authlite.inc.php

A website for keeping track of wishes for your character in WoW Users are able to make a user accoun

<?php
//THIS VERSION JUST CHECKS/SETS SESSION, NO LOGIN. for returning visits
//use on pages with authed/unauthed versions
session_start();
include "conn.inc.php";
include "magickey.inc.php";

if (
	//IS THE SESSION IS VALID?
	(isset($_SESSION['user_logged']) && $_SESSION['user_logged'] != "") || 
    (isset($_SESSION['magickey']) &&  $_SESSION['magickey'] == $magickey)
	) 
{  // YES = Do Nothing!
// "have session-";
}
else 
{
	// "no session, looking for cookie-";
	//NO = look for cookie
	if (isset($_COOKIE['wishlogin']) && $_COOKIE['wishlogin'] != "")
	{
		// "have cookie, examining-";
		$cookiearr = explode("__", $_COOKIE['wishlogin']);
		// "cookie=[".$_COOKIE['wishlogin']."]";
		// "a0[".$cookiearr[0]."] a1[".$cookiearr[1]."]a2[".$cookiearr[2]."]" ;
		$s_username = addslashes($cookiearr[0]);
		$s_logintoken = addslashes($cookiearr[1]);
		$query = "SELECT * FROM users WHERE '".$s_username."' = username AND '".$s_logintoken."' = logintoken";
		$result = mysql_query($query) or die(mysql_error());
		
		if (mysql_num_rows($result) == 1 && $cookiearr[2] == $magickey)
		{
			// cookie is good
			//set session
			$_SESSION['user_logged'] = $cookiearr[0];
			$_SESSION['magickey'] = $magickey;
			
			//set up a new cookie
			$token = mt_rand();
			$s_session_user_logged = addslashes($_SESSION['user_logged']);
			$tokenquery = "UPDATE users SET logintoken = '".$token."' WHERE username = '". $s_session_user_logged."' LIMIT 1;";
			$tokenresult = mysql_query($tokenquery) or die(mysql_error());
			setcookie("wishlogin", $_SESSION['user_logged']."__".$token."__".$magickey, time()+60*60*24*60 );
		}
		else
		{
			// "cookie doesn't match";
		}
	}
	else
	{
		// no session or cookie
	}
}
?>