Cookie/'Not logged in problem'

[timecatcher]

Hey guys im trying to code a virtual pet site however im stuck as I keep getting told on some of my pages that im not logged in even though I know I am because I've checked the cookies.

 

Here is the 'news' file for my website and I will post the login script too so you can see where im going wrong hopefully xD Thanks.

 

<?
require("includes/connect.inc.php") ;
$query = mysql_query("SELECT * FROM user WHERE username='".addslashes(htmlspecialchars($_COOKIE['kurukouser']))."' AND password='".md5($_COOKIE['kurukopass'])."'") ;
if(mysql_num_rows($query) > 0){
$username = $_COOKIE['kurukouser'] ;

$news=mysql_query("SELECT * FROM news ORDER BY ID DESC LIMIT 8") ;
while($rows=mysql_fetch_array($news)){
$title=$rows['title'];
$content=$rows['message']; 

	echo'<table border=1 cellspacing=0 bordercolor=000000>'; 
	echo '<tr><td width=500><center><b>$title</b></center></td></tr>'; 
	echo '<td width=500><center>$content</center></td></table><p>';

}
}else{

	echo'Error: You must be logged in to view this page.' ;

}
?>

(News)

 

<?
require ("includes/connect.inc.php") ; 
if($_POST['submit'] == 'Login') {
$username = addslashes(htmlspecialchars($_POST['username'])) ;
$password = md5($_POST['password']) ;
$query = mysql_query("SELECT * FROM user WHERE username ='".$username."' AND password='".$password."'") ;
if(mysql_num_rows($query) > 0) {
	$pwunerror = 'Please enter the correct username or password.' ;
	$error = 1 ;
}
if(!$username) {
	$usererror = 'Please enter a username.' ;
	$error = 1 ;
}
if(!password) {
	$passerror = 'Please enter a password.' ;
	$error = 1 ;
}
if(!$error == 1 && $_POST['submit'] == 'Login') {
$timestamp = 60*60*24*90 ;
setcookie('kurukouser',$username,time()+$timestamp) ;
setcookie('kurukopass',$password,time()+$timestamp) ;
}
}
if(!$_POST['submit'] == 'Login') {
	echo'<form method="post" action="login.php"><br />Username: <input type="text" name="username"><br />Password: <input type="password" name="password"><br /><input type="submit" name="submit" value="Login">' ;
}
if($error == 1) {
	echo'<form method="post" action="login.php"><br />Username: <input type="text" name="username"><br />Password: <input type="password" name="password"><br /><input type="submit" name="submit" value="Login">' ;
	echo'<br />' ;
	echo $pwunerror ;
	echo'<br />' ;
	echo $usererror ;
	echo'<br />' ;
	echo $passerror ;
}
if(!$error && isset($_COOKIE['kurukouser']))
{
$username = $_COOKIE['kurukouser'] ;
	echo'You are logged in '.$username.'.' ;

}
?>

(Login)

 

Thanks any help appreciated, im sure its something small as I had it working once before thanks!

 

Timecatcher.

[revraz]

Set the domain in the setcookie parameter.

I would also echo the query and make sure that it is in fact passing the correct login credentials.

 

But wouldn't it be easier to just set a session instead of reading the cookies?

[timecatcher]

Hehe im new to PHP so maybe lol can't remember how to set them up and to be honest I think im wanting cookies for the site im using as they need to be there for a long time to make things easier. I will echo the $query however as that should tell me where im going wrong so thanks

 

Timecatcher.

[timecatcher]

Ok well I tried the echo thing ad it said this: Resource id #3 ??? Is there anyone who can read my cookie setup and just explain briefly whats wrong as im sure I don't need to go and recode loads as it deffinately worked before I reopened my website. It seems like something simple because of this but if someone could tell me that would be much appreciated thanks!

 

Timecatcher.

[timecatcher]

BUMP--Sorry I wont do this again, I just think this seems quite simple and I know it is but more pairs of eyes is better than my one. Thanks.

 

TC.

[revraz]

You can't echo it the way you have it, because you incorporate your query into your string, break it down

 

$query = ("SELECT * FROM user WHERE username ='".$username."' AND password='".$password."'") ;

echo $query;

$result = mysql_query($query) or die (mysql_error());