[SOLVED] Having trouble with "members only" sections with PHP script

[dgs]

Alright, so I installed this script that allows users to register to my site and gain access to their own profiles and member's only pages on my site.

The problem is:

When I put the code that makes the page members only on my page, if you aren't logged in, it asks you to. But even after someone logs in, it still asks them to log in.

 

But that doesn't happen in the directory of the log in page.

 

Alright, so, the log in page is in the directory "/members" of my site. So is the user's profile page.

When you go to the profile page not logged in, it asks you to log in. If you do, then the profile page shows your profile.

But any page not in the "/members" directory doesn't work with the code.

 

Here's the code to make a page member's only.

 

<?php
$username = $_COOKIE['loggedin'];
if (!isset($_COOKIE['loggedin'])) die("You are not logged in, <a href='/members/login.html'>click here</a> to login.");
echo "You are logged in as <strong>$username</strong>";
?>

[PFMaBiSmAd]

http://us2.php.net/setcookie

 

The 4th parameter of the setcookie() function sets the path that the cookie will match.

If set to '/', the cookie will be available within the entire domain

[dgs]

Thank you!

I'm new to PHP so I don't know much.

Where do I put the "/"?

[peter_anderson]

Post the other part to the script (it should be login)

[dgs]

There's a few parts to the script.

Which part do you want?

 

For the log in, there's the HTML form that submits the log in information, and there's the PHP page that the information gets sent to.

[Rayhan Muktader]

Doing the following should make the cookie available to all directories under / and force the cookie to expire after two hours.

setcookie("loggedin",$value, time()+3600*2,"/");

[dgs]

I found this line in my login.php page that looks similar to that:

 

setcookie("loggedin", "".$_POST['username']."", time()+(3600 * 24));

 

Would I change it to something like this?:

 

setcookie("loggedin", "".$_POST['username']."", time()+(3600 * 24, "/"));

 

[phant0m]

I suggest you, to read about Sessions.

Note that you can only set cookies, until headers are sent, i.e. until any output is generated(e.g html/whitespace before <?php, echos, etc)

Also, if a cookie is set using set_cookie, $_COOKIE will remain unchanged until the next request.

[dgs]

Ah, nevermind, I found out how.

 

setcookie("loggedin", "".$_POST['username']."", time()+(3600 * 24), "/");

 

[phant0m]

Yes, this attempt works, but using Sessions is quite comfortable. It will ease your life, also the server stores all the values, not the client.

[dgs]

Well, I would do what you suggest, but I'm a complete beginner with PHP and I don't know what any of that means :/

[947740]

http://us2.php.net/manual/en/book.session.php

 

AND

 

http://us2.php.net/manual/en/session.examples.basic.php

[dgs]

Thank you, 947740