0

i'm trying to do a login working with cookies, but can't make it work, because i got an infinite loop everytime, already blown my head thinking how to fix it. Just like this it will show everything perfect, store cookies and redirect to panel.php but the the validations doesn't work anymore i can enter to every modules like index.php?do=module

UPDATE session cookie it's a ramdon value saved in the database after the user login, and then it's stored in the cookie to be compared everytime. I use $_COOKIE["session"] to look for user info when needed as it's dynamically changed everytime it log in.

Core.php

if (! defined ( 'SRCP' )) {
die ( "Error" );
}
@include_once (CORE_DIR. '/security/check.loged.php');
// i was trying to set a variable to tell the script to do not check again, so the loop will break, but i just got a blank page.
if (!$conectado='si') {
header("Location: index.php?do=login");
 }
//recive and store, i was going to use the $_GET inside the switch, but that loop got me
if (isset($_GET['do'])) {
$do = $_GET['do'];
}
switch ( $do ) {

case "panel" :
    include_once CORE_DIR . '/modulos/panel.php';
    break;
case "login" :
    include_once CORE_DIR . '/modulos/login.php';
    break;
default:
    include_once CORE_DIR . '/modulos/login.php';
    break;
}

check.login.php

if (! defined ( 'SRCP' )) {
 die ( "Error" );
}
if (isset($_COOKIE["id_usuario"]) && isset($_COOKIE["session"])){

if ($_COOKIE["id_usuario"]!="" || $_COOKIE["session"]!=""){

    $query = "  SELECT  ID, 
                        password,
                        salt,
                        correo,
                        logueado
                FROM    usuarios 
                WHERE   cookie = :cookie 
             "; 
    $query_params = array( 
        ':cookie' => $_COOKIE['session'] 
    ); 

    try{ 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex){ 
      //echo the error.
            } 
    $row = $stmt->fetch();
    $conectado='si';
}
else{
  $conectado='no';
}
}

inside the panel, i have no php code, because i will include it inside this index.php file.

define ( 'SRCP', true );
define ( 'ROOT_DIR', dirname ( __FILE__ ) );
define ( 'CORE_DIR', ROOT_DIR . '/core' );
require_once ROOT_DIR . '/core/core.php';

EDIT: fixed it. Had to remake the code in check.loged.php

$row = $stmt->fetch();
if($row['logueado']=='SI'){
  $login_ok = true;
}else{
  $login_ok = 0;
}
Jose CastilLo Stronghold
  • 69
  • 1
  • 1
  • 10
  • if there's no user logged in. There will be no cookie, when he login `id` and `session` it's created with data from the database `session` it's random. But as the file `core.php` it's loaded everytime `index.php` update to a new module will check the login and will stuck inside the loop. – Jose CastilLo Stronghold Jan 30 '16 at 22:25
  • Right, but it's a cookie, i just use it to tell if the generated code it's the same in the `$_COOKIE["session"]` and the database. all cookies are destroyed when the user hits log out. – Jose CastilLo Stronghold Jan 30 '16 at 22:39
  • Yes, if he hits remember me, i did place the life of the cookie to 1y just to test, if he don't want to remember the session, it's destroyed when he close the browser. – Jose CastilLo Stronghold Jan 30 '16 at 22:47
  • i save $_cookie[session] content in database and another field in the database "logged=yes/no". i check if the user is trying to log in with an user that's already logged and show an error. – Jose CastilLo Stronghold Jan 30 '16 at 22:56

1 Answers1

0

In core.php, this is not right:

if (!$conectado='si') { // this is setting a value instead of comparing
    header("Location: index.php?do=login");
}

Shoud be:

if ($conectado != 'si') { ... }

or also

if ($conectado == 'no') { ... }
CJ Nimes
  • 648
  • 7
  • 10