timecatcher Posted December 12, 2008 Share Posted December 12, 2008 Hey guys, im trying to get my login to not set cookies if people don't login with the right credentials and to let them if they do. This seems to work alright apart from the fact that it still sets a cookie, however it says to them that they are logged in in the navigation bar, yet when any link is clicked it says they need to be logged in, and if they try to login they get the error; Already Logged in. So im confused as to why this is happening as when my cookie has the right information it does just as it should. Help appreciated thanks. P.S Sorry for my lack of indentation im still not overly sure how people do it thanks. <? require ("includes/connect.inc.php") ; if($error != 1 && $_POST['submit'] == 'Login') { $timestamp = 60*60*24*90 ; setcookie('kurukouser',$username,time()+$timestamp) ; setcookie('kurukopass',$password,time()+$timestamp) ; } require("includes/navbar.inc.php") ; echo '<link rel=\'stylesheet\' href=\'includes/layoutstylesheet.css\' type=\'text/css\'><div id=\'content\'>' ; if($_POST['submit'] == 'Login') { $username = addslashes(htmlspecialchars($_POST['username'])) ; $password = md5($_POST['password']) ; $query = mysql_query("SELECT * FROM user WHERE username ='".$username."' AND password='".$password."'") ; if(mysql_num_rows($query) < 1) { $pwunerror = 'Please enter the correct username or password.' ; $error = 1 ; } if(!$username) { $usererror = 'Please enter a username.' ; $error = 1 ; } if(!password) { $passerror = 'Please enter a password.' ; $error = 1 ; } } if($error == 1) { echo'<form method="post" action="login.php"><br />Username: <input type="text" name="username"><br />Password: <input type="password" name="password"><br /><input type="submit" name="submit" value="Login">' ; echo'<br />' ; echo $pwunerror ; echo'<br />' ; echo $usererror ; echo'<br />' ; echo $passerror ; } if(!$error && isset($_COOKIE['kurukouser'])) { $username = $_COOKIE['kurukouser'] ; echo'You are already logged in '.$username.'.' ; } if(!$_POST['submit'] == 'Login' && !$username) { echo'<form method="post" action="login.php"><br />Username: <input type="text" name="username"><br />Password: <input type="password" name="password"><br /><input type="submit" name="submit" value="Login">' ; } echo '</div>' ; ?> Timecatcher. Quote Link to comment Share on other sites More sharing options...
limitphp Posted December 12, 2008 Share Posted December 12, 2008 the if($error != 1 && $_POST['submit'] == 'Login') { $timestamp = 60*60*24*90 ; setcookie('kurukouser',$username,time()+$timestamp) ; setcookie('kurukopass',$password,time()+$timestamp) ; } SHould be BELOW all the other stuff. You are checking if error is not equal to one before you set error to one. Quote Link to comment Share on other sites More sharing options...
timecatcher Posted December 12, 2008 Author Share Posted December 12, 2008 Alright its just hard to do this when I have to worry about the 'navbar' bit giving header errors but alright thanks . Im not entirely sure how to set it up without causing header errors . Timecatcher. Quote Link to comment Share on other sites More sharing options...
timecatcher Posted December 12, 2008 Author Share Posted December 12, 2008 Ok I now set it out like this but its still not working: <? require ("includes/connect.inc.php") ; if($_POST['submit'] == 'Login') { $username = addslashes(htmlspecialchars($_POST['username'])) ; $password = md5($_POST['password']) ; $query = mysql_query("SELECT * FROM user WHERE username ='".$username."' AND password='".$password."'") ; if(mysql_num_rows($query) < 1) { $pwunerror = 'Please enter the correct username or password.' ; $error = 1 ; } if(!$username) { $usererror = 'Please enter a username.' ; $error = 1 ; } if(!password) { $passerror = 'Please enter a password.' ; $error = 1 ; } } if($error != 1 && $_POST['submit'] == 'Login') { $timestamp = 60*60*24*90 ; setcookie('kurukouser',$username,time()+$timestamp) ; setcookie('kurukopass',$password,time()+$timestamp) ; } require("includes/navbar.inc.php") ; echo '<link rel=\'stylesheet\' href=\'includes/layoutstylesheet.css\' type=\'text/css\'><div id=\'content\'>' ; if($error == 1) { echo'<form method="post" action="login.php"><br />Username: <input type="text" name="username"><br />Password: <input type="password" name="password"><br /><input type="submit" name="submit" value="Login">' ; echo'<br />' ; echo $pwunerror ; echo'<br />' ; echo $usererror ; echo'<br />' ; echo $passerror ; } if(!$error && isset($_COOKIE['kurukouser'])) { $username = $_COOKIE['kurukouser'] ; echo'You are already logged in '.$username.'.' ; } if(!$_POST['submit'] == 'Login' && !$username) { echo'<form method="post" action="login.php"><br />Username: <input type="text" name="username"><br />Password: <input type="password" name="password"><br /><input type="submit" name="submit" value="Login">' ; } echo '</div>' ; ?> Thanks, Timecatcher. Quote Link to comment Share on other sites More sharing options...
gevans Posted December 12, 2008 Share Posted December 12, 2008 There's a few problems with the way your code is laid out I'm going to re-write it a lil and chuck it back to you Quote Link to comment Share on other sites More sharing options...
timecatcher Posted December 12, 2008 Author Share Posted December 12, 2008 Thanks mate . Im still learning so sorry about that Im just trying to get my head around laying out cookies and stuff because of 'headers' which are a pain and seem completely pointless them being coded if you ask me but still . Im sure theres a proper reason really. Timecatcher. Quote Link to comment Share on other sites More sharing options...
Flames Posted December 12, 2008 Share Posted December 12, 2008 could always use echo "<script type=\"text/javascript\">window.location=\"link.php\"</script>"; die(); Wont give header errors and will redirect you, just make sure die() is there or the whole code after the if statement will still get executed. Quote Link to comment Share on other sites More sharing options...
gevans Posted December 12, 2008 Share Posted December 12, 2008 <?php require("includes/connect.inc.php") ; $error = FALSE; if($_POST['submit'] == 'Login'){ $username = (isset($_POST['username']) && $_POST['username'] != "") ? mysql_real_escape_string($_POST['username']) : FALSE; $password = (isset($_POST['password']) && $_POST['password'] != "") ? md5($_POST['password']) : FALSE; $errormsg = NULL; if(!$username) { $errormsg .= 'Please enter a username.<br />' ; $error = TRUE ; } if(!password) { $errormsg .= 'Please enter a password.<br />' ; $error = TRUE ; } if(!$error) { $query = mysql_query("SELECT * FROM user WHERE username ='$username' AND password='$password'") ; if(mysql_num_rows($query) < 1) { $errormsg .= 'Please enter the correct username or password.<br />' ; $error = TRUE ; } else { $timestamp = 60*60*24*90 ; setcookie('kurukouser',$username,time()+$timestamp) ; setcookie('kurukopass',$password,time()+$timestamp) ; header('Location: '$_SEREVR['PHP_SELF']); } } } require("includes/navbar.inc.php") ; echo '<link rel='stylesheet' href='includes/layoutstylesheet.css' type='text/css'><div id='content'>' ; if($error) { echo'<form method="post" action="login.php"><br />Username: <input type="text" name="username"><br />Password: <input type="password" name="password"><br /><input type="submit" name="submit" value="Login">' ; echo'<br />' ; echo $errormsg; } if(!$error && isset($_COOKIE['kurukouser'])) { $username = $_COOKIE['kurukouser'] ; echo'You are already logged in '.$username.'.' ; } else { echo'<form method="post" action="login.php"><br />Username: <input type="text" name="username"><br />Password: <input type="password" name="password"><br /><input type="submit" name="submit" value="Login">' ; } echo '</div>' ; ?> Quote Link to comment Share on other sites More sharing options...
timecatcher Posted December 12, 2008 Author Share Posted December 12, 2008 Ok guys heres the code that Gar, gave me its working fine however still no futher with this whole cookie thing unfortunately. Check out the issue here: http://kurukolands.co.uk/login.php [edit] - Forgot to add the code . <?php require("includes/connect.inc.php") ; $error = FALSE; if($_POST['submit'] == 'Login'){ $username = (isset($_POST['username']) && $_POST['username'] != "") ? mysql_real_escape_string($_POST['username']) : FALSE; $password = (isset($_POST['password']) && $_POST['password'] != "") ? md5($_POST['password']) : FALSE; $errormsg = NULL; if(!$username) { $errormsg .= 'Please enter a username.<br />' ; $error = TRUE ; } if(!password) { $errormsg .= 'Please enter a password.<br />' ; $error = TRUE ; } if(!$error) { $query = mysql_query("SELECT * FROM user WHERE username ='$username' AND password='$password'") ; if(mysql_num_rows($query) < 1) { $errormsg .= 'Please enter the correct username or password.<br />' ; $error = TRUE ; } else { $timestamp = 60*60*24*90 ; setcookie('kurukouser',$username,time()+$timestamp) ; setcookie('kurukopass',$password,time()+$timestamp) ; header('Location: '.$_SERVER['PHP_SELF'].'') ; } } } require("includes/navbar.inc.php") ; echo '<link rel=\'stylesheet\' href=\'includes/layoutstylesheet.css\' type=\'text/css\'><div id=\'content\'>' ; if($error) { echo'<form method="post" action="login.php"><br />Username: <input type="text" name="username"><br />Password: <input type="password" name="password"><br /><input type="submit" name="submit" value="Login">' ; echo'<br />' ; echo $errormsg; } if(!$error && isset($_COOKIE['kurukouser'])) { $username = $_COOKIE['kurukouser'] ; echo'You are already logged in '.$username.'.' ; } elseif(!$_POST['submit']) { echo'<form method="post" action="login.php"><br />Username: <input type="text" name="username"><br />Password: <input type="password" name="password"><br /><input type="submit" name="submit" value="Login">' ; } echo '</div>' ; ?> Thanks, Timecatcher. Quote Link to comment Share on other sites More sharing options...
timecatcher Posted December 13, 2008 Author Share Posted December 13, 2008 Anyone good with cookies who could help please? Thanks, Timecatcher. Quote Link to comment Share on other sites More sharing options...
corbin Posted December 13, 2008 Share Posted December 13, 2008 Never trust cookies. They, just like anything sent to the client, can be manipulated. You should be storing username and password in the cookie, not just username. (You can hash the password or whatever so it's not plain text.) Quote Link to comment Share on other sites More sharing options...
Flames Posted December 14, 2008 Share Posted December 14, 2008 even better use sessions the user cant edit a session Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.