joshgarrod Posted June 16, 2009 Share Posted June 16, 2009 Hi everyone. I am in need of a login script, I found this one on the web. I am not familiar with cookies at all, the model doesn't seem to work. What is wrong? At the moment, if you try to access protected_page.php it redirects to login.php which is what it should do. However, when I log in with the correct username and password it just reloads login.php and doesn't redirect to protected_page.php as it should. Thanks is advance login.php <?php $act = $_GET['act']; //retrives the page action if(empty($act)) //if there is no action { echo('<form action="login.php?act=auth" method="post" name="loginform" id="loginform"> <p>Username <input type="text" name="user"> </p> <p>Password <input type="password" name="pass"> </p> <p> <input type="submit" name="Submit" value="Login"> </p> </form>'); } elseif($act == "auth") //if our page action = auth { $user = $_POST['user']; //pulls the username from the form $pw = $_POST['pass']; //pulls the pass from the form<strong></strong> $pass = md5($pw); //makes our password an md5 include("connect.php"); //connects to our mysql database $login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`"); //selects info from our table if the row has the same user and pass that our form does if(!mysql_num_rows($login)) //if the username and pass are wrong { header("Location: login.php"); //redirects to our login page die(); //stops the page from going any further } else { setcookie("user", $user, time()+3600);//sets our user cookie setcookie("pass", $pass, time()+3600);//sets our pass cookie header("Location: protected_pag.php");//instead of yourpage.php it would be your protected page } } ?> protect.php <?php $user = $_COOKIE['user']; //gets the user from the cookies $pass = $_COOKIE['pass']; //gets the pass from cookies include("connect.php"); // connects to our database $login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`"); //selects info from our table if the row has the same user and pass that our cookies do if(!mysql_num_rows($login)) //if the username and pass are wrong { header("Location: login.php"); //redirects to our login page die(); //stops the page from going any further } ?> protected_page.php <?php require("protect.php"); ?> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted June 17, 2009 Share Posted June 17, 2009 This line $login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`"); //selects info from our table if the row has the same user and pass that our form does in both login.php and protect.php is slightly wrong change to $login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass' "); //selects info from our table if the row has the same user and pass that our form does (note the last ' instead of `) Quote Link to comment Share on other sites More sharing options...
gaspan1984 Posted June 20, 2009 Share Posted June 20, 2009 This line $login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`"); //selects info from our table if the row has the same user and pass that our form does in both login.php and protect.php is slightly wrong change to $login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass' "); //selects info from our table if the row has the same user and pass that our form does (note the last ' instead of `) I'm not sure about this code, but my script is working in this type of code $login = mysql_query("SELECT * FROM users WHERE user = '$user' AND pass = '$pass' "); //selects info from our table if the row has the same user and pass that our form does Just remove the single quote in every entity name Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.