Session and Cookies Modification trouble...

Started by Hyperion (noobKID), March 03, 2013, 10:59:01 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.


ShadoW69

well from the error its saying that the column 'e5035533a816cac4c54012281f58543d' doesnt exists which of course not cuz thats thats the hashed password so i have no clue of what is going on...  :o
the sql code is ok, no need to change anything... so i dont really know... without source code and sql table setup cant really tell you anything but if your saying that ur using v3 as basecode than im not sure what is going on... maybe you have an extra quote while escaping it, i dont know...

Hyperion (noobKID)

#11
lol, getting this now:

Unknown column 'e5035533a816cac4c54012281f58543d' in 'where clause'

'Oo.,.. SQL:

Code (mysql) Select
SELECT * FROM users WHERE username = {$uname} AND passhash = {$passhash} AND enabled = 'yes' AND status = 'confirmed'

-.-'

ShadoW69

#10
when your logining out, you can call both of the logout functions, because you want to make sure that both the login datas are unset( the cookie and the session)
so this will just do fine

Code (php) Select
require_once("include/bittorrent.php");
session_start();
ob_start();
//dbconn();//to run over the $CURUSER var and DB-conn....//no need
logout_session();
logoutcookie();
header("Location: login.php");


now regarding ur sql, i forgot that sqlesc already puts quotes around the value that is being escaped :P (its just a habit for me to put quotes, escaping it manually when not using prepared statments ), so just to patch it up use this sql, notice that there aren`t any quotes around

Code (php) Select
$query = "SELECT * FROM users WHERE username = {$uname} AND passhash = {$passhash} AND enabled = 'yes' AND status = 'confirmed'";

Hyperion (noobKID)

#9
ok, tested the code you provided for fun today on a beta-running, so to speak.

it gave me an error on the takelogin.php file...
everything looks ok, just that im using a normal MD5 still... i dont wonna do anything just yet with that till later, when done the login and everything works correct. i will take care of the security, right now i have my eyes on why it will not log me in.

and besides that, i tried to make the logout file also. just for fun meanwhile waiting for an answer to come into my head.

anyhow, this was my solution to the logout, wonna clarifie for me if im right about that part?:

Code (php) Select
require_once("include/bittorrent.php");
session_start();
ob_start();
dbconn();//to run over the $CURUSER var and DB-conn...

if( !userlogin_cookie() )//if not this one,
{
logout_session();//take sessions logout first...
}
else
{
logoutcookie();//else take this one...
}//If/Else statement ends...

//header("Refresh: 0; url=login.php");
Header("Location: login.php");



takelogin.php file:

Code (php) Select
/*==========RUN LOGIN PROCEDURE===============*/
$uname = sqlesc($_POST['username']); /*Form Names...*/
$pass = sqlesc($_POST['password']); /*Form Names...*/

if(isset($pass))
{
$passhash = md_5($pass); /*Securing The Data...*/
}

$query = "SELECT * FROM users WHERE username = '{$uname}' AND passhash = '{$passhash}' AND enabled = 'yes' AND status = 'confirmed'";

$query_result = mysql_query($query)or die(mysql_error());//Running query to the DB...


/*
$HTMLOUT .= "Username = " . $uname . "<br />";
$HTMLOUT .= "pass = " . $pass . "<br />";
$HTMLOUT .= "MD5 pass = " . $passhash . "<br />";
$HTMLOUT .= "Query = " . $query . "<br />";
$HTMLOUT .= "Query Result = " . $query_result . "<br />";
*/

if(mysql_num_rows($query_result) == 1)/*if the DB returns somfthing, then run...*/
{
$row = mysql_fetch_array($query_result, MYSQL_ASSOC);

if(isset($_POST['cookie_login']))
{
logincookie($row['u_id'], $row['passhash'], true);
}else{
login_session($row['u_id'], $row['passhash'], true);

}//ending else statement...
header('Refresh: 3; url=index.php');//with time delay...
}
else/*Error messeage...*/
{
$HTMLOUT .= "<center>Error reading login-session coding base, or a wrong username/pass inserted...</center>";
header('Refresh: 3; url=login.php');//with time delay...
}


as you see, i followed your example(s), and should be working fine, that is how i see it at least. but when i try to login, i see this:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Hyperion'' AND passhash = 'e5035533a816cac4c54012281f58543d' AND enabled = 'yes'' at line 1

i think its because i added '{32841}' to the sql on user AND pass.. not sure, but thinking that is why, ideas maybe?...

ShadoW69

in short :P
1. yes, its like creating a cookie only difference is that your storing the cookie uid and pass on the server in the form of a session. also to avoid some notices you need to create a function that gets ur session values... something like this.

Code (php) Select
function get_mysession( $name ){
        if( isset( $_SESSION[$name] ) ){
               $sess = trim( $_SESSION[$name] );
               if( !empty( $sess ) ){
                        return $sess;
                }
                return false;
        }
        return false;
}


so instead of $_SESSION['uid'] you will write get_mysession( 'uid' ), $_SESSION['pass'] => get_mysession( 'pass' )

2. yes, because of the cookie(get request) PHPSESSID which controls ones session, so you can only log out someone if you know there session id.

3. yes, you can keep using $CURUSER but you need to make sure to that your app switches smartly from cookie check to session check, that they wont override each other. referance in my second post.

Hyperion (noobKID)

ahh, ok. thanks!.

now i understand! X)...
but just to clarifie...

1.
i will use the set_session function to create normal sessions... and i basicly just need 2, cos all the other things will be generated into the $CURUSER variable via dbconn... right?...

2.
the sessions_destroy function will not take ALL users out, just the one that clicks on it and is currently logged in to the tracker from his computer screen... right?...

and the rest i think i understood pretty clear, i will test tomorrow to see if its working after a few changes if i find any to change. if not, well... should be fine as a test for now! X)...

and ohh, one thing more..

the loggedinorreturn function, if i write if(!$CURUSER), and then set it to return to login.php file.
the $CURUSER will then stand for both of them.. right?, i mean, cookies, AND sessions from the current pc. right?.

i mean, a var is a var... there should be no difference in that part... right?...

ShadoW69

since you sad that you want to use the curuser global var, there is no point in storing the same data in the session as well, so you dont need a loop for that. so you will be using further the $CURUSER in your app. yeah thats what i asked about in the first post is md_5 a custom function, answer: yes :P
now regarding multiple session from the same account, i told you before that your confusing memcached with session. i havent really dug under the hood of memcache cuz i dont have the time to do so, and back to the session. when creating a session a cookie name PHPSESSID will be created with a value of some random chars and numbers. this will be the unique id of the current session that this user has, if another user logs in from another place using the same method, session, than he will have another unique session id, so that the 2 sessions dont collide and dont get mixed up. if cookies are disabled that there will be a get request with the same name PHPSESSID=mumbojumbostring. now this is the way session hijacking works i send you a known session id(my mumbojumbostring), you login using that session id and i(the hacker) instantly(when you login in) have access to ur session. if i call session_destroy the other user wont be logged out because our session ids differ so only my session will end.
you asked why do i unset the session and destroy it after? well there are some servers (dont ask reference cuz i dont remember) where by calling session_destroy will not unset $_SESSION or the $GLOBALS['_SESSION'] so its better to unset it, i mean what does it cost???  ::) also keep in mind that if you want to completely destroy the session delete the cookie associated with it as well(php.net reference in the bittorrent that i posted).
finally, this is important, keep in mind that the session is stored on the server(by default in tmp), meaning it uses disk space so the more data you have in your session the more space is used on your hard drive.
so an ex would be this...
sess_mumbojumbostring [ 152 bytes ] <-- this is my session file which is stored in tmp[by default]

abstract|s:13:"my funny name";name_of_my_name|s:13:"my funny name";id_of_my_id|s:11:"my funny id";the_clown_ate_my_pie|s:25:"my funny clown is a smush";

in the session you would have something like this

Code (php) Select
$_SESSION['abstract'] = 'my funny name';
$_SESSION['name_of_my_name'] = 'my funny name';
$_SESSION['id_of_my_id'] = 'my funny id';
$_SESSION['the_clown_ate_my_pie'] = 'my funny clown is a smush';


now multiply this be 100(users) = 152.100 bytes ~ 150kilobytes, now if your session gets larger, meaning a lot of data ex 150kb * 100 ~ 1.5mb
and than multiply this by 1000 ~ 15mb, that may not be as much but its just something to give you an idea about how session works

Hyperion (noobKID)

#5
thanks, will test it when im getting home.
but what i ment with a foreach loop inside the session_login, was that instead of saying set_mysession ect, i would instead let the foreach loop take ALL the data for me, so im not having a repeating function that will fill like a hell of lines ect later on...

understanding now?, and possible?...

EDIT: and about the security, its the point of the md_5... its a function inside the password file...
i also have a sha_1 as a function, coz i have plans on expanding the security later on so i can use them on many places at once.. including the salt method X)...

and ohh, one thing more, i see that you are simply unsetting the session when logging out...
but could also destroy, does the destroy session not unset ALL the current user sessions ect?...
like if 2 users are logged in at the tracker, they will both be destroyed with their sessions?.

ShadoW69

this is the typo im talking about

Code (php) Select
        if(isset($pass))
        {
                $passhash = md_5($pass); /*Securing The Data...*/
        }


shouldn`t be

Code (php) Select
        if(isset($pass))
        {
                $passhash = md5($pass); /*Securing The Data...*/
        }


takelogin with a little fix
Code (php) Select

    /*  ...  */
    /*==========RUN LOGIN PROCEDURE===============*/
            $uname = sqlesc($_POST['username']); /*Form Names...*/
            $pass = sqlesc($_POST['password']); /*i wonder is this escaped when magic quotes are enabled?!?*/
     
            if(isset($pass)) ### $pass will alway be set this way, cuz you already defined it in the upper row you should check if its empty or not, same with $uname
            {
                   $salt = 'mySUg4r3xtraSpic31S4LT'; ### this should be moved to config.php or to password_functions.php, it will be used again
                   $passhash = md5( $salt . md5( $salt . $pass) ); /*USE SOME SPICEY SALT FOR PASSWORD*/
            }
     
            $query = "SELECT * FROM users WHERE username = '{$uname}' AND passhash = '{$passhash}' AND enabled = 'yes' AND status = 'confirmed'"; ### <-- vars inside curly brackets for readability
     
            $query_result = mysql_query($query)or die(mysql_error());//now on a live site you re-he-heeelly shouldnt let the user know about your backend errors, this includes file paths and/or anything related.
     
     
    /*
    $HTMLOUT .= "Username = " . $uname . "<br />";
    $HTMLOUT .= "pass = " . $pass . "<br />";
    $HTMLOUT .= "MD5 pass = " . $passhash . "<br />";
    $HTMLOUT .= "Query = " . $query . "<br />";
    $HTMLOUT .= "Query Result = " . $query_result . "<br />";
    */
     ### dont know why you want this??? just for testing?
    $HTMLOUT .= "Username = " . $uname . "<br />";
    $HTMLOUT .= "pass = " . $pass . "<br />";
    $HTMLOUT .= "MD5 pass = " . $passhash . "<br />";
    $HTMLOUT .= "Query = " . $query . "<br />";
    $HTMLOUT .= "Query Result = " . $query_result . "<br />";
     
     
            if(mysql_num_rows($query_result) == 1)/*if the DB returns somfthing, then run...*/
            {
                    #$row = mysql_fetch_array($query_result);
                    # seeing that you wont be using any numeric index you shouldn`t be "wasting" this function
                    # so you can pass in another param to just get the associated index "MYSQL_ASSOC" or  switch to *_fetch_assoc
                    #$row = mysql_fetch_array($query_result, MYSQL_ASSOC);
                    $row = mysql_fetch_assoc($query_result);
                   
                    if(isset($_POST['cookie_login']))
                    {
                    logincookie($row['u_id'], $row['passhash'], true);
                    }else{
                    login_session($row['u_id'], $row['passhash'], true);
     
    /*
                    $_SESSION['uid'] = $row['u_id'];
                    $_SESSION['username'] = $row['username'];
                    $_SESSION['pass'] = $row['passhash'];
                    $_SESSION['pass_key'] = $row['passkey'];
                    $_SESSION['status'] = $row['status'];
                    $_SESSION['u_avatar'] = $row['user_avatar'];
                    $_SESSION['register_date'] = $row['added'];
                    $_SESSION['enabled'] = $row['enabled'];
                    $_SESSION['email'] = $row['email'];
                    $_SESSION['ip'] = $row['ip'];
                    $_SESSION['class'] = $row['class'];
                    $_SESSION['time_offset'] = $row['time_offset'];
                    $_SESSION['dst_in_use'] = $row['dst_in_use'];
                    $_SESSION['auto_correct_dst'] = $row['auto_correct_dst'];
    */
     
                    }//ending else statement...
                    header('Refresh: 3; url=index.php');//with time delay...
            }
            else/*Error messeage...*/
            {
            $HTMLOUT .= "<center>Error reading login-session coding base, or a wrong username/pass inserted...</center>";
            header('Refresh: 3; url=index.php');//with time delay...
            }


on short these are the changes that i recommend for takelogin, now before when i wrote that i lost my post, i was ranting about to many files :P, i prefer to keep all specific page related stuff in one file, ex. login.php should contain both the takelogin and the login markup as well... now there can be a couple of way to do this, but i just prefer it all in one file, keep in mind that when dealing with large files it is recommanded to split your code up into sections and/or include them as needed...
next up your bittorrent.php

Code (php) Select
function userlogin_session() {
    global $MT;
    unset($GLOBALS["CURUSER"]);

    if ( !$MT['site_online'] || !$_SESSION['uid'] || !$_SESSION['pass'] )
        return false;

    $id = 0 + $_SESSION['uid'];
    $ip = getip(); # using v3 function; now im not sure, but i think the long ip is stored in db
    $ip = ip2long($ip);

    if (!$id || strlen( $_SESSION['pass'] ) != 32)
        return false;

    $res = mysql_query("SELECT * FROM users WHERE u_id = $id AND enabled='yes' AND status='confirmed'");
    $row = mysql_fetch_assoc($res);

    if (!$row)
        return false;

    if ($_SESSION['pass'] !== $row["passhash"])
        return false;

    mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE u_id=" . $row["id"]);

    $row['ip'] = $ip;
    $GLOBALS["CURUSER"] = $row;
    return true;
}

function login_session($id, $passhash, $update_user_db = 0)
{
        set_my_session( "uid", $id );
        set_my_session( 'pass', $passhash );

        if ($update_user_db == 1)
        {
                @mysql_query("UPDATE users SET last_login = ".TIME_NOW." WHERE u_id = $id");
        }
}

function set_my_session( $name, $value )
{
       if( session_id() == '' ){ # check if session is set and start it if necesary
               session_start();
       }
       $_SESSION[$name] = $value;
### I TOLD YOU YOUR OVER THINKING IT ALL LOL :P
### what would be the point of it?? i still dont get what ur trying to do...
### dont confuse memcache with session if thats what ur thinking...
/*
$query = mysql_query("SELECT * FROM users WHERE u_id = $id");
$result = mysql_query($query)or die(mysql_error());//Running query to the DB...

if(mysql_num_rows($result) == 1)//if the DB returns somfthing, then run...
{
        $row = mysql_fetch_assoc($result);
        /*FOREACH CODE HERE...*/
}//end if statement...
*/
}

function logout_session() {
        //unset_my_session('VARIABLE HERE...');
        //$_SESSION = array(user id here, would be most wise.); //Unsetting all of the session variables in an array...
        ### nope, nothing like that ^_^
        ### just like this...
        unset( $_SESSION['uid'] );
        unset( $_SESSION['pass'] );
        ### OR
        #unset( $_SESSION );
        session_destroy(); # http://www.php.net/manual/en/function.session-destroy.php
}


now if your session isnt started and error_reporting is on, you will get some notices :P, but to prevent that you may create a function similar to get_mycookie(check if session index is set, its not empty)
after all the re-reading i still cant figure out what do you mean by needing a loop, and give value to what??? r u trying to do memcache(d) job with session??? :o
anyways i think this ber all the changes you could make also  make sure ur switching correctly from user check. if you decide to put the user check in dbconn function it should be something like this

Code (php) Select
function dbconn()
{
    global $MT;

    if (!@mysql_connect($MT['mysql_host'], $MT['mysql_user'], $MT['mysql_pass']))
    {
          switch (mysql_errno())
          {
                case 1040:
                case 2002:
                        if ($_SERVER['REQUEST_METHOD'] == "GET")
                                die("<html><head><meta http-equiv='refresh' content=\"5 $_SERVER[REQUEST_URI]\"></head><body><table border='0' width='100%' height='100%'><tr><td><h3 align='center'>The server load is very high at the moment. Retrying, please wait...</h3></td></tr></table></body></html>");
                        else
                                die("Too many users. Please press the Refresh button in your browser to retry.");
        default:
            die("[" . mysql_errno() . "] dbconn: mysql_connect: " . mysql_error());
      }
    }
    mysql_select_db($MT['mysql_db'])
        or die('dbconn: mysql_select_db: ' . mysql_error());
    if( !userlogin_cookie() ){
            userlogin_session();
    }
}


so basicaly your checking to see if the cookie system is used, since no cookie is set go for sessions , this way your not overwriting anything ex $CURUSER, now for this to work you need to set a return value of false for each of the returns in userlogin_cookie and userlogin_session and at the en where your setting the global $CURUSER

Code (php) Select
$GLOBALS["CURUSER"] = $row;

you need to return a value of true;

Code (php) Select
$GLOBALS["CURUSER"] = $row;
return true;


i already added the values to userlogin_session all u need to do is add them to userlogin_cookie as well
PS: good thing i didnt backspaced out again :P ::)

Hyperion (noobKID)

well, its a start. thanks! :)....
also, what you mean with

(possible typo in takelogin md_5 => md5 ?)...

i am making MD5 in the takelogin.php file if that is what you are asking me...
and now i would just need the login_session function to work and logout...

so a question pops up into my head, could it be possible to make a foreach loop saying that foreach output from the users-table, it will make the var $name as name from the table_row from users table, and value actually the same, since i would be needing names AND rows to give them values, what you think?, a better way maybe?...

ShadoW69

#2
okay so i F..... pressed backspace while not in the textarea and my post got lost... >:(
all in short change get_mycookie to session something like this... $ip var isnt set, possible typo in takelogin md_5 => md5 ?
Code (php) Select

function userlogin_session() {
    global $MT;
    unset($GLOBALS["CURUSER"]);

    if ( !$MT['site_online'] || !$_SESSION['uid'] || !$_SESSION['pass'] )
        return;

    $id = 0 + $_SESSION['uid'];

    if (!$id || strlen( $_SESSION['pass'] ) != 32)
        return;

    $res = mysql_query("SELECT * FROM users WHERE u_id = $id AND enabled='yes' AND status='confirmed'");
    $row = mysql_fetch_assoc($res);

    if (!$row)
        return;

    if ($_SESSION['pass'] !== $row["passhash"])
        return;

    mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE u_id=" . $row["id"]);

    $row['ip'] = $ip;
    $GLOBALS["CURUSER"] = $row;
    $_SESSION['uid'] = $row['id'];   ### depends where you want to set it
    $_SESSION['pass'] = $row['pashash'];   ### depends where you want to set it
}


ps: sorry but i spend like half an hour (highly possible that even more) writing the post and lost it so im agitated right now...  :(

Hyperion (noobKID)

Hello U-232.
i have recently been trying to make my own little modification.
and since its NOT a TBdev project, but on my own, AND still looks ALOT like the TBdev Coding style, i would like to add it into here.

so, this is what i have been doing so far.
here we go.

first off, i have been taking ALL the basic cookie login/logout/$CURUSER functions so the stuff could be working properly, and right now im still coding the things/functions, so no clue yet if its working or not.

anyhow. the idea was that i would be adding a check-box to the login page for the user to check.
if the box is checked, it will be using cookies functions for logging in with, if not, it will use session functions to login with.

here is my takelogin.php file:

Code (php) Select
require_once("include/bittorrent.php");
require_once ("include/password_functions.php");
session_start();
ob_start();

$HTMLOUT .= "<center><img class='img_center' src='pics/login_loading.gif'></center>";
$HTMLOUT .= "<center>Loading...</center>";

/*==========RUN LOGIN PROCEDURE===============*/
$uname = sqlesc($_POST['username']); /*Form Names...*/
$pass = sqlesc($_POST['password']); /*Form Names...*/

if(isset($pass))
{
$passhash = md_5($pass); /*Securing The Data...*/
}

$query = "SELECT * FROM users WHERE username = $uname AND passhash = '$passhash' AND enabled = 'yes' AND status = 'confirmed'";

$query_result = mysql_query($query)or die(mysql_error());//Running query to the DB...


/*
$HTMLOUT .= "Username = " . $uname . "<br />";
$HTMLOUT .= "pass = " . $pass . "<br />";
$HTMLOUT .= "MD5 pass = " . $passhash . "<br />";
$HTMLOUT .= "Query = " . $query . "<br />";
$HTMLOUT .= "Query Result = " . $query_result . "<br />";
*/

$HTMLOUT .= "Username = " . $uname . "<br />";
$HTMLOUT .= "pass = " . $pass . "<br />";
$HTMLOUT .= "MD5 pass = " . $passhash . "<br />";
$HTMLOUT .= "Query = " . $query . "<br />";
$HTMLOUT .= "Query Result = " . $query_result . "<br />";


if(mysql_num_rows($query_result) == 1)/*if the DB returns somfthing, then run...*/
{
$row = mysql_fetch_array($query_result);

if(isset($_POST['cookie_login']))
{
logincookie($row['u_id'], $row['passhash']);
}else{
login_session();

/*
$_SESSION['uid'] = $row['u_id'];
$_SESSION['username'] = $row['username'];
$_SESSION['pass'] = $row['passhash'];
$_SESSION['pass_key'] = $row['passkey'];
$_SESSION['status'] = $row['status'];
$_SESSION['u_avatar'] = $row['user_avatar'];
$_SESSION['register_date'] = $row['added'];
$_SESSION['enabled'] = $row['enabled'];
$_SESSION['email'] = $row['email'];
$_SESSION['ip'] = $row['ip'];
$_SESSION['class'] = $row['class'];
$_SESSION['time_offset'] = $row['time_offset'];
$_SESSION['dst_in_use'] = $row['dst_in_use'];
$_SESSION['auto_correct_dst'] = $row['auto_correct_dst'];
*/

}//ending else statement...
header('Refresh: 3; url=index.php');//with time delay...
}
else/*Error messeage...*/
{
$HTMLOUT .= "<center>Error reading login-session coding base, or a wrong username/pass inserted...</center>";
header('Refresh: 3; url=index.php');//with time delay...
}


so that part 'should' be working as i see it, not tested yet since i would like to finish the other functions first so i can go for error checking after the hard-job is over.

now, here is my bittorrent.php file with required functions i am needing for this job to be done [STILL WORKING ON IT, SO DONT FREAK OUT SINCE THERE IS ALOT OF CODING NEEDED FOR THIS TO BE DONE]:

Code (php) Select
/*LOGIN/LOGOUT FUNCTIONS...*/
function dbconn()
{
    global $MT;

    if (!@mysql_connect($MT['mysql_host'], $MT['mysql_user'], $MT['mysql_pass']))
    {
  switch (mysql_errno())
  {
case 1040:
case 2002:
if ($_SERVER['REQUEST_METHOD'] == "GET")
die("<html><head><meta http-equiv='refresh' content=\"5 $_SERVER[REQUEST_URI]\"></head><body><table border='0' width='100%' height='100%'><tr><td><h3 align='center'>The server load is very high at the moment. Retrying, please wait...</h3></td></tr></table></body></html>");
else
die("Too many users. Please press the Refresh button in your browser to retry.");
        default:
        die("[" . mysql_errno() . "] dbconn: mysql_connect: " . mysql_error());
      }
    }
    mysql_select_db($MT['mysql_db'])
        or die('dbconn: mysql_select_db: ' . mysql_error());
}

/*
function loggedinorreturn() {
if (!$CURUSER) {
header("Location: login.php");
exit();
}
}
*/

function loggedinorreturn() {
global $CURUSER, $MT;

if (!$CURUSER)
{
//header("Location: {$MT['baseurl']}/login.php?returnto=" . urlencode($_SERVER["REQUEST_URI"]));
header("Location: {$MT['baseurl']}/login.php?returnto");
exit();
}
}

/*=====================================*/

function userlogin_cookie() {
    global $MT;
    unset($GLOBALS["CURUSER"]);

    if ( !$MT['site_online'] || !get_mycookie('uid') || !get_mycookie('pass') )
        return;

    $id = 0 + get_mycookie('uid');

    if (!$id || strlen( get_mycookie('pass') ) != 32)
        return;

    $res = mysql_query("SELECT * FROM users WHERE u_id = $id AND enabled='yes' AND status='confirmed'");
    $row = mysql_fetch_assoc($res);

    if (!$row)
        return;

    if (get_mycookie('pass') !== $row["passhash"])
        return;

    mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE u_id=" . $row["id"]);

    $row['ip'] = $ip;
    $GLOBALS["CURUSER"] = $row;
}

function logincookie($id, $passhash, $updatedb = 0, $expires = 0x7fffffff)
{
//setcookie("uid", $id, $expires, "/");
//setcookie("pass", $passhash, $expires, "/");
set_mycookie( "uid", $id, $expires );
set_mycookie( "pass", $passhash, $expires );

if ($updatedb)
{
@mysql_query("UPDATE users SET last_login = ".TIME_NOW." WHERE u_id = $id");
}
}

function set_mycookie( $name, $value="", $expires_in=0, $sticky=1 )
    {
global $MT;

if ( $sticky == 1 )
    {
      $expires = time() + 60*60*24*365;
    }
else if ( $expires_in )
{
$expires = time() + ( $expires_in * 86400 );
}
else
{
$expires = FALSE;
}

$MT['cookie_domain'] = $MT['cookie_domain'] == "" ? ""  : $MT['cookie_domain'];
    $MT['cookie_path']   = $MT['cookie_path']   == "" ? "/" : $MT['cookie_path'];
     
if ( PHP_VERSION < 5.2 )
{
      if ( $MT['cookie_domain'] )
      {
        @setcookie( $MT['cookie_prefix'].$name, $value, $expires, $MT['cookie_path'], $MT['cookie_domain'] . '; HttpOnly' );
      }
      else
      {
        @setcookie( $MT['cookie_prefix'].$name, $value, $expires, $MT['cookie_path'] );
      }
    }
    else
    {
      @setcookie( $MT['cookie_prefix'].$name, $value, $expires, $MT['cookie_path'], $MT['cookie_domain'], NULL, TRUE );
    }

}

function get_mycookie($name)
    {
      global $MT;
     
    if ( isset($_COOKIE[$MT['cookie_prefix'].$name]) AND !empty($_COOKIE[$MT['cookie_prefix'].$name]) )
    {
    return urldecode($_COOKIE[$MT['cookie_prefix'].$name]);
    }
    else
    {
    return FALSE;
    }
}

function logoutcookie() {
    //setcookie("uid", "", 0x7fffffff, "/");
    //setcookie("pass", "", 0x7fffffff, "/");
    set_mycookie('uid', '-1');
    set_mycookie('pass', '-1');
}

/*=====================================*/
/*=====================================*/
/*=====================================*/

function userlogin_session() {
    global $MT;
    unset($GLOBALS["CURUSER"]);

if ( !$MT['site_online'] )
{
return;
}

$id = 0;

$res = mysql_query("SELECT * FROM users WHERE u_id = $id AND enabled='yes' AND status='confirmed'");
$row = mysql_fetch_assoc($res);// or die(mysql_error());

if (!$row)
{
return;
}

mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE u_id=" . $row["id"]);

$row['ip'] = $ip;
$GLOBALS["CURUSER"] = $row;
}

function login_session($update_user_db = 0)
{
//set_my_session( "uid" );
set_my_session();//Run this!...

if ($update_user_db == 1)
{
@mysql_query("UPDATE users SET last_login = ".TIME_NOW." WHERE u_id = $id");
}
}

function set_my_session( $name )
{

$query = mysql_query("SELECT * FROM users WHERE u_id = $id");
$result = mysql_query($query)or die(mysql_error());//Running query to the DB...

if(mysql_num_rows($result) == 1)/*if the DB returns somfthing, then run...*/
{
$row = mysql_fetch_assoc($result);
/*FOREACH CODE HERE...*/
}//end if statement...

}

/*
function unset_my_session()
{
unset($_SESSION['{$session_name}']);
}
*/

function logout_session($id) {
//unset_my_session('VARIABLE HERE...');
//$_SESSION = array(user id here, would be most wise.); //Unsetting all of the session variables in an array...
//session_destroy(); //Destroy all the sessions currently running...
}
/*=====================================*/
/*LOGIN/LOGOUT FUNCTIONS...*/


so as you see, i have only taken out the most things needed to take out of the original functions of the TBdev Cookies functions so it would fit in to the code so it should be working, now i wish to kinda do an another way with the sessions, still so i am able to use this ($CURUSER) on the code later on also, and yes, its having nothing to do with the login functions and all that, but it does with dbconn function, wich are comming later on.

anyhow. the login_session function is the one to be used for logging in the user in the idea, and im using set_my_session function to set the sessions. and here comes my problem. how can i take out ALL my user-data from the user-table, and make them into sessions?, i was wondering about a foreach loop... but not sure how to write it in. and besides that, it has to fit to the logout_session function, so i would properly have to use the user id from the user table in the DB to create an external kinda array with the user id number from the database itself. in this way it will not interfear with an another users data if one is logging in at the same time with the other user. and that ID i now need to log the user out, with other words. deleting that array with the surten ID to locate that array. so, as you see. i could need a little push in the bag, or a boost of some sort to get myself back on track again. thanks, much appreciated if possible! :).

PS: i still need the $CURUSER variable to work also, so if possible to give an idea or 2 on how to get that working (the userlogin_session function), that could be awsome also!, i have been thinking about how to get the S-H-I-T to be working.

thanks ALOT! if possible! :).
thanks, much appreciated! :).