cookies help and membership

[ryansdistrict]

i made a software but i need help in making permissions for members to enter certain pages ONLY if they are logged in an account that gives them permission to enter it
I dont know anything about cookies please can you tell me the basics of show me a simple code to know how stuff work
Regards

[resnostyle]

hey!
to make a cookie you want to run this. btw the +3600 is time measured in seconds i think.

Code:

setcookie("name", "value", time()+3600);

to expire a cookie

Code:

setcookie("name", "value", time()-3600);

one thing you will need to do is verify that the person has a valid cookie. so once they are logged in you will want to check that their cookie is still active. for example a person did not type in the address of secure pages.

Code:

 
//cookie validation
  $valid_check = $_COOKIE['name'];
if($valid_check == "value")
{
	// Login OK
}else{
	// Login FAKE
	header("Location: ../index.php");
}

[ryansdistrict]

until now everything i agree upon but what about the pages which i have on the server if one have the url he can access easily without the need to login

[ryansdistrict]

anyways do u have a similar login code to see how it works cuz i created 1 i think there is something wrong in it

[alexjewell]

here's a REALLY simple login code:

PHP Code:

session_start();

$protected_content = 'WHATEVER YOU WANT PASSWORD PROTECTED HERE';

if(!@$_SESSION['auth']){

$username = 'practice';
$password = 'practice';
$user = $_POST['user'];
$pass = $_POST['pass'];

    if($user !== $username || $pass !== $password){ 
    header('Location:login.php');}
    else{ 
    $_SESSION['auth'] = 'true';
    echo $protected_content;}
}

else{
ob_start();
header('Location:login.php');
ob_end_flush();} 


If you have any questions, feel free to ask. Just replace "practice" with the username and password of your choice. And, if needed, change login.php to the name of the login page.

[resnostyle]

here's a REALLY simple login code:

PHP Code:

session_start();

$protected_content = 'WHATEVER YOU WANT PASSWORD PROTECTED HERE';

if(!@$_SESSION['auth']){

$username = 'practice';
$password = 'practice';
$user = $_POST['user'];
$pass = $_POST['pass'];

    if($user !== $username || $pass !== $password){ 
    header('Location:login.php');}
    else{ 
    $_SESSION['auth'] = 'true';
    echo $protected_content;}
}

else{
ob_start();
header('Location:login.php');
ob_end_flush();} 


If you have any questions, feel free to ask. Just replace "practice" with the username and password of your choice. And, if needed, change login.php to the name of the login page.

isnt this script using sessions? i think he wants to use cookies, although sessions are better.

that reminds me i need to start learning sessions.

[djr33]

Yes. It uses sessions. Sessions usually use a cookie to store the session id, which keeps the user connected to the current session.
However, using cookies alone would be incredibly easy to fake because the values of cookies are directly available to the user.
Sessions are a much better idea.

[ryansdistrict]

'but now am facing another problem which is checking if the username and password available in mysql database and they both match
How can i check the replaced username and password with the ones in the database

[djr33]

http://php-mysql-tutorial.com

Search the database to see if it matches.

$query = "SELECT * FROM 'usertable' WHERE 'password'='$password' AND 'username'='$user';"
If that returns any results, it's valid, then. In the simplest of scenarios, at least.