Login system help

[joshgarrod]

Hi everyone. I am in need of a login script, I found this one on the web. I am not familiar with cookies at all, the model doesn't seem to work. What is wrong?

 

At the moment, if you try to access protected_page.php it redirects to login.php which is what it should do. However, when I log in with the correct username and password it just reloads login.php and doesn't redirect to protected_page.php as it should.

 

Thanks is advance

 

login.php

<?php
$act = $_GET['act']; //retrives the page action
if(empty($act)) //if there is no action
{
  echo('<form action="login.php?act=auth" method="post" name="loginform" id="loginform">
  <p>Username
  <input type="text" name="user">
  </p>
  <p>Password
  <input type="password" name="pass">
  </p>
  <p>
  <input type="submit" name="Submit" value="Login">
  </p>
  </form>');
}
elseif($act == "auth") //if our page action = auth
{
  $user = $_POST['user']; //pulls the username from the form
  $pw = $_POST['pass']; //pulls the pass from the form<strong></strong>
  $pass = md5($pw); //makes our password an md5
  include("connect.php"); //connects to our mysql database
  $login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`"); //selects info from our table if the row has the same user and pass that our form does
  if(!mysql_num_rows($login)) //if the username and pass are wrong
  {
    header("Location: login.php");  //redirects to our login page
    die(); //stops the page from going any further
  }
  else
  {
    setcookie("user", $user, time()+3600);//sets our user cookie
        setcookie("pass", $pass, time()+3600);//sets our pass cookie
        header("Location: protected_pag.php");//instead of yourpage.php it would be your protected page
  } 
}
?>

 

protect.php

<?php
$user = $_COOKIE['user']; //gets the user from the cookies
$pass = $_COOKIE['pass']; //gets the pass from cookies
include("connect.php"); // connects to our database
$login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`"); //selects info from our table if the row has the same user and pass that our cookies do
if(!mysql_num_rows($login)) //if the username and pass are wrong
{
  header("Location: login.php");  //redirects to our login page
  die(); //stops the page from going any further
}
?>

 

protected_page.php

<?php require("protect.php"); ?>

[MadTechie]

This line

$login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`"); //selects info from our table if the row has the same user and pass that our form does

in both login.php and protect.php is slightly wrong

 

change to

$login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass' "); //selects info from our table if the row has the same user and pass that our form does

(note the last ' instead of `)

[gaspan1984]

This line

$login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass`"); //selects info from our table if the row has the same user and pass that our form does

in both login.php and protect.php is slightly wrong

 

change to

$login = mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass' "); //selects info from our table if the row has the same user and pass that our form does

(note the last ' instead of `)

I'm not sure about this code, but my script is working in this type of code

$login = mysql_query("SELECT * FROM users WHERE user = '$user' AND pass = '$pass' "); //selects info from our table if the row has the same user and pass that our form does

Just remove the single quote in every entity name