twilitegxa Posted September 22, 2008 Share Posted September 22, 2008 My form lets me enter the user name and password, then the php script checks that it is an authorized user, and when it is, it displays a link to a secret page, but when I try to click the link, it redirects me to the log in screen again. What is making it do this? Here are the codes: <?php //check for required fields from the form if ((!$_POST[username]) || (!$_POST[password])) { header("Location: listing15.7.php"); exit; } //connect to server and select database $conn = mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("smrpg",$conn) or die(mysql_error()); //create and issue the query $sql = "select f_name, l_name from auth_users where username = '$_POST[username]' and password = password('$_POST[password]')"; $result = mysql_query($sql,$conn) or die(mysql_error()); //get the number of rows in the result set; should be 1 if a match if (mysql_num_rows($result) == 1) { //if authorized, get the value of f_name l_name $f_name = mysql_result($result, 0, 'f_name'); $l_name = mysql_result($result, 0, 'l_name'); //set authorization cookie setcookie("auth", "1", 0, "/", "yourdomain.com", 0); //prepare message for printing, and user menu $msg = "<p>Congratulations, $f_name $l_name, you are authorized!</p>"; $msg .= "<p>Authorized Users' Menu:"; $msg .= "<ul><li><a href=\"listing15.9.php\">secret page</a></ul>"; } else { //redirect back to login if not authorized header("Location: listing15.7.php"); exit; } ?> <html> <head> <title>Listing 15.8 User Login</title> </head> <body> <?php print "$msg"; ?> </body> </html> And the secret page php code: <?php if ($_COOKIE[auth] == "1") { $msg = "<p>You are an authorized user.</p>"; } else { //redirect back to login form if not authorized header("Location: listing15.7.php"); exit; } ?> <html> <head> <title>Listing 15.8 Accessing a restricted page</title> </head> <body> <?php print "$msg"; ?> </body> </html> Can anyone tell me what is wrong? Quote Link to comment Share on other sites More sharing options...
kpasiva Posted September 22, 2008 Share Posted September 22, 2008 Hi, Set your domain name in the place of yourdomain.com setcookie("auth", "1", 0, "/", "yourdomain.com", 0); Quote Link to comment Share on other sites More sharing options...
twilitegxa Posted September 24, 2008 Author Share Posted September 24, 2008 Will this work if I choose to let other authorized users have access later on in the future as well? And, do I set just the main domain name, like domainname.com? Or does it need to include the http://www. part as well as any folders the page is in? Quote Link to comment Share on other sites More sharing options...
xoligy Posted September 24, 2008 Share Posted September 24, 2008 it would need the http://www too also why dont you just redirect them to the page when there logged in and authorized? Quote Link to comment Share on other sites More sharing options...
twilitegxa Posted September 24, 2008 Author Share Posted September 24, 2008 I probably will, I just needed to make sure everything worked right, because what it was doing made it seem like once they logged in, that it checked and they weren't authorized since it would redirect them to sign in again. It was supposed to let them sign in, tell them they were authorized, and then let them click the "secret" link for onyl authorized users. But after they would try to click it, it would redirect as if saying they were not authorized, so I was confused. It still redirects, even after I changed the domain name though. Does that mean anything? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.