Jump to content

[SOLVED] Checking Cookies with PHP

sh0wtym3

By sh0wtym3
in PHP Coding Help

 Share

Recommended Posts

sh0wtym3 Member

sh0wtym3

Posted
Posted

Hey all,

 

I built two simple control panels for my website using PHP (one is for members, the other is for admin). I want a unique cookie to be added when the user "admin" logs in, so that only the user "admin" can access the admin control panel.

 

I've tried and tried but so far it lets both MEMBERS and ADMIN log into the Admin control panel.

 

Here is my code

 

Code for Login.php

<style type="text/css">
a:hover {
  color: red;
}
</style>
<FONT size="3" face="Calibri"><center>
<?php
// Connects to your Database
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: members.php");

}
}
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
echo "<img src=http://mysite.com/logo.jpg><p>";
die('You did not fill in a required field. Please <a href=login.php>try again</a>.');
}

$username = $_POST['username'];

//checks to make sure their account is active
$result = mysql_query("SELECT * FROM users WHERE username = '$username'")
or die(mysql_error());
$status = mysql_fetch_array( $result );
if( $status['status'] == "1" )
{ 
echo "<img src=http://mysite.com/logo.jpg><p>";
die('Your account has been deactivated.<p> Please contact Mysite.com Customer Support for more information. <p><p><a href=login.php>Return to login screen</a>');
} 

// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
echo "<img src=http://mysite.com/logo.jpg><p>";
echo "That username does not exist in our database. Please<a href=register.php> click here</a> to register a free account.<p>";
die('Or, click <a href=login.php>here</a> to try again.');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = ($_POST['pass']);

//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
echo "<img src=http://mysite.com/logo.jpg><p>";
die('Incorrect password, please <a href=login.php>try again</a>.');
}

// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
setcookie(Status_my_site, $_POST['status'], $hour);

//checks to see if you are Admin
if ($_POST['username'] == "admin") {
header("Location: admin.php");
}

else
{

//then redirect them to the members area
header("Location: members.php");
}
}
}
else
{

// if they are not logged in
?>
</center></FONT>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table align="center" border="0">
<tr><td align="center" colspan=3><img src="logo.jpg" width="321" height="264"><br>
<font face="Calibri"><strong>Login to your account</strong></font></td>
</tr>
<tr><td width="100"><font face="Calibri">Username:</font></td><td colspan="2">
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td><font face="Calibri">Password:</font></td><td width="147">
<input type="password" name="pass" maxlength="50">
</td>
</tr>
<tr><td align="left"> 
</td>
  <td colspan="2" align="left"><input type="submit" name="submit" value="Login"></td>
</tr>
<tr>
  <td align="left"><font face="Calibri"><a href="http://mysite.com/register.php">Register a free account</a></font></td>
  <td colspan="2" align="left">      <a href="http://mysite.com/forgot_password.php"><font size="3" face="Calibri">Forgot your password?</font></a></td>
</tr>
</table>
</form>
<?php
}

?>

 

Code for Admin.php (Admin control panel)

<style type="text/css">
a:hover {
  color: red;
}
</style>
<FONT size="+2" face="Calibri"><center>
<?php
// Connects to your Database
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

//checks cookies to make sure they are logged in
if(isset($_COOKIE['ID_my_site']))
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{

//if the cookie has the wrong password, they are taken to the login page
if ($pass != $info['password'])
{ header("Location: login.php");
}

//otherwise they are shown the admin area
else
{
echo "<img src=http://mysite.com/logo.jpg><p>";
echo "This is the Administrative Control Panel.<p>";
echo "<a href=admin-accountsummary.php>View summary of all active accounts</a><p>";
echo "<a href=admin-changepw.php>Change your administrative password</a><p>";
echo "<a href=excel.php>View Excel Sheets</a><p>";
echo "<a href=admin-upload.php>Upload a file</a><p>";
echo "<a href=status.php>Activate/Deactivate an account</a><p>";
echo "<a href=logout.php>Logout</a>";
}
}
}
else

//if the cookie does not exist, they are taken to the login screen
{
header("Location: login.php");
}
?>
</center></FONT>

Link to comment
Share on other sites
monkeytooth Advanced Member

monkeytooth

Posted
Posted

First off, I would use SESSION's since your using PHP anyway.. but thats my prefrence. Sessions work just like cookies but store server side, and the only cookie that is placed user side is the initial cookie to define the session which is unique to the user...

 

Anyway.. one question I have is, the cookies your setting, are your expiring them, or clearing them out of your cache? prior to every test.. cause if they are 2 unique styles with diffrent names then you might have them both set, and the script isnt working accordingly for you because they arent gone so to speak..

Link to comment
Share on other sites
sh0wtym3 Member

sh0wtym3

Posted
  • Author
Posted

I figured out another way around it. I added a field in my database where each user is designated "A" for admin or "U" for user. I then created the following script to block all people with "U" access:

 

//checks to make sure they have administrative access
$result = mysql_query("SELECT * FROM users WHERE username = '$username'")
or die(mysql_error());
$status = mysql_fetch_array( $result );
if( $status['type'] == "U" )
{ 
echo "<img src=http://mysite.com/logo.jpg><p>";
echo "Warning: You are attempting to access an administrative area. Your IP address has been logged.<p>";
die('<a href=login.php>Back to Account Login Page</a>');
}

 

Hopefully this might help somebody with a similar issue.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.