how to use cookies to prevent entering a webpage without login
if the user has not logged in, but click to the order page, then it should be redirect to the login page.
yet, it is not functioned as expected. it just hold in the login page, and cannot login or proceed to order page. wt is the problem??
login check:
Code:
<?php
if ($_POST['submit']) {
//get username and password
$membername = $_POST['loginID_member'];
$password = $_POST['password_member'];
if ($email=="correct" && $pass=="correct"){
setcookie('logged','1');
header("Location: order_form.php"); //Redirect to home page
// else echo "Wrong combinaton!";
// }
exit();
}
}
$email = $_POST['loginID_member'];
$pass = $_POST['password_member'];
$_SESSION['email']= $_POST['loginID_member'];
//$_SESSION['password']= $_POST['password_member'];
setcookie("email", $email, time()+3600);
if ($email&&$pass)
{
//connect to db
$connect = mysql_connect("127.0.0.1","root","") or die("not connecting");
mysql_select_db("fooddeliveryshop") or die("no db :'(");
$query = mysql_query("SELECT * FROM member WHERE memberemail='$email'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
$match = mysql_query("SELECT * FROM member WHERE memberemail='$email' and memberpw='$pass'");
$numrows2 = mysql_num_rows($match);
//echo ($match);
if ($numrows2!=0)
{
$row = mysql_fetch_assoc($query);
$dbusername = $row['memberemail'];
$dbpassword = $row['memberpw'];
echo ('Success. Please wait.') ;
echo($_SESSION['email']);
echo $_COOKIE['email'];
if (isset($_COOKIE)) {
foreach ($_COOKIE as $name => $value) {
$name = htmlspecialchars($name);
$value = htmlspecialchars($value);
echo "$name : $value <br />\n";
echo ("YES");
}}
header("Location: order_form.php");
}
else die ('<script type="text/javascript">alert("Incorrect username/password!");location.replace("member_login.php")</script>');
}
else
echo "<script>alert('User does not exist!');window.location.href= 'member_login.php';</script>";
}
else
die('<script type="text/javascript">alert("Please enter a username and password!");location.replace("member_login.php")</script>');
//disconnect with db
mysql_close($connect);
?>
order page:
Code:
<?php
session_start();
if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
header ("Location: member_login.php");
}
?>