0 Replies Latest reply on Aug 14, 2007 12:51 PM by not very clever

    Login timeout not 10 minutes as expected

    not very clever Level 1
      I have the following code which should allow admins to login and stay logged in for upto 10 minutes, but it seems that they get logged out a lot sooner?

      please can someone advise what could be wrong with this code i have.


      thanks in advance.


      (please note that it is still in test mode and will have the bits changed to make sure i do not get any mysql injections, i just wanted to get the code in a working state first before getting into security features.)

      [code]
      <?php //auth.php
      session_start();
      // still need to sanitise login inputs, auth.php file
      header("Cache-control: private");
      if($_POST) {
      $_SESSION['username'] = trim($_POST[username]);
      $password = trim($_POST[password]);
      $res = mysql_query("SELECT username FROM admins WHERE username = '".$_SESSION['username']."' AND passwordfield = '$password' LIMIT 1") or die(mysql_error());

      //if user is valid
      if(mysql_num_rows($res) == 1) {

      $maxtimeonline = 10*600;

      $datetimenow = time();
      $res = mysql_query("UPDATE admins SET lastloginip = '$ip', lastlogindatetime = '$datetimenow' WHERE username = '".$_SESSION['username']."' LIMIT 1") or die(mysql_error());
      header("Location: index.php" . $_SESSION['gets']);
      } else {
      unset($_SESSION['username']);
      header("Location: index.php");
      }

      } elseif (isset($_SESSION['username'])) {
      $res = mysql_query("SELECT lastlogindatetime FROM admins WHERE username = '".$_SESSION['username']."' LIMIT 1") or die(mysql_error());
      $lastlogin = mysql_result( $res, 0 ,'lastlogindatetime');

      $maxtimeonline = 10*600;

      $datetimenow = time();
      $dif = $datetimenow - $lastlogin; // this is the line that needs the function to work out the difference.
      if ($dif >= $maxtimeonline) {
      unset($_SESSION['username']);
      header("Location: index.php");
      } else {
      $res = mysql_query("UPDATE admins SET lastlogindatetime = '$datetimenow' WHERE username = '".$_SESSION['username']."' LIMIT 1") or die(mysql_error());
      header("Location: index.php" . $_SESSION['gets']);
      }
      }
      mysql_close;
      ?>
      [/code]