stevenrfc Posted September 11, 2012 Share Posted September 11, 2012 Hello, I have all the up to date files for redux, but my login has been buggy, so i made a subdomain and uploaded all of the files to test it out but it seems to be still happening. When i login it says this "Elite Conflict Error Your request has expired for security reasons! Please try again. > Back" Note - I have not changed any of the login or anything important, i have made minor changes to the css and template file though. Normally this happens once and i can log in successfully the second time. But any help would be much appreciated Thank you :) Quote Link to comment Share on other sites More sharing options...
sniko Posted September 11, 2012 Share Posted September 11, 2012 Mind pasting the source of the process of login? Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted September 12, 2012 Share Posted September 12, 2012 Pretty sure this is because they packed the demo as the download version which then had a restriction in the code. Quote Link to comment Share on other sites More sharing options...
stevenrfc Posted September 18, 2012 Author Share Posted September 18, 2012 (edited) Oh, Sorry for the late reply Yeah here it is Authenticate require_once('Global/globals_nonauth.php'); // Check CSRF input if (!isset($_POST['verf']) || !verify_csrf_code('login', stripslashes($_POST['verf']))) { die( "<h3>{$set['game_name']} Error</h3> Your request has expired for security reasons! Please try again.<br /> <a href='login.php'>> Back</a>"); } // Check username and password input $username = (array_key_exists('username', $_POST) && is_string($_POST['username'])) ? $_POST['username'] : ''; $password = (array_key_exists('password', $_POST) && is_string($_POST['password'])) ? $_POST['password'] : ''; if (empty($username) || empty($password)) { die( "<h3>{$set['game_name']} Error</h3> You did not fill in the login form!<br /> <a href='login.php'>> Back</a>"); } $form_username = $db->escape(stripslashes($username)); $raw_password = stripslashes($password); $uq = $db->query( "SELECT `userid`, `userpass`, `pass_salt`, `email` FROM `users` WHERE `login_name` = '$form_username'"); if ($db->num_rows($uq) == 0) { $db->free_result($uq); die( "<h3>{$set['game_name']} Error</h3> Invalid username or password!<br /> <a href='login.php'>> Back</a>"); } else { $mem = $db->fetch_row($uq); $db->free_result($uq); $login_failed = false; // Pass Salt generation: autofix if (empty($mem['pass_salt'])) { if (hash('sha256', $raw_password) != $mem['userpass']) { $login_failed = true; } $salt = generate_pass_salt(); $enc_psw = encode_password($mem['userpass'], $salt, true); $e_salt = $db->escape($salt); // in case of changed salt function $e_encpsw = $db->escape($enc_psw); // ditto for password encoder $db->query( "UPDATE `users` SET `pass_salt` = '{$e_salt}', `userpass` = '{$e_encpsw}' WHERE `userid` = {$mem['userid']}"); } else { $login_failed = !(verify_user_password($raw_password, $mem['pass_salt'], $mem['userpass'])); } if ($login_failed) { die( "<h3>{$set['game_name']} Error</h3> Invalid username or password!<br /> <a href='login.php'>> Back</a>"); } session_regenerate_id(); $_SESSION['loggedin'] = 1; $rand_num = rand(1, 100000); $_SESSION['multi_login'] = md5($mem['email'] . $rand_num); $_SESSION['userid'] = $mem['userid']; $IP = $db->escape($_SERVER['REMOTE_ADDR']); $db->query( "UPDATE `users` SET `lastip_login` = '$IP', `last_login` = " . $_SERVER['REQUEST_TIME'] . " , `SESSION_num` = " . $rand_num . " WHERE `userid` = {$mem['userid']}"); if ($set['validate_period'] == "login" && $set['validate_on']) { $db->query( "UPDATE `users` SET `verified` = 0 WHERE `userid` = {$mem['userid']}"); } header("Location: index.php?page=loggedin"); exit; } Edited September 18, 2012 by stevenrfc Quote Link to comment Share on other sites More sharing options...
dnenb Posted February 5, 2013 Share Posted February 5, 2013 I'm having this problem with v2 - does anyone know what causes this? Quote Link to comment Share on other sites More sharing options...
dnenb Posted February 12, 2013 Share Posted February 12, 2013 Anyone? The login works in Internet Exlorer, but not with Chome. :( Quote Link to comment Share on other sites More sharing options...
sniko Posted February 12, 2013 Share Posted February 12, 2013 I doubt it will be because of a browser. The code that stops the login process is an explicit check on a CSRF code. Have a read of this thread. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.