this is rediculous, my cookies are being remembered for the forgot password reset page, but no other page
heres my code for the session.php that is on top of all php files:
<?php
if (isset($_POST['luser'])) // has the header login form been posted?
{
foreach ($_POST as $field => $value)
$$field = htmlspecialchars(trim($value), ENT_QUOTES);
$lpassmd5 = md5($lpass);
if (mysql_result(mysql_query("select count(*) from users where username='$luser' and password='$lpassmd5'"), 0) != 0)
{
$_SESSION['username'] = $luser;
$_SESSION['password'] = $lpassmd5;
setcookie('username', $luser, time() + (365 * 24 * 60 * 60));
setcookie('password', $lpassmd5, time() + (365 * 24 * 60 * 60));
}
else
{
$lerror = 'Invalid username and/or password';
}
}
else
{
$luser = 'Username';
$lpass = 'Password';
}
if (isset($_SESSION['username']))
{
$cuser = $_SESSION['username'];
$cpass = $_SESSION['password'];
}
else if (isset($_COOKIE['username']))
{
$cuser = $_COOKIE['username'];
$cpass = $_COOKIE['password'];
}
$loggedin = false;
if (isset($cuser))
{
$sql = mysql_query("select * from users where username='$cuser' and password='$cpass'");
if (mysql_num_rows($sql) != 0)
{
while ($row = mysql_fetch_assoc($sql))
{
$myid = $row['id'];
$myusername = $row['username'];
$mypassword = $row['username'];
$mypoints = $row['points'];
$loggedin = true;
}
}
}
?>
heres my code for the forgot password reset page:
<?php
if ($loggedin)
header("Location: $url");
$id = $_GET['id'];
$hash = $_GET['hash'];
if (mysql_result(mysql_query("select count(*) from users where id='$id' and forgotpass='$hash'"), 0) != 0)
{
$newpass = substr($hash, 2, 5);
$newpassmd5 = md5($newpass);
$forgotpass = md5($newpassmd5);
mysql_query("update users set password='$newpassmd5', forgotpass='$forgotpass' where id='$id'");
}
else
{
die('problem');
}
?>
