Jump to content

Help: Creating a simple PHP login with cookies

JC99

By JC99
in PHP Coding Help

 Share

Recommended Posts

JC99 Newbie

JC99

Posted
Posted

Hello everyone,

 

I am trying to create a PHP login script using cookies but am having some troubles. Basically here is my setup

 

index.php -> login.php -> admin.php

 

I want a form on the index.php script that has the username and password and passes the $_POST['username'] and $_POST['password'] variables to login.php

 

Then login.php authenticates against a database of allowed users (Which I already is setup and works fine) and also (and I am not sure about this) sets the cookie info from the form.

 

Finally admin.php is loaded. The admin.php code would look like the following..

 

<?php
if (isset($_COOKIE['username']) && isset($_COOKIE['password']) {
echo "success!";
} else {
echo "Failure";
}
?>?>

 

So basically I need to somehow create a cookie from index.php and pass the information to login.php and then pass the information to admin.php.

 

Anyone know how to do this?

Link to comment
Share on other sites
JC99 Newbie

JC99

Posted
  • Author
Posted
index.php -> login.php -> admin.php

 

Yeah, I know about that. But I am obviously using it the wrong way cause its not working.I set the cookie like this...

setcookie("Admin", $username);

Do I set the cookie on index.php (where the login form is) or login.php which the forms loads when my username and password are submitted. And if I set it on index.php, how do I access it on admin.php?

 

Just a note: The login.php just checks that the user is a valid by authenticating with the database and then, if everything is valid, uses the following code to load admin.php.

header("location:admin.php");

 

Link to comment
Share on other sites
JC99 Newbie

JC99

Posted
  • Author
Posted

I finally got it working. I needed to setcookie() in login.php. Also, the names of the cookies where wrong(They where Admin when they should have been adminuser and adminpass) Once I fixed that then the following worked in admin.php...

<?php
if (isset($_COOKIE['adminuser']) && isset($_COOKIE['adminpass'])) {
echo "Success";
} else {
echo "Failed";
}
?>

Link to comment
Share on other sites
Adam Advanced Member

Adam

Posted
Posted

Although the script may work, it isn't exactly secure. Consider that cookies can be added / modified so easily, just testing if the cookie has been set isn't secure enough, because they can just add it. There's also the chance of cookie stealing scripts obtaining your login info; you'd be better off using PHP sessions.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.