I'm having problems with the following bit of php that I got from a tutorial and editied a bit:
<?php
// connect to server, database, table.
include ("db_connect.php");
// valid login credentials
$username = 'admin';
$password = 'admin_pass';
// grab current time
$time=time();
// handle the logout event
if ($logout == true) {
setcookie ("user", md5($_POST[user]), $time-3200);
setcookie ("pass", md5($_POST[pass]), $time-3200);
header("Location: index.php");
}
// handle validation event
if ($_POST[user] && $_POST[pass]) {
$user_data = mysql_fetch_array(mysql_query("select USER_ID, USER_NAME, USER_PASS from user_table where USER_NAME='$_POST[user]' and USER_PASS='$_POST[pass]'"));
if ($user_data[USER_ID] > 0) {
setcookie ("user", md5($user_data[USER_NAME]));
setcookie ("pass", md5($user_data[USER_PASS]));
header("Location: index.php");
} else { $login_error= true; }
}
// handle login event, both successful and erroneous, or show login screen
if ($login_error == true) { ?>
<table align=center style="font-family:arial; font-size:12; border:1 solid #000000;">
<tr><td align=center bgcolor=#123dd4>LOGIN ERROR</td></tr>
<tr><td align=center><b>Invalid Username and/or Password</b><br><br><a href=http://www.htmlforums.com/archive/index.php/index.php>Back</a></td></tr>
</table>
<?
} elseif ($_COOKIE[user] == md5($user_data[USER_NAME]) && $_COOKIE[pass] == md5($user_data[USER_PASS])) { ?>
<table align=center style="font-family:arial; font-size:12; border:1 solid #000000;">
<tr><td align=center bgcolor=#123dd4>SECURE AREA</td></tr>
<tr><td align=right><a href=http://www.htmlforums.com/archive/index.php/index.php?logout=true>Logout</a></td></tr>
<tr><td>You have successfully logged in.<br><br>
Encrypted Username: <b><?= $_COOKIE[user] ?></b><br>
Encrypted Password: <b><?= $_COOKIE[pass] ?></b><br>
</td></tr>
</table>
<?
} else {
?>
<form action=index.php method=post>
<table align=center style="font-family:arial; font-size:12; border:1 solid #000000;">
<tr><td colspan=2 align=center bgcolor=#123dd4>LOGIN</td></tr>
<tr><td align=right>Username: </td><td><input type=text name=user size=15></td></tr>
<tr><td align=right>Password: </td><td><input type=password name=pass size=15></td></tr>
<tr><td align=center colspan=2><input type=submit value=Login></td></tr>
</table>
</form>
<?
}
?>
The bit in bold is what isn't working. Everything else is fine - it says when you put and incorrect username/password. But when you enter a correct one, it creates the cookie, but still takes you back to the login page and not the secure area. So I'm guessing theres something wrong with the secure area elseif statement - but I don't know what cos I'm a bit of a php/mysql newb.
Could someone help me out please?as far as i can tell, you not checking the cookie early enough in the script..
the order should be:
1. check for sessions -
if session is open, then display content.
2. check for cookies -
if cookie is present, display content and set session.
3. check for post (from login) -
a) if login is valid, and "remember me" is requested set, then set cookie, set session and display content.
b) if login is valid, but no "remember me", then set session and display content.
4. if none of the above apply, show login.Thanks for the reply, but I found a really good login/registration script to use instead.
This is it incase anyone wants to check it out:
<!-- m --><a class="postlink" href="http://www.evolt.org/article/PHP_Login_Script_with_Remember_Me_Feature/17/60265/index.htmlwith">http://www.evolt.org/article/PHP_Login_ ... x.htmlwith</a><!-- m --> that code you have here will never work lie you want. why is because the cooki eyou created will never be seen until you refresh the page. then of course you over write it ever time so it will never work.
just in case anybody asks.So you mean the cookie wont be properly created? And does that mean even if I choose remember me next time, you wont stay logged in? What can I do to fix that?Hmm..I just checked and it did create a cookie when remember me was ticked. But it also seemed to refresh itself (I think), so possibly thats how it works?
I didn't notice the header redirects. yes it creates the cookie fine. but the way php is it has to be refreshed ot read the cookie.
but the delete cookie (logout) is wrong. you don't set a time on creation so you can't use time in the deletion. when you don't use a time it is delete automatically on browser close.
if ($login_error == true) { ?>
tha twill never be true. when you set a variable to true it is actually a 1 instead of true.
if ($login_error) { ?>
that is what you need.
and this will never be true.
if ($_COOKIE[user] == md5($user_data[USER_NAME])
casue when you login it sends a POST, but once the cookie is created it redirects to the same page but it will never make $user_data to be set. it will always be empty.
that code needs to be rewritten but seeing how you found another one then no worries.
<?php
// connect to server, database, table.
include ("db_connect.php");
// valid login credentials
$username = 'admin';
$password = 'admin_pass';
// grab current time
$time=time();
// handle the logout event
if ($logout == true) {
setcookie ("user", md5($_POST[user]), $time-3200);
setcookie ("pass", md5($_POST[pass]), $time-3200);
header("Location: index.php");
}
// handle validation event
if ($_POST[user] && $_POST[pass]) {
$user_data = mysql_fetch_array(mysql_query("select USER_ID, USER_NAME, USER_PASS from user_table where USER_NAME='$_POST[user]' and USER_PASS='$_POST[pass]'"));
if ($user_data[USER_ID] > 0) {
setcookie ("user", md5($user_data[USER_NAME]));
setcookie ("pass", md5($user_data[USER_PASS]));
header("Location: index.php");
} else { $login_error= true; }
}
// handle login event, both successful and erroneous, or show login screen
if ($login_error == true) { ?>
<table align=center style="font-family:arial; font-size:12; border:1 solid #000000;">
<tr><td align=center bgcolor=#123dd4>LOGIN ERROR</td></tr>
<tr><td align=center><b>Invalid Username and/or Password</b><br><br><a href=http://www.htmlforums.com/archive/index.php/index.php>Back</a></td></tr>
</table>
<?
} elseif ($_COOKIE[user] == md5($user_data[USER_NAME]) && $_COOKIE[pass] == md5($user_data[USER_PASS])) { ?>
<table align=center style="font-family:arial; font-size:12; border:1 solid #000000;">
<tr><td align=center bgcolor=#123dd4>SECURE AREA</td></tr>
<tr><td align=right><a href=http://www.htmlforums.com/archive/index.php/index.php?logout=true>Logout</a></td></tr>
<tr><td>You have successfully logged in.<br><br>
Encrypted Username: <b><?= $_COOKIE[user] ?></b><br>
Encrypted Password: <b><?= $_COOKIE[pass] ?></b><br>
</td></tr>
</table>
<?
} else {
?>
<form action=index.php method=post>
<table align=center style="font-family:arial; font-size:12; border:1 solid #000000;">
<tr><td colspan=2 align=center bgcolor=#123dd4>LOGIN</td></tr>
<tr><td align=right>Username: </td><td><input type=text name=user size=15></td></tr>
<tr><td align=right>Password: </td><td><input type=password name=pass size=15></td></tr>
<tr><td align=center colspan=2><input type=submit value=Login></td></tr>
</table>
</form>
<?
}
?>
The bit in bold is what isn't working. Everything else is fine - it says when you put and incorrect username/password. But when you enter a correct one, it creates the cookie, but still takes you back to the login page and not the secure area. So I'm guessing theres something wrong with the secure area elseif statement - but I don't know what cos I'm a bit of a php/mysql newb.
Could someone help me out please?as far as i can tell, you not checking the cookie early enough in the script..
the order should be:
1. check for sessions -
if session is open, then display content.
2. check for cookies -
if cookie is present, display content and set session.
3. check for post (from login) -
a) if login is valid, and "remember me" is requested set, then set cookie, set session and display content.
b) if login is valid, but no "remember me", then set session and display content.
4. if none of the above apply, show login.Thanks for the reply, but I found a really good login/registration script to use instead.
This is it incase anyone wants to check it out:
<!-- m --><a class="postlink" href="http://www.evolt.org/article/PHP_Login_Script_with_Remember_Me_Feature/17/60265/index.htmlwith">http://www.evolt.org/article/PHP_Login_ ... x.htmlwith</a><!-- m --> that code you have here will never work lie you want. why is because the cooki eyou created will never be seen until you refresh the page. then of course you over write it ever time so it will never work.
just in case anybody asks.So you mean the cookie wont be properly created? And does that mean even if I choose remember me next time, you wont stay logged in? What can I do to fix that?Hmm..I just checked and it did create a cookie when remember me was ticked. But it also seemed to refresh itself (I think), so possibly thats how it works?
I didn't notice the header redirects. yes it creates the cookie fine. but the way php is it has to be refreshed ot read the cookie.but the delete cookie (logout) is wrong. you don't set a time on creation so you can't use time in the deletion. when you don't use a time it is delete automatically on browser close.
if ($login_error == true) { ?>
tha twill never be true. when you set a variable to true it is actually a 1 instead of true.
if ($login_error) { ?>
that is what you need.
and this will never be true.
if ($_COOKIE[user] == md5($user_data[USER_NAME])
casue when you login it sends a POST, but once the cookie is created it redirects to the same page but it will never make $user_data to be set. it will always be empty.
that code needs to be rewritten but seeing how you found another one then no worries.