Results 1 to 3 of 3

Thread: php login script cookies not working

  1. #1
    Join Date
    Oct 2009
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default php login script cookies not working

    Hi there im doing a project for my college which is to create a hotel based website with a login and booking rooms.

    I have some knowlage of PHP and know how to use mysql database.

    I have the database setup and login/register done.

    You can register and login to your account and i can make it display your details. Im trying to create it so If cookies are present it displays details else display login form.

    I had it working at one stage and it worked but now it doesnt seem to work.

    I have 2 codes which do the login and login check:

    Login.php

    Code:
    <html>
    <body>
    <?php  
    
    if(isset($_COOKIE['email']) || $_COOKIE['password']){  
    $email = $_COOKIE['email'];  
    $password = $_COOKIE['password'];  
    if ($email == "$email" && $password == "$password"){  
    Echo '<html>';
    Echo '<form action="post">';
    print "<b>Email</b>: $email";
    echo '<br> <b>Password</b>:  <input name="password" type="password" value="" length="15"><br>';
    print "<b>First Name</b>: {$row['fname']}<br>";
    print "<b>Last Name</b>: {$row['lname']}<br>";
    echo "<b>Address</b>: {$row['address']}<br>";
    print "<b>City</b>: {$row['city']}<br>";
    print "<b>Postcode</b>: {$row['postcode']}<br>";
    echo '<br> <input type="button" name="update" value="Update!"> </form>';
    echo 'Click <a href="logout.php">here</a> to log out'; 
    }  
    }  
    
    else {  
    if(!isset($_COOKIE['email'])){   
    echo '<form action="logincheck.php" method="POST">';  
    echo 'Email:<br><input name="email" type="text"><br />';  
    echo 'Password: <input name="password" type="password"><br />';  
    echo 'Remember me: <input type="checkbox" name="rememberme" value="rememberme"> <br />';  
    echo '<input name="submit" type="submit" value="Submit"><br />';  
    echo '</form>';   
    }  
    }  
    ?> 
    
    
    </form>
    </body>
    </html>
    logincheck.php:

    Code:
    <?php
    
    $config_basedir = "http://reseller.infused-hosting.com";
    
    $con = mysql_connect("localhost","reseller_test","******");
    if (!$con)
      {
      die('Could not connect: ' . mysql_error());
      }
    
    mysql_select_db("reseller_test", $con);
    
    $user = ($_POST['email']);
    $password = ($_POST['password']);
    
    $loginsql = "SELECT * FROM members WHERE email = '$user' AND password = '$password'";
    $loginres = mysql_query($loginsql);
    
    
    $numrows = mysql_num_rows($loginres);
    if($numrows == 1)
    
    
    
    { 
    
    $loginrow = mysql_fetch_assoc($loginres);
    $_SESSION['SESS_LOGGEDIN'] = 1;
    $_SESSION['SESS_NAME'] = $loginrow['email'];
    
    
    
    //If login is correct 
    $user = $email;
    $password = $password;
    
    
    
    Echo 'Login Successful! You are now being redirected.';
    Echo '<meta http-equiv="REFRESH" content="3;url=index.php">';
    
    
    }
    
    
    else {
    
    Echo '<meta http-equiv="REFRESH" content="3;url=index.php">';
    echo ' Login Incorrect, You are being redirected back to the previous page.';
    
    }
    
    ?>
    Can anyone help me with this or see if ive made a stupid error aha..

    Thanks in advanced.

  2. #2
    Join Date
    Nov 2009
    Location
    You've probably guessed by now. ;-)
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Have you resolved this SouLz? I have a similar application/problem. One thing I've learned is to check php.ini to ensure that session.use_cookies is enabled.

  3. #3
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 517 Times in 503 Posts
    Blog Entries
    5

    Default

    well, you're using $_COOKIE at one point in the script and then, later on, you're using $_POST. I don't see anything that sets the $_COOKIE you're looking for in the first script, either. You'll need to be more specific about your problem to get more help with it.

    In addition, your database in vulnerable to SQL injection attacks the way you have it set up now. Never take something a user submits and put it directly into a database query.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •