Windows update is showing the last update as Aug 3rd. That's what I thought initially, an update breaking permissions to the temp folder but I don't think that's the case.
The login script hits the correct if branches (if post user & pass) and then uses the following:
- Code: Select all
$session_id = md5($user . microtime());
$expiry = date('Y-m-d H:i:s', time() + 3600);
$sql = "insert into sessions (id, user, expiry, session) values (null, '$user', '$expiry', '$session_id')";
$query = $mysql->query($sql);
setcookie('[company name]_login', $session_id, time() * 3600);
#echo "Welcome, $user.<br/>";
$logged_in = true;
This is in a try/catch block that isn't finding any exceptions. The SQL generated works fine as well (eg, no variables passed are empty/null).
The way the login page works is that it is included in all secured scripts (at the top). When $logged_in === true, the rest of the secured script can load, otherwise it outputs the login form and dies. When you login, it works fine except for setting the actual cookie - so the initial page load works as expected, but once you navigate around in the intranet, you are asked to login each time.
I'm using cookie editor in Firefox to confirm that the cookie is not being set.
As any web dev, I'm using all the browsers I can - Chrome, FF, IE, Opera, Safari.. even Lynx under cygwin. Nothing is working. I've restarted apache on both production and dev machines with the same results.
EDIT: Also, I've checked the insertions in to the table via phpmyadmin - that's working as expected as well.