User login script error

**Titan85** · 01-02-2007, 03:22 AM

ok, I changed the code to what you said, and I get the login success message, but now I am not sure how to check to see if the user is logged in on other pages (the protected ones). Also, I don't really understand how the password is being checked, and I would like to seeing how I am doing this as a learning experience

. Any help and explanations would be greatly appreciated

**thetestingsite** · 01-02-2007, 03:34 AM

Now that you are getting the login success message, add what you tried to add before (the setcookie items.)

Originally Posted by Titan85

Code:

$expire = time() + (7*86400);

setcookie("username", $user, $expire); //Set Username cookie

setcookie("password", $pass, $expire); //Set password cookie

//Success
echo 'Success, you have been logged in!<br />';
echo '<a href="cpanel.php">Continue</a>...';

The above will go where the login success message is, and whatever you want to happen if they get the login failed message would go there.

I don't really understand how the password is being checked

In your first query (after you changed it to check only for rows with the matching username), you get the information from the only row with the username that you entered. After that, the following line kicks in:

Code:

$q = mysql_fetch_array($result);

That gets the table column names and puts them in an array. After that, we check against the db for a match with the entered password after its md5 encryption:

Code:

$password = md5($password);

if ($password == $q[password]) {

echo 'Login Success!';
}

else {

echo 'Login Failed';
}

In other words (for the above code), if the entered md5 password hash matches the one in the db, continue with login success. If it does not match, then the login failed.

Hope this helps.

**blm126** · 01-03-2007, 03:06 AM

Originally Posted by thetestingsite

Now that you are getting the login success message, add what you tried to add before (the setcookie items.)

That may not be the best way to do it. I would use something along these lines.
Log them in

PHP Code:


@session_start();//Start the session, Must be called before anything is sent to the browser

$_SESSION['user'] = $username;//Remember the username

$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];//Remember the IP.Another line of defense against the session getting hijacked

and check the login

PHP Code:


@session_start();//Must be called before anything is sent to the browser

if(!empty($_SESSION['user']) && !empty($_SESSION['ip']) && $_SESSION['ip'] == $_SERVER['REMOTE_ADDR']){

    echo 'User is logged in';

}

**thetestingsite** · 01-03-2007, 04:27 AM

Either way is fine, just a matter of opinon. I simply suggested adding the part (s)he already had in the original script due to the fact (s)he is currently learning, and if it was already in the original, that means it was already learned. Sessions is a good way to go about user authentication, but it is pretty much the same as a cookie (with the exception that it is not stored client side [browser]).

Thread: User login script error

Thread Tools

Search Thread

Bookmarks

Bookmarks

Posting Permissions