php login script cookies not working

[SouLz]

Hi there im doing a project for my college which is to create a hotel based website with a login and booking rooms.

I have some knowlage of PHP and know how to use mysql database.

I have the database setup and login/register done.

You can register and login to your account and i can make it display your details. Im trying to create it so If cookies are present it displays details else display login form.

I had it working at one stage and it worked but now it doesnt seem to work.

I have 2 codes which do the login and login check:

Login.php

Code:

<html>
<body>
<?php  

if(isset($_COOKIE['email']) || $_COOKIE['password']){  
$email = $_COOKIE['email'];  
$password = $_COOKIE['password'];  
if ($email == "$email" && $password == "$password"){  
Echo '<html>';
Echo '<form action="post">';
print "<b>Email</b>: $email";
echo '<br> <b>Password</b>:  <input name="password" type="password" value="" length="15"><br>';
print "<b>First Name</b>: {$row['fname']}<br>";
print "<b>Last Name</b>: {$row['lname']}<br>";
echo "<b>Address</b>: {$row['address']}<br>";
print "<b>City</b>: {$row['city']}<br>";
print "<b>Postcode</b>: {$row['postcode']}<br>";
echo '<br> <input type="button" name="update" value="Update!"> </form>';
echo 'Click <a href="logout.php">here</a> to log out'; 
}  
}  

else {  
if(!isset($_COOKIE['email'])){   
echo '<form action="logincheck.php" method="POST">';  
echo 'Email:<br><input name="email" type="text"><br />';  
echo 'Password: <input name="password" type="password"><br />';  
echo 'Remember me: <input type="checkbox" name="rememberme" value="rememberme"> <br />';  
echo '<input name="submit" type="submit" value="Submit"><br />';  
echo '</form>';   
}  
}  
?> 


</form>
</body>
</html>

logincheck.php:

Code:

<?php

$config_basedir = "http://reseller.infused-hosting.com";

$con = mysql_connect("localhost","reseller_test","******");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("reseller_test", $con);

$user = ($_POST['email']);
$password = ($_POST['password']);

$loginsql = "SELECT * FROM members WHERE email = '$user' AND password = '$password'";
$loginres = mysql_query($loginsql);


$numrows = mysql_num_rows($loginres);
if($numrows == 1)



{ 

$loginrow = mysql_fetch_assoc($loginres);
$_SESSION['SESS_LOGGEDIN'] = 1;
$_SESSION['SESS_NAME'] = $loginrow['email'];



//If login is correct 
$user = $email;
$password = $password;



Echo 'Login Successful! You are now being redirected.';
Echo '<meta http-equiv="REFRESH" content="3;url=index.php">';


}


else {

Echo '<meta http-equiv="REFRESH" content="3;url=index.php">';
echo ' Login Incorrect, You are being redirected back to the previous page.';

}

?>

Can anyone help me with this or see if ive made a stupid error aha..

Thanks in advanced.

[MarkFromHawaii]

Have you resolved this SouLz? I have a similar application/problem. One thing I've learned is to check php.ini to ensure that session.use_cookies is enabled.

[traq]

well, you're using $_COOKIE at one point in the script and then, later on, you're using $_POST. I don't see anything that sets the $_COOKIE you're looking for in the first script, either. You'll need to be more specific about your problem to get more help with it.

In addition, your database in vulnerable to SQL injection attacks the way you have it set up now. Never take something a user submits and put it directly into a database query.