Jump to content

Archived

This topic is now archived and is closed to further replies.

treilad

Admin cookie

Recommended Posts

I'm trying to get my login script to install an additional cookie if the person logging in is an administrator. Here is my login code:

[code]<?php

include ('db.php');

if(isset($_COOKIE['ID_my_site']))

{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check ))
{

if ($pass != $info['password'])
{

}

else
{
header("Location: index.php");

}

}

}


if (isset($_POST['submit'])) {


if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or

die(mysql_error());

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=registration.php>Click Here to

Register</a>');
}


while($info = mysql_fetch_array( $check ))
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);


if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}

else
{

$_POST['username'] = stripslashes($_POST['username']);

$hour = time() + 2592000;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);


header("Location: admincheck.php");
}

}

} else {

?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}


?>[/code]

Admincheck.php would be the code that checked to see if the ID_my_site cookie contained the name 'Treilad'. If it did, it would install the Admin_my_site cookie. If not, it would header to index.php. How can I get it to check if the cookie contains 'Treilad'?

I also tried this under the setcookies in the login code:

if($_POST['username'] = 'Treilad' && $_POST['pass'] = 'letmein'){
setcookie(Admin_my_site, $_POST['username'], $hour);
}

but it sets the cookie no matter who logs in, ignoring the conditional.

Share this post


Link to post
Share on other sites
That information is better retrieved from the db every pageview imo. Allowing admin status to be stored in a cookie without referencing to the database every time is asking for abuse.

Share this post


Link to post
Share on other sites
[code]
if($_POST['username'] = 'Treilad' && $_POST['pass'] = 'letmein'){
setcookie(Admin_my_site, $_POST['username'], $hour);
}
[/code]

Classic mistake which everyone does I'm sure!

What you actually meant was

[code]
if($_POST['username'] == 'Treilad' && $_POST['pass'] == 'letmein'){
setcookie(Admin_my_site, $_POST['username'], $hour);
}
[/code]

Note the double '=' signs!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.