I am having a problem with the cookies finding the cookies stored from my login page.Here is my login page code:
<?php
// Connects to your Database
include("dbconnect.php");
mysql_select_db("maxgee_close2");
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$password = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($password != $info['password'])
{
}
else
{
header("Location: members.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['password']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['password'] = stripslashes($_POST['password']);
$info['password'] = stripslashes($info['password']);
$_POST['password'] = md5($_POST['password']);
//gives error if the password is wrong
if ($_POST['password'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
setcookie("TestCookie", $value, time()+3600); /* expire in 1 hour */
//then redirect them to the members area and the line with the error
header("Location: members.php");
}
}
}
else
{
// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<h1>Login</h1>
Username:
<input type="text" name="username" maxlength="40">
Password:
<input type="password" name="password" maxlength="50">
<input type="submit" name="submit" value="Login">
</form>
<?php
}
include("topsite.php");
?>
Members Page: Here is the page that cant find the cookies I have found the cookies saved in my browser this page just cant find them:
<?php
include("dbconnect.php");
mysql_select_db("maxgee_close2");
//checks cookies to make sure they are logged in
if(isset($_COOKIE['maxgee.me']))
{
$username = $_COOKIE['maxgee.me'];
$password = $_COOKIE['maxgee.me'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
//if the cookie has the wrong password, they are taken to the login page
if ($password != $info['password'])
{ header("Location: login_test.php");
}
//otherwise they are shown the admin area
else
{
echo "Admin Area<p>";
echo "Your Content<p>";
echo "<a href=logout.php>Logout</a>";
}
}
}
else
//if the cookie does not exist, they are taken to the login screen
{
header("Location: login_test.php");
}
?>
you have an error in the login script.
if(!$_POST['username'] | !$_POST['password']) {
die('You did not fill in a required field.');
}
and it should be
if(!$_POST['username'] || !$_POST['password']) {
die('You did not fill in a required field.');
}
Also you are not storing the cookie in your login page. Look out for the comment
// if login is ok then we add a cookie
You have not added the cookie there. Below is the way to add cookie.
setcookie("TestCookie", $value);
Below is the way to set cookie with time.
setcookie("TestCookie", $value, time()+3600); /* expire in 1 hour */
And below is the way to retrieve cookie.
echo $_COOKIE["TestCookie"];
I realize this might not be what you want to hear, but I think you need to start over on this code. For starters, you are writing directly to $_POST, which is just a bad idea when it comes to debugging. In addition, you appear to be storing the password in clear text in the database as well as storing it in the cookie! Your site is going to be a hacker's wet dream. Please check out this post:
PHP best practices for user authentication and password security
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.