I've updated an application that I am working on to use PHPass instead of md5. I am using sessions, so when a user logs in, at some point they get reset to another user. I am not sure what is causing this issue, so some help is greatly appreciated. Below is my login function:
function pm_login($username, $password, $remember = NULL) {
$hasher = new PasswordHash(8, FALSE);
$user = strtolower(pmdb::connect()->escape($username));
$pass = pmdb::connect()->escape($password);
$results = pmdb::connect()->get_row( "SELECT * FROM ". DB ."members WHERE username = '$user'" );
// Use to set cookie session for domain.
$cookiedomain = $_SERVER['SERVER_NAME'];
$cookiedomain = str_replace('www.', '', $cookiedomain);
if(isset($_POST['login'])) {
if($hasher->CheckPassword($pass, $results->password)) {
do_action( 'pm_login_form_script' );
$_SESSION['logged'] = 1; // Sets the session.
$_SESSION['username'] = $results->username; // Sets the username session.
$_SESSION['userID'] = $results->user_id;
$_SESSION['remember_me'] = $remember; // Sets a remember me cookie if remember me is checked.
if(isset($remember)){
setcookie("pm_cookname", $user, time()+60*60*24*120, "/", $cookiedomain);
setcookie("pm_cookpass", md5($pass), time()+60*60*24*120, "/", $cookiedomain);
}
pm_redirect(PM_URI . "/index.php");
} else {
setcookie("pm_cookname", $user, time()+3600*24);
setcookie("pm_cookpass", md5($pass), time()+3600*24);
}
pm_redirect(PM_URI . "/index.php");
}
return apply_filter( 'login', $username, $password, $remember );
}