Using autologin functions

Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

I am thinking of creating an autologin function for a module. I would create a field in my module member table named nuke_username and make it the same as the username in nuke_users which is varchar (25).

Then do some compare between nuke_users and nuke_milpacs_members to see if I have any matches on user_names and nuke_username. If I do then I set a session for access. What are the security concerns for doing this?

Something along this is what I'm thinking:

Code:

//Mod for autologin of MILPACS members 


   


   $nukeusername = $db->sql_fetchrow($db->sql_query("SELECT username from ".$prefix."_users where user_id='$user_id'"));


   $query = "SELECT * FROM ".$prefix."_milpacs_members WHERE nuke_username =$nukeusername";


   $result = $db->sql_query($query);


   if ($row = $db->sql_fetchrow($result)) {


       @session_destroy();


       session_start();


       $_SESSION['loggedin1'] = 1;


      Header("Location: modules.php?name=MILPACS&file=viewdrill");


   } else {


       @session_destroy();


       session_start();


       $_SESSION['loggedin1'] = 0;      


       Header("Location: modules.php?name=MILPACS&file=accessdenied");


    }


    die();

Posted: Fri Feb 03, 2006 10:18 am

Can somebody help me out here?

This is what I have so far.

This is the checkuser.php which I think sets the session.

Code:

<? 


if (!eregi("modules.php", $PHP_SELF )) {


   die ("You can't access this file directly...");


    }





   $nukeusername = $db->sql_fetchrow($db->sql_query("SELECT username from ".$prefix."_users where user_id='$user_id'"));


    $query = "SELECT * FROM ".$prefix."_milpacs_members WHERE nuke_username =$nukeusername";


   $result = $db->sql_query($query);


   if ($row = $db->sql_fetchrow($result)) {


       @session_destroy();


       session_start();


       $_SESSION['loggedin1'] = 1;      


       Header("Location: modules.php?name=MILPACS&file=viewdrill");


    } else {


       @session_destroy();


       session_start();


       $_SESSION['loggedin1'] = 0;      


       Header("Location: modules.php?name=MILPACS&file=accessdenied");


    }


    die();


?>

For each page I make private I use a common.php and call this function.

Code:

if (!milpacs_is_user())


{


    Header("Location: modules.php?name=MILPACS&file=accessdenied");


}

I include common.php in all my private pages.

Code:

<?


if (stristr($_SERVER['SCRIPT_NAME'], "common.php")) {


    Header("Location: ../index.php");


    die();


}





session_start();





function milpacs_is_user()


{


    global $db, $prefix;





   if (isset($_SESSION['loggedin1']) AND $_SESSION['loggedin1'] == 1)


    {


   $nukeusername = $db->sql_fetchrow($db->sql_query("SELECT username from ".$prefix."_users where user_id='$user_id'"));


   $query = "SELECT * FROM ".$prefix."_milpacs_members WHERE nuke_username =$nukeusername";


      $result = $db->sql_query($query);


      if ($row = $db->sql_fetchrow($result)) {


           return true;


        } else {


           return false;


        }


    } else {


       return false;


    }


}


?>

My username on the site is Donovan [3rd ID] which I have as nuke_username in my milpacs_members table. I just need to find a way to match these two fields and set a session for access to private pages in my module. Like I said I want to move away from using another password and just use this method.

Is it secure?

Edit**

Would this work instead?

Code:

$nukeusername = $db->sql_fetchrow($db->sql_query("SELECT username FROM ".$user_prefix."_users WHERE username='$username'"));


    $query = "SELECT * FROM ".$prefix."_milpacs_members WHERE nuke_username =$nukeusername";

Posted: Fri Feb 03, 2006 2:27 pm

My latest iteration of this.

Code:

<? php 





if (!eregi("modules.php", $PHP_SELF )) {


   die ("You can't access this file directly...");


    }   





   global $prefix, $db;





   $userinfo = getusrinfo($user); 


   $nukeusername = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_milpacs_members WHERE nuke_username='$userinfo['username']'"));


    $result = $db->sql_query($nukeusername);


   if (!$result) {


      echo("<p>Error performing query: " . mysql_error() . "</p>");


      exit();      


   }


   if ($row = $db->sql_fetchrow($result)) {


       @session_destroy();


       session_start();


       $_SESSION['loggedin1'] = 1;      


       Header("Location: modules.php?name=MILPACS&file=viewdrill");


    } else {


       @session_destroy();


       session_start();


       $_SESSION['loggedin1'] = 0;      


       Header("Location: modules.php?name=MILPACS&file=accessdenied");


    }


    die();


?>

Almost there I hope.

Posted: Fri Feb 10, 2006 9:27 am

Can anybody give me an assist on this?

registered · Posted: Fri Feb 10, 2006 1:30 pm

Mm I think the query isn't being executed correclty

Try

Code:




$nukeusername = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_milpacs_members WHERE nuke_username='".$userinfo['username']."'"));

Posted: Fri Feb 10, 2006 4:23 pm

Give me a blank screen at checkuser.

Posted: Fri Feb 10, 2006 4:44 pm

Seems that it should work. Guess try two statements then

Code:




$nukeusername = $userinfo['username'];


$nukeusername = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_milpacs_members WHERE nuke_username='".$nukeusername."'"));

Posted: Sat Feb 11, 2006 9:53 am

Have you tried echoing out the value of $nukeusername before you do the query and comparing it to the values in your milpacs_members table? And maybe doing a numrows on the results of the query to see if it's finding any records?

I have similar functions in a custom module I wrote and here's how I get username ... basically we are both using code from areas of mainfile.php.

Code:

     if(!is_array($user)) {


   $user = addslashes($user);


   $user = base64_decode($user);


   // echo 'user before explode ' . $user . '<br>';


   $user = explode(":", $user);


    $uid = "$user[0]";


      $username = "$user[1]";


      if ($username != $_SESSION['username']) {


      $_SESSION['username'] = $username;


         unset($_SESSION['mem']);


         }


   $pwd = "$user[2]";


   $email = "$user[3]";


     $uid = addslashes($uid);


      $uid = intval($uid);


      }

I'm setting session variables similarly to the way you are and it works just fine in my two custom modules. Part of the code I'm using I just appropriated from mainfile.

Here's some other code I use following the determination of $uid, in case it might be helpful:
[code]
$sql = "SELECT username, user_email FROM ".$user_prefix."_users WHERE user_id='$uid'";

if( !($result = $db->sql_query($sql)) )
{
$error = $db->sql_error();
$msg = $error[code] . ' ' . $error[message];
$msg .= "<br> for the following sql: ".$sql."";
die($msg);
}

$row = $db->sql_fetchrow($result);
$email = stripslashes($row['user_email']);
$username = stripslashes($row['username']);
$sql = "SELECT Member, Household_Number, Lname FROM ".$user_prefix."_members WHERE E_Mail_Address ='$email' OR Member='$mem'";
if( !($result2 = $db->sql_query($sql)) )
{
$error = $db->sql_error();
$msg = $error[code] . ' ' . $error[message];
$msg .= "<br> for the following sql: ".$sql."";
die($msg);
}
$num = $db->sql_numrows($result2);
if ($num != "0") {
$row2 = $db->sql_fetchrow($result2);
$mem = stripslashes($row2['Member']);
}
[/code]

My members table looks to be similar to your milpacs_members in function. And sorry, I can't get the code tags to work even after editing this several times.

Posted: Sun Feb 12, 2006 3:26 pm

I can echo back my username.

Code:

$nukeusername = $userinfo['username'];


if (!$nukeusername) {


      echo("<p>Error performing query: " . mysql_error() . "</p>");


      exit();


   } 





echo "$nukeusername";

This however gives me back an array.

Code:




$match = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_milpacs_members WHERE nuke_username='".$nukeusername."'"));

Posted: Mon Feb 13, 2006 11:28 am

You are right. Fetchrow returns an associative array with the field names and their corresponding values in it. So to get the value of nuke_username out of it I believe you need to do:

$x = $match('nuke_username');

where x is whatever you want to use as a variable name.

or better;

$x = stripslashes($match('nuke_username'));

in case you've put in slashes to escape single quotes in names.

Posted: Mon Feb 13, 2006 12:15 pm

I even tried it this way.

Code:

$sql = "SELECT * FROM ".$prefix."_milpacs_members WHERE nuke_username='$nukeusername'"; 


   $result = $db->sql_query($sql); 


   if ($db->sql_numrows($result) > 0) { 


etc


etc

But it is still not working. I am being sent to the accessdenied.php page.

I think this code is correct and something else is going on.

Posted: Mon Feb 13, 2006 12:26 pm

My viewdrill page looked like this.

Code:

if (stristr($_SERVER['SCRIPT_NAME'], "viewdrill.php")) {


    Header("Location: ../../index.php");


    die();


}


require_once("common.php");





if (!milpacs_is_user())


{


    Header("Location: modules.php?name=MILPACS&file=checkuser");


}

Until I changed it to look like this.

Code:

if ( !defined('MODULE_FILE') )


{


   die("You can't access this file directly...");


}


require_once("common.php");





if (!milpacs_is_user())


{


    Header("Location: modules.php?name=MILPACS&file=checkuser");


}

Now I get a:

Quote:

Forbidden
You don't have permission to access /modules.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

...when I try to access checkuser.php

The milpacs_is_user() is a function that checks whether or not the session is set.

Am I digging myself a deeper hole or making progress?

Laughing

Posted: Mon Feb 13, 2006 12:29 pm

My error log says:

Quote:

client denied by server configuration: /home/xxxxxxx/public_html/modules.php

Posted: Mon Feb 13, 2006 2:22 pm

Way back at the start of your code you listed something like this:

Code:

   $nukeusername = $db->sql_fetchrow($db->sql_query("SELECT username from ".$prefix."_users where user_id='$user_id'"));


    $query = "SELECT * FROM ".$prefix."_milpacs_members WHERE nuke_username =$nukeusername";


   $result = $db->sql_query($query);


   if ($row = $db->sql_fetchrow($result)) {


       @session_destroy();


       session_start();


       $_SESSION['loggedin1'] = 1;      


       Header("Location: modules.php?name=MILPACS&file=viewdrill");


    } else {


       @session_destroy();


       session_start();


       $_SESSION['loggedin1'] = 0;      


       Header("Location: modules.php?name=MILPACS&file=accessdenied");


    }


    die();

Are you still using that? If so, then I believe we've seen that $nukeusername will be an array and not the value of the username and thus the accessdenied file will be called.

If not, then the only other thing I can think of is that maybe you have yourself banned. But that doesn't make sense because otherwise you wouldn't even get that far (I was thinking banned in htaccess). What's in the accessdenied file? I take it that's a file with the name accessdenied within the module named MILPACS.

The only other thing I can think of doing is to stick some echoes into the tops of mainfile and sentinel.php just stating something like "got to mainfile" and "got to sentinel" respectively. Then if you get into sentinel work your way down thru the functions with echoes "got to function X" till you find the one that's denying you and then look at the logic there.