stackoom
  简体   繁体   中英

PHP Cookie Login System

 原文  2012-10-22 05:46:39       php/ mysql/ cookies/ login/ session-cookies

Question

I am having a problem with the cookies finding the cookies stored from my login page.Here is my login page code: 

<?php 
// Connects to your Database 
include("dbconnect.php");
mysql_select_db("maxgee_close2");
//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))
 //if there is, it logs you in and directes you to the members page
{ 
    $username = $_COOKIE['ID_my_site']; 
    $password = $_COOKIE['Key_my_site'];
    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
    while($info = mysql_fetch_array( $check )) 
    {
        if ($password != $info['password'])
        {
        }
        else
        {
            header("Location: members.php");
        }
    }
}
//if the login form is submitted 
if (isset($_POST['submit'])) { // if form has been submitted
 // makes sure they filled it in
    if(!$_POST['username'] | !$_POST['password']) {
        die('You did not fill in a required field.');
    }
    // checks it against the database

    if (!get_magic_quotes_gpc()) {
        $_POST['email'] = addslashes($_POST['email']);
    }
    $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

    //Gives error if user dosen't exist
    $check2 = mysql_num_rows($check);
    if ($check2 == 0) {
        die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
    }
    while($info = mysql_fetch_array( $check ))  
    {
        $_POST['password'] = stripslashes($_POST['password']);

        $info['password'] = stripslashes($info['password']);

        $_POST['password'] = md5($_POST['password']);

        //gives error if the password is wrong

        if ($_POST['password'] != $info['password']) {
            die('Incorrect password, please try again.');
        }
        else 
        { 
            // if login is ok then we add a cookie 
           setcookie("TestCookie", $value, time()+3600);  /* expire in 1 hour */


          //then redirect them to the members area and the line with the error
          header("Location: members.php");
        }
    } 
  }
  else
  { 
    // if they are not logged in
     ?>
     <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
     <h1>Login</h1>
     Username:
    <input type="text" name="username" maxlength="40"> 
    Password:
    <input type="password" name="password" maxlength="50"> 
    <input type="submit" name="submit" value="Login">
    </form> 
<?php 
 } 
 include("topsite.php");
?>

Members Page: Here is the page that cant find the cookies I have found the cookies saved in my browser this page just cant find them: 

<?php 
include("dbconnect.php");
mysql_select_db("maxgee_close2");

//checks cookies to make sure they are logged in 

if(isset($_COOKIE['maxgee.me'])) 

 { 

$username = $_COOKIE['maxgee.me']; 

$password = $_COOKIE['maxgee.me']; 

    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); 

while($info = mysql_fetch_array( $check ))   

    { 



  //if the cookie has the wrong password, they are taken to the login page 

    if ($password != $info['password']) 

        {           header("Location: login_test.php"); 

        } 



    //otherwise they are shown the admin area    

else 

        { 

         echo "Admin Area<p>"; 

   echo "Your Content<p>"; 

   echo "<a href=logout.php>Logout</a>"; 

        } 

    } 

    } 

    else 



   //if the cookie does not exist, they are taken to the login screen 

  {          

   header("Location: login_test.php"); 

   } 

   ?>

2 answers

solution1
 0 ACCPTED  2012-10-22 05:54:32

you have an error in the login script. 

if(!$_POST['username'] | !$_POST['password']) {
    die('You did not fill in a required field.');
}

and it should be 

if(!$_POST['username'] || !$_POST['password']) {
    die('You did not fill in a required field.');
}

Also you are not storing the cookie in your login page. Look out for the comment 

// if login is ok then we add a cookie

You have not added the cookie there. Below is the way to add cookie. 

setcookie("TestCookie", $value);

Below is the way to set cookie with time. 

setcookie("TestCookie", $value, time()+3600);  /* expire in 1 hour */

And below is the way to retrieve cookie. 

echo $_COOKIE["TestCookie"];

solution2
 0  2012-10-22 05:59:37

I realize this might not be what you want to hear, but I think you need to start over on this code. For starters, you are writing directly to $_POST, which is just a bad idea when it comes to debugging. In addition, you appear to be storing the password in clear text in the database as well as storing it in the cookie! Your site is going to be a hacker's wet dream. Please check out this post:

PHP best practices for user authentication and password security

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Cookie Stealer/Login System (PHP) Designing a secure auto login cookie system in PHP PHP Login session with cookie Login with cURL php Cookie PHP CURL Login with cookie PHP login session and cookie Php Curl Cookie login Simple PHP login with cookie php login on android with cookie cookie not working in php login
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM