2022-06-26, 10:18 AM
This following php script return if is correct or incorrect the username and password and save the session with my_setcookie working perfectly in localhost, but in production just return if is correct or incorrect the username and password and BUT NOT save the session, if I reload the page not saved the session
Also tried with
Best regards
function login($info,$resultadoint=0){
global $plugins,$mybb,$db,$templates,$config;
$datos=explode("|",$info);
$inline_errors = "";
$plugins->run_hooks("member_do_login_start");
// Is a fatal call if user has had too many tries
$errors = array();
$logins = login_attempt_check();
require_once "./InteractU/inc/functions_user.php";
require_once "./InteractU/inc/datahandlers/login.php";
$loginhandler = new LoginDataHandler("get");
$user = array(
'username' => $datos[0],
'password' => $datos[1],
'remember' => "yes",
'imagestring' => ""
);
$user_loginattempts = get_user_by_username($user['username'], array('fields' => 'loginattempts'));
$user['loginattempts'] = (int)$user_loginattempts['loginattempts'];
$loginhandler->set_data($user);
$validated = $loginhandler->validate_login();
if($validated==1){
$mybb->user = get_user($loginhandler->login_data['uid']);
my_setcookie("mybbuser", $mybb->user['uid']."_".$mybb->user['loginkey'], null, false, "lax");
$usuario=$mybb->user['username'];
$logout=md5($mybb->user['loginkey']);
/*if($mybb->user['usergroup']==4){
eval('$adminpanelvinc= "'.$templates->get('TD_ajax_adminvinc').'";');
}*/
$adminpanelvinc="";
eval('$resultado= "'.$templates->get('SP_HTML_Head_Logeado').'";');
/*if($resultadoint==1){
$resultado=2;
}*/
}else{
$db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '".$db->escape_string(my_strtolower($user['username']))."'", 1, true);
$user_loginattempts = get_user_by_username($user['username'], array('fields' => 'loginattempts'));
$user['loginattempts'] = (int)$user_loginattempts['loginattempts'];
if($user['loginattempts']<5){
$resultado=0;
}
if($user['loginattempts']>5){
$resultado=1;
}
}
return $resultado;
}
Also tried with
function login($info,$resultadoint=0){
global $db, $templates, $mybb, $session, $settings, $mybbgroups, $user, $config;
$datos=explode("|",$info);
$errors = array();
$logins = login_attempt_check(1);
//require_once "./InteractU/inc/datahandlers/login.php";
//$loginhandler = new LoginDataHandler("get");
require_once "./InteractU/inc/functions_user.php";
$query = $db->simple_select("users", "loginattempts", "LOWER(username)='".$db->escape_string(my_strtolower($datos[0]))."'", array('limit' => 1));
$loginattempts = $db->fetch_field($query, "loginattempts");
if($loginattempts > 5 || intval($mybb->cookies['loginattempts']) > 5){
$resultado=1;
}
$user = validate_password_from_username($datos[0], $datos[1]);
if (!$user['uid']) {
my_setcookie('loginattempts', $logins + 1);
$db->write_query("UPDATE ".TABLE_PREFIX."users SET loginattempts=loginattempts+1 WHERE username = '".$datos[0]."'");
$resultado=0;
} else {
//This function is give me a error.
//$loginhandler->complete_login();
$options = array('fields' => array('uid', 'username', 'password', 'salt', 'loginkey'));
$usuario_info = get_user_by_username($datos[0], $options);
//$usuario=$usuario_info['loginkey'];
$usuario=$datos[0];
$logout=md5($usuario_info['loginkey']);
my_setcookie('loginattempts', 1);
$db->update_query("users", array("loginattempts" => 1), "uid='{$usuario_info['uid']}'");
// Delete old session entry
$db->delete_query("sessions", "ip='" . $db->escape_string($session->ipaddress) . "' AND sid != '" . $session->sid . "'");
// Create a new session and save it in the database
$newsession = array("uid" => $usuario_info['uid']);
$db->update_query("sessions", $newsession, "sid='" . $session->sid . "'");
// Temporarily set the cookie remember option for the login cookies
//$mybb->user['remember'] = $user['remember'];
// Set essential login cookies
/*
$remember = null;
if(!isset($mybb->input['remember']) || $mybb->input['remember'] != "yes")
{
$remember = -1;
}
my_setcookie("mybbuser", $usuario_info['uid']."_".$usuario_info['loginkey'], null, false, "lax");
//if($this->sid && (!isset($mybb->cookies['sid']) || $mybb->cookies['sid'] != $this->sid) && $this->is_spider != true)
//{
my_setcookie("sid", $session->sid, true, true);
//}
$resultado=$usuario_info['loginkey'];
eval('$resultado= "'.$templates->get('SP_HTML_Head_Logeado').'";');
}
return $resultado;
}
Best regards