Trouble Authenticate User Encryption Error?
Today, I'm using WA for the first time. Started using the SA wizzard to create login pages - two different ways.
First without encryption - login works!
Second with encryption - Login page goes to a blank EmailPW.php page.
I've been reading the forums and tried:
- changing User Authentication
- checking database field names
- reconfiguring database password for encryption (not thru PHP script)
- checking session timeouts thru ISP using forum script - sessiontest.php
Stumped now - I'm giving some script to you. Sorry for the length. I'm not sure where to start. Hope you can help me.
Thanks in advance! Kathi
Login.php:
<?php require_once("../WA_SecurityAssist/WA_SHA1Encryption.php"); ?>
<?php require_once('../Connections/members.php');?>
<?php require_once( "../WA_SecurityAssist/Helper_PHP.php" ); ?>
<?php
if (isset($_POST["LogIn_x"]) && !isset($_POST["remembermeoption"])) {
setcookie("RememberMePWD", "", time()+(60*60*24*30), "/", "", 0);
}
?>
<?php
if (isset($_POST["LogIn_x"]) && !isset($_POST["remembermeoption"])) {
setcookie("RememberMeUN", "", time()+(60*60*24*30), "/", "", 0);
}
?>
<?php
if(isset($_POST["LogIn_x"])){
$WA_Auth_Parameter = array(
"connection" => $members,
"database" => $database_members,
"tableName" => "members",
"columns" => explode($WA_Auth_Separator,"UserEmail".$WA_Auth_Separator."UserPassword"),
"columnValues" => explode($WA_Auth_Separator,"".((isset($_POST["username"]))?$_POST["username"]:"") ."".$WA_Auth_Separator."".WA_SHA1Encryption(((isset($_POST["userpassword"]))?$_POST["userpassword"]:"")) .""),
"columnTypes" => explode($WA_Auth_Separator,"text".$WA_Auth_Separator."text"),
"sessionColumns" => explode($WA_Auth_Separator,"id"),
"sessionNames" => explode($WA_Auth_Separator,"id"),
"successRedirect" => "members_Profile.php",
"failRedirect" => "members_EmailPW.php",
"gotoPreviousURL" => TRUE,
"keepQueryString" => TRUE
);
WA_AuthenticateUser($WA_Auth_Parameter);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin
More...
____________________________________________________________________________
helper.php
<?php require_once( "HelperGroupsRulesPHP.php" ); ?>
<?php require_once( "Mail_PHP.php" ); ?>
<?php
if (!isset($_SESSION)) {
session_start();
}
$WA_Auth_Separator = "|§|";
function WA_AuthenticateUser($WA_Auth_Parameter){
$UserAuthenticated = false;
mysql_select_db($WA_Auth_Parameter["database"], $WA_Auth_Parameter["connection"]);
$WA_Auth_loginSQL = "SELECT `".implode('`,`', $WA_Auth_Parameter["sessionColumns"])."` FROM `".$WA_Auth_Parameter["tableName"]."` WHERE ";
for($idx=0;$idx<count($WA_Auth_Parameter["columns"]);$idx++){
$WA_Auth_loginSQL = sprintf($WA_Auth_loginSQL.(($idx!=0)?" AND ":" ")."`%s`=%s ", $WA_Auth_Parameter["columns"][$idx], WA_GetSQLValueString($WA_Auth_Parameter["columnValues"][$idx], $WA_Auth_Parameter["columnTypes"][$idx]));
}
$WA_Auth_RS = mysql_query($WA_Auth_loginSQL, $WA_Auth_Parameter["connection"]) or die(mysql_error());
$WA_Auth_Rows = mysql_num_rows($WA_Auth_RS);
if($WA_Auth_Rows){
$UserAuthenticated = true;
$idx = 0;
foreach ($WA_Auth_Parameter["sessionNames"] as $sessionName){
$_SESSION[$sessionName] = mysql_result($WA_Auth_RS,0,$WA_Auth_Parameter["sessionColumns"][$idx]);
$idx++;
}
if (isset($_GET['accesscheck'])) {
$WA_Auth_Parameter["successRedirect"] = $_GET['accesscheck'];
}
if($WA_Auth_Parameter["successRedirect"]!=""){
$WA_Auth_Parameter["successRedirect"] = WA_Auth_BuildRedirectURL($WA_Auth_Parameter["successRedirect"], $WA_Auth_Parameter["keepQueryString"], FALSE);
header("Location: ".$WA_Auth_Parameter["successRedirect"]);
exit();
}
}
if($WA_Auth_Parameter["failRedirect"]!=""){
$WA_Auth_Parameter["failRedirect"] = WA_Auth_BuildRedirectURL($WA_Auth_Parameter["failRedirect"], $WA_Auth_Parameter["keepQueryString"], FALSE);
header("Location: ".$WA_Auth_Parameter["failRedirect"]);
exit();
}
}
function WA_Auth_ClearSession($clearAll, $clearThese){
if($clearAll){
foreach ($_SESSION as $key => $value){
unset($_SESSION[$key]);
}
}
else{
foreach($clearThese as $value){
unset($_SESSION[$value]);
}
}
}
function WA_Auth_RestrictAccess($redirectURL){
$redirectURL = WA_Auth_BuildRedirectURL($redirectURL, FALSE, TRUE);
header("Location: ".$redirectURL);
exit();
}
function WA_Auth_ForgotPassword($WA_Auth_Parameter){
$selectColumns = array();
for($idx=0;$idx<count($WA_Auth_Parameter["selectColumns"]);$idx++){
if($WA_Auth_Parameter["selectColumns"][$idx]!=''){
$selectColumns[] = $WA_Auth_Parameter["selectColumns"][$idx];
}
}
$selectColumns[] = $WA_Auth_Parameter["usernameColumn"];
$selectColumns[] = $WA_Auth_Parameter["passwordColumn"];
$selectColumns[] = $WA_Auth_Parameter["toAddressColumn"];
mysql_select_db($WA_Auth_Parameter["database"], $WA_Auth_Parameter["connection"]);
$WA_Auth_ForgotSQL = "SELECT `".implode('`,`', $selectColumns)."` FROM `".$WA_Auth_Parameter["tableName"]."` WHERE `".$WA_Auth_Parameter["filterColumn"]."` =";
$WA_Auth_ForgotSQL = sprintf($WA_Auth_ForgotSQL." %s ", WA_GetSQLValueString($WA_Auth_Parameter["columnValue"], $WA_Auth_Parameter["columnType"]));
$WA_Auth_RS = mysql_query($WA_Auth_ForgotSQL, $WA_Auth_Parameter["connection"]) or die(mysql_error());
$WA_Auth_Rows = mysql_num_rows($WA_Auth_RS);
if($WA_Auth_Rows){
$row_WA_Auth_RS = mysql_fetch_assoc($WA_Auth_RS);
$WA_Auth_Parameter["mailBody"] = preg_replace("/\\n/", "\r\n", $WA_Auth_Parameter["mailBody"]);
for($idx=0;$idx<count($selectColumns);$idx++){
$WA_Auth_Parameter["mailBody"] = preg_replace("/\[".$selectColumns[$idx]."\]/", $row_WA_Auth_RS[$selectColumns[$idx]], $WA_Auth_Parameter["mailBody"]);
}
for($idx=0;$idx<count($WA_Auth_Parameter["sessionVariables"]);$idx++){
$WA_Auth_Parameter["mailBody"] = preg_replace("/\[Session\.".$WA_Auth_Parameter["sessionVariables"][$idx]."\]/", isset($_SESSION[$WA_Auth_Parameter["sessionVariables"][$idx]])?$_SESSION[$WA_Auth_Parameter["sessionVariables"][$idx]]:"", $WA_Auth_Parameter["mailBody"]);
}
if($WA_Auth_Parameter["fromAddressDisplay"]!=''){
$WA_Auth_Parameter["fromAddress"] = $WA_Auth_Parameter["fromAddress"].'|WA|'.$WA_Auth_Parameter["fromAddressDisplay"];
}
$WA_Auth_Parameter["toAddress"] = $row_WA_Auth_RS[$WA_Auth_Parameter["toAddressColumn"]];
call_user_func($WA_Auth_Parameter["emailFunction"], $WA_Auth_Parameter);
if($WA_Auth_Parameter["successRedirect"]!=""){
$WA_Auth_Parameter["successRedirect"] = WA_Auth_BuildRedirectURL($WA_Auth_Parameter["successRedirect"], $WA_Auth_Parameter["keepQueryString"], FALSE);
header("Location: ".$WA_Auth_Parameter["successRedirect"]);
exit();
}
}
else{
if($WA_Auth_Parameter["failRedirect"]!=""){
$WA_Auth_Parameter["failRedirect"] = WA_Auth_BuildRedirectURL($WA_Auth_Parameter["failRedirect"], $WA_Auth_Parameter["keepQueryString"], FALSE);
header("Location: ".$WA_Auth_Parameter["failRedirect"]);
exit();
}
}
}
function WA_Auth_BuildRedirectURL($redirectURL, $keepCurrentQueryString, $addDeniedURL){
if ($keepCurrentQueryString && $redirectURL != "" && isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] !== "") {
$redirectURL .= ((strpos($redirectURL, '?') === false)?"?":"&").$_SERVER["QUERY_STRING"];
}
if($addDeniedURL){
$WA_Auth_Referrer = $_SERVER['PHP_SELF'];
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0){
$WA_Auth_Referrer .= "?".$QUERY_STRING;
}
$redirectURL = $redirectURL.((strpos($redirectURL, "?"))?"&":"?")."accesscheck=".urlencode($WA_Auth_Referrer);
}
if(strpos($redirectURL, '/') === 0){
$redirectURL = 'http'.(($_SERVER["HTTPS"] && $_SERVER["HTTPS"]!="off")?"s":"").'://'.$_SERVER['HTTP_HOST'].$redirectURL;
}
return $redirectURL;
}
// Rules functions
function WA_Auth_RulePasses($ruleName){
return WA_Auth_RuleObject_EvaluateRules($ruleName);
}
function WA_Auth_RuleObject_EvaluateRules($ruleName){
$rulePasses = FALSE;
$comparisons = WA_Auth_GetComparisonsForRule($ruleName);
$compareLen = count($comparisons);
for($idx=0;$idx<$compareLen;$idx++){
$compareSucceeds = FALSE;
$comparison = $comparisons[$idx];
switch($comparison[2]) {
/*
1-9 Direct value comparisons
10-19 String Comparisons
20-29 List Comparisons
*/
case 1:
$compareSucceeds = ($comparison[1]==$comparison[3]);
break;
case 2:
$compareSucceeds = ($comparison[1]!=$comparison[3]);
break;
case 3:
$compareSucceeds = ($comparison[1]<$comparison[3]);
break;
case 4:
$compareSucceeds = ($comparison[1]<=$comparison[3]);
break;
case 5:
$compareSucceeds = ($comparison[1]>$comparison[3]);
break;
case 6:
$compareSucceeds = ($comparison[1]>=$comparison[3]);
break;
case 20:
$compareSucceeds = WA_Auth_GroupContainsValue($comparison[3], $comparison[1]);
break;
?>