Hermes

Well, i dont know exactly what this is supposed to do, but there is an issue... if(!isset($_COOKIE['user']) || (isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user'])){ header('Location: /login.php'); exit(); } when you put if(!isset(blah blah lbah) || isset(blah blah blah) ... you have created a tautology. This will always evaluate to true since you are using or operators. so if there is a variable set, it will be (TRUE or FASLE), and if there isnt a variable set it will be (FALSE or TRUE) both of these since you are using or will evaluate to true. Once I have the user is logged in, it's supposed to check that the cookie is working on every page. I'm really new to PHP and so cookies still really confuse me.

Thanks! However, the script is still not working. I think maybe it might actually be the one for checking whether or not the person is logged in? So on the admin/index.php, I have: if(!isset($_COOKIE['user']) || (isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user'])){ header('Location: /login.php'); exit(); }

I just now noticed that. Thanks! However the script still isn't working. Right now I have this: <?php // Set the login user here: $login_username == "User"; $login_password =="Password"; // Quick Cookie Check to see if user is logged in. // If the cookie 'user' exists and the MD5(IP+5) matches the cookie 'user' // Then jump him to the admin page. // Explanation for MD5(IP+5) coming up.. if(isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user']){ header('Location: /admin/index.php'); exit(); } // Look for Posted Username and Password if (isset($_POST['username'])&&isset($_POST['password'])) { if ($_POST['username'] = $login_username && $_POST['password'] = $login_password) { // Set cookie 'user' // Giving the MD5ed value of the user's IP+SomeNumber(5). This way the // user seesgibberish and doesn't quite know what's going on here. // Setting cookie expiration time in seconds (60s*60m*24h = 1 day) setcookie ('user',md5($_SERVER['REMOTE_ADDR']+5),time()+60*60*24); // Toss them to the admin page header('Location: /admin/index.php'); // Prevent any other scripts from executing exit(); }else{ // Login Failed - Toss back to the login page with an error. header('Location: ../login.php?error=Incorrect+username+or+password.'); exit(); } }else{ // No Username and Password field is set // Assuming there is a /login.php header('Location:/login.php'); }

I plan on it, eventually, but for right now the username and password are set variables in the script as $username == User $password == Password I'm testing it out to see if it works from the foundation before using MYSQL

When you go to login.php and type in "User" and "Password" and hit submit, it redirects you back to login.php saying you have the wrong username and password.

When you go to login.php and type in "User" and "Password" and hit submit, it redirects you back to login.php saying you have the wrong username and password. Okay, so I think the problem with my script is that when it checks to see if the post information is the same as the set username, it rejects it. Here's my login.php code: <html> <head> <title>Admin Login</title> </head> <body> <table> <form action="source/check_log.php" method="post"> <td><b>UserName: <input type="text" size="20" name="username"></td><td> <b>Password: </b><input type="password" size="20" name="password"></td> <br> <tr><td><input type="submit" value="login"></td></tr> </form> </table> </body> </html> And here's the authentication (check_log.php) script: <?php // Set the login user here: $login_username == "User"; $login_password =="Password"; // Quick Cookie Check to see if user is logged in. // If the cookie 'user' exists and the MD5(IP+5) matches the cookie 'user' // Then jump him to the admin page. // Explanation for MD5(IP+5) coming up.. if(isset($_COOKIE['user']) && md5($_SERVER['REMOTE_ADDR']+5)!=$_COOKIE['user']){ header('Location: /admin/index.php'); exit(); } // Look for Posted Username and Password if (isset($_POST['username'])&&isset($_POST['password'])) { if ($_POST['username'] == $login_username && $pass == $login_password) { // Set cookie 'user' // Giving the MD5ed value of the user's IP+SomeNumber(5). This way the // user seesgibberish and doesn't quite know what's going on here. // Setting cookie expiration time in seconds (60s*60m*24h = 1 day) setcookie ('user',md5($_SERVER['REMOTE_ADDR']+5),time()+60*60*24); // Toss them to the admin page header('Location: /admin/index.php'); // Prevent any other scripts from executing exit(); }else{ // Login Failed - Toss back to the login page with an error. header('Location: ../login.php?error=Incorrect+username+or+password.'); exit(); } }else{ // No Username and Password field is set // Assuming there is a /login.php header('Location:/login.php'); } ?>

I use illustrator & photoshop CS. My favorite part about web designing is making the header. Not sure why, it's just entertaining. I actually like coding the CSS and HTML stuff, but I'm not sure how to wrap a CMS around it.

Weeee. Name: Corey Gender: Female Age: 15 Ummm I've been working on my websites for like a year now and so I just picked up a few books so i can code my own CMS as opposed to going through the annoyance of looking for a good one. I like art in like every form, writing, drawing, music, etc.