");
$key = mysql_fetch_object($q);
$q2 = mysql_query("SELECT username FROM users WHERE username='{$key->username}'");
$key2 = mysql_fetch_object($q2);

?>

<script language="JavaScript">
<!--

function getCookieVal (offset) {
 var endstr = document.cookie.indexOf (";", offset);
 if (endstr == -1)
   endstr = document.cookie.length;
 return unescape(document.cookie.substring(offset, endstr));
}
function GetCookie (name) {
 var arg = name + "=";
 var alen = arg.length;
 var clen = document.cookie.length;
 var i = 0;
 while (i < clen) {
   var j = i + alen;
   if (document.cookie.substring(i, j) == arg)
     return getCookieVal (j);
   i = document.cookie.indexOf(" ", i) + 1;
   if (i == 0) break;
 }
 return null;
}
function SetCookie (name,value,expires,path,domain,secure) {
 document.cookie = name + "=" + escape (value) +
   ((expires) ? "; expires=" + expires.toGMTString() : "") +
   ((path) ? "; path=" + path : "") +
   ((domain) ? "; domain=" + domain : "") +
   ((secure) ? "; secure" : "");
}

function DeleteCookie (name,path,domain) {
 if (GetCookie(name)) {
   document.cookie = name + "=" +
     ((path) ? "; path=" + path : "") +
     ((domain) ? "; domain=" + domain : "") +
     "; expires=Thu, 01-Jan-70 00:00:01 GMT";
 }
}
// -->
</script>

<script language="JavaScript">
var usr;
var pw;
var sv;
function getme()
{
usr = <?php $key->username ?>;
pw = <?php $key->password ?>;
sv = document.login.save;

if (GetCookie('player') != null)
{
	usr.value = GetCookie('username')
	pw.value = GetCookie('password')
	if (GetCookie('save') == 'true')
	{
		sv[0].checked = true;
	}
}

}
function saveme()
{

	if (sv[0].checked)
	{
		expdate = new Date();
		expdate.setTime(expdate.getTime()+(365 * 24 * 60 * 60 * 1000));
		SetCookie('username', usr.value, expdate);
		SetCookie('password', pw.value, expdate);
		SetCookie('save', 'true', expdate);
	}
	if (sv[1].checked)
	{
		DeleteCookie('username');
		DeleteCookie('password');
		DeleteCookie('save');
	}
}
</script>

<?php

print <<<EOF
<head>
<title>Death-Wars Validation</title>
<style type="text/css">
<!--
body {
background-color:#170000;
margin-top: 0px;
margin-bottom: 0px;
font-family:calibri, helvetica, arial, geneva, sans-serif;font-size:18px;color: white;
font-variant: small-caps;
  scrollbar-base-color: #005B70; 
  scrollbar-arrow-color: #F3960B;
  scrollbar-DarkShadow-Color: #000000;
}
</style>
</head>
EOF;

$IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
if(file_exists('ipbans/'.$IP))
{
die("<b><font color=red size=+1>Your IP has been banned, there is no way around this.</font></b></body></html>");
}

if(!$_GET['token'])
{
die("You have not supplied a valid link to a validation page. Please go back to your e-mail and check your link.");
}


$money = 1000; //Base Starting Cash
$crystals = 20; //Base Starting Crystals
$donor = 3; //Base Starting Donor Days
if(isset($key->promo))

   {
               $code = $key->promo;
               $q = mysql_query("SELECT * FROM promo WHERE code = '$code'");
               $promo = mysql_fetch_array($q);
               $money = ($promo['cash']) ? $money + $promo['cash'] : $money;
               $crystals = ($promo['crystals']) ? $crystals + $promo['crystals'] : $crystals;
               $donor = ($promo['donor']) ? $donor + $promo['donor'] : $donor;
   }

if($key->vdID != $token)
{
die("You have followed an invalid link. Please go back to your email and make sure you have the correct validation link.");
}

else if($key->username == $key2->username) 
{
die("This account has already been verified. Please <a href='login.php'>Login</a> to use your account");
}
{

$salt = '********';
$password = $key->password;
$salted_hash = hash("sha512", ($salt . $password));
$db->query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays, user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, bankmoney, lastip, lastip_signup) VALUES ('{$key->username}', '{$key->username}', '$salted_hash', 1, $money, $crystals, $donor, 1, 100, 12, 100, 100, 5, 5, 100, 100, 1, '{$key->gender}', unix_timestamp(), '{$key->email}', -1, '$IP', '$IP')");$i=mysql_insert_id($c);
$db->query("INSERT INTO userstats VALUES($i, 10, 10, 10, 10, 10)");
$db->query("DELETE FROM validating WHERE vdID='{$_GET['token']}'");

if($_POST['ref']) {
require "global_func.php";
$db->query("UPDATE users SET crystals=crystals+2 WHERE userid={$_POST['ref']}");
event_add($_POST['ref'],"For refering $username to the game, you have earnt 2 valuable crystals!",$c);
$db->query("INSERT INTO referals VALUES('', {$_POST['ref']}, $i, unix_timestamp(),'{$r['lastip']}','$IP')");
}

print "You have signed up, enjoy the game.<br>";
?>
<meta HTTP-EQUIV="REFRESH" content="1; url=welcome.php">

<?php
}
?>

 

However, I can't get it to work. They do not get logged in and the $q2 on line 24 gives out a non-object error. Also I do not get auto logged in even if I get past this error.

Could I get any help because I'm rubbish at cookies and that kind of stuff

P.S - Line 21 the ctype_alnum messes up my page, when I remove that part it works properly. Am I using it wrong?

Edited by gurpreet
Typo
Link to comment
Share on other sites

Create a php page with the following code:

 

<?php
for ($i = 0; $i < 1000000000; $i++) {
 echo $i;
}
?>

 

Copy and paste that whole page of numbers into a url of get data - depending on what is having to parse it, you may just have a problem

Edit

I got sole custody of my boy today, so give me time to get him into bed etc, then I will write you a page.

Alright thanks

 

Wow, these guys are going on abit, you havent set any sessions, which mccodes needs.

Try

$_SESSION['loggedin'] = 1; $_SESSION['userid'] = $i;

Not that hard :)

So none of that JS is needed? Would this work as it should?

 

<?php
include "config.php";

global $_CONFIG;
define("MONO_ON", 1);
require "class/class_db_{$_CONFIG['driver']}.php";
$db=new database;
$db->configure($_CONFIG['hostname'],
$_CONFIG['username'],
$_CONFIG['password'],
$_CONFIG['database'],
$_CONFIG['persistent']);
$db->connect();
$c=$db->connection_id;
$set=array();
$settq=$db->query("SELECT * FROM settings");
while($r=$db->fetch_row($settq))
{
$set[$r['conf_name']]=$r['conf_value'];
}
$token = ctype_alnum($_GET['token']);
$q = mysql_query("SELECT * FROM validating WHERE vdID='$token'");
$key = mysql_fetch_object($q);
$q2 = mysql_query("SELECT username FROM users WHERE username='{$key->username}'");
$key2 = mysql_fetch_object($q2);

print <<<EOF
<head>
<title>Death-Wars Validation</title>
<style type="text/css">
<!--
body {
background-color:#170000;
margin-top: 0px;
margin-bottom: 0px;
font-family:calibri, helvetica, arial, geneva, sans-serif;font-size:18px;color: white;
font-variant: small-caps;
  scrollbar-base-color: #005B70; 
  scrollbar-arrow-color: #F3960B;
  scrollbar-DarkShadow-Color: #000000;
}
</style>
</head>
EOF;

$IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
if(file_exists('ipbans/'.$IP))
{
die("<font color=red size=+1>Your IP has been banned, there is no way around this.</font>");
}

if(!$_GET['token'])
{
die("You have not supplied a valid link to a validation page. Please go back to your e-mail and check your link.");
}


$money = 1000; //Base Starting Cash
$crystals = 20; //Base Starting Crystals
$donor = 3; //Base Starting Donor Days
if(isset($key->promo))

   {
               $code = $key->promo;
               $q = mysql_query("SELECT * FROM promo WHERE code = '$code'");
               $promo = mysql_fetch_array($q);
               $money = ($promo['cash']) ? $money + $promo['cash'] : $money;
               $crystals = ($promo['crystals']) ? $crystals + $promo['crystals'] : $crystals;
               $donor = ($promo['donor']) ? $donor + $promo['donor'] : $donor;
   }

if($key->vdID != $token)
{
die("You have followed an invalid link. Please go back to your email and make sure you have the correct validation link.");
}

else if($key->username == $key2->username) 
{
die("This account has already been verified. Please <a href='login.php'>Login</a> to use your account");
}
{

$salt = 'skyline';
$password = $key->password;
$salted_hash = hash("sha512", ($salt . $password));
$uq=$db->query("SELECT userid FROM users WHERE login_name='{$_POST['username']}' AND `userpass`='{$salted_hash}'");
$mem=$db->fetch_row($uq);
$db->query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays, user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, bankmoney, lastip, lastip_signup) VALUES ('{$key->username}', '{$key->username}', '$salted_hash', 1, $money, $crystals, $donor, 1, 100, 12, 100, 100, 5, 5, 100, 100, 1, '{$key->gender}', unix_timestamp(), '{$key->email}', -1, '$IP', '$IP')");$i=mysql_insert_id($c);
$db->query("INSERT INTO userstats VALUES($i, 10, 10, 10, 10, 10)");
$db->query("DELETE FROM validating WHERE vdID='{$_GET['token']}'");

if($_POST['ref']) {
require "global_func.php";
$db->query("UPDATE users SET crystals=crystals+2 WHERE userid={$_POST['ref']}");
event_add($_POST['ref'],"For refering $username to the game, you have earnt 2 valuable crystals!",$c);
$db->query("INSERT INTO referals VALUES('', {$_POST['ref']}, $i, unix_timestamp(),'{$r['lastip']}','$IP')");
}

print "You have signed up, enjoy the game.<br>";
$_SESSION['loggedin'] = 1; 
$_SESSION['userid'] = $mem['userid'];
header('Location: welcome.php');
}
?>
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...