treilad Posted July 27, 2006 Share Posted July 27, 2006 I'm trying to get my login script to install an additional cookie if the person logging in is an administrator. Here is my login code:[code]<?phpinclude ('db.php');if(isset($_COOKIE['ID_my_site'])){ $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: index.php"); } }}if (isset($_POST['submit'])) { if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());$check2 = mysql_num_rows($check);if ($check2 == 0) { die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>'); }while($info = mysql_fetch_array( $check )) {$_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); }else{ $_POST['username'] = stripslashes($_POST['username']);$hour = time() + 2592000; setcookie(ID_my_site, $_POST['username'], $hour);setcookie(Key_my_site, $_POST['pass'], $hour);header("Location: admincheck.php");}}} else { ?><form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"><table border="0"><tr><td colspan=2><h1>Login</h1></td></tr><tr><td>Username:</td><td><input type="text" name="username" maxlength="40"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" maxlength="50"></td></tr><tr><td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td></tr></table></form><?php}?>[/code]Admincheck.php would be the code that checked to see if the ID_my_site cookie contained the name 'Treilad'. If it did, it would install the Admin_my_site cookie. If not, it would header to index.php. How can I get it to check if the cookie contains 'Treilad'?I also tried this under the setcookies in the login code:if($_POST['username'] = 'Treilad' && $_POST['pass'] = 'letmein'){setcookie(Admin_my_site, $_POST['username'], $hour);}but it sets the cookie no matter who logs in, ignoring the conditional. Link to comment https://forums.phpfreaks.com/topic/15828-admin-cookie/ Share on other sites More sharing options...
xyph Posted July 27, 2006 Share Posted July 27, 2006 That information is better retrieved from the db every pageview imo. Allowing admin status to be stored in a cookie without referencing to the database every time is asking for abuse. Link to comment https://forums.phpfreaks.com/topic/15828-admin-cookie/#findComment-64789 Share on other sites More sharing options...
treilad Posted July 27, 2006 Author Share Posted July 27, 2006 =/ Yeah. It would seem so. Nvm. I've got another way around it. :) Link to comment https://forums.phpfreaks.com/topic/15828-admin-cookie/#findComment-64790 Share on other sites More sharing options...
king arthur Posted July 27, 2006 Share Posted July 27, 2006 [code]if($_POST['username'] = 'Treilad' && $_POST['pass'] = 'letmein'){setcookie(Admin_my_site, $_POST['username'], $hour);}[/code]Classic mistake which everyone does I'm sure!What you actually meant was[code]if($_POST['username'] == 'Treilad' && $_POST['pass'] == 'letmein'){setcookie(Admin_my_site, $_POST['username'], $hour);}[/code]Note the double '=' signs! Link to comment https://forums.phpfreaks.com/topic/15828-admin-cookie/#findComment-64839 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.