Jump to content

[SOLVED] Authorization Script Problem


twilitegxa

Recommended Posts

In the following script, it allows the user to log in, and displays the page that points to the secret page link, but when you click the secret page link, it keeps directing you back to the log in page. Can someone see what I'm doing wrong? Here is all the scripts being used:

 

Log In Form:

<html>
<head>
<title>User Login Form</title>
</head>
<body>
<h1>Login Form</h1>
<form method="post" action="listing15.8.php">
<p><strong>Username:</strong>
<input type="text" name="username"></p>
<p><strong>Password:</strong>
<input type="password" name="password"></p>
<p><input type="submit" name="submit" value="Login"</p>
</form>
</body>
</html>

 

User Log In Page:

<?php
//check for required fields from the form
if ((!$_POST['username']) || (!$_POST['password'])) {
header("Location: listing15.7.php");
exit;
}

//connect to server and select database
$conn = mysql_connect("localhost", "root", "")
or die(mysql_error());
mysql_select_db("smrpg",$conn) or die(mysql_error());

//create and issue the query
$sql = "select f_name, l_name from auth_users where username = 
'$_POST[username]' AND password = password('$_POST[password]')";
$result = mysql_query($sql,$conn) or die(mysql_error());

//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {

//if authorized, get the value of f_name l_name
$f_name = mysql_result($result, 0, 'f_name');
$l_name = mysql_result($result, 0, 'l_name');

//set authorization cookie
setcookie("auth", "1", 0, "/", "yourdomain.com", 0);

//prepare message for printing, and user menu
$msg = "<p>$f_name $l_name is authorized!</p>";
$msg .= "<p>Authorized Users' Menu:</p>";
$msg .= "<ul><li><a href=\"listing15.9.php\">secret page</a></li></ul>";

} else {

//redirect back to login if not authorized
header("Location: listing15.7.php");
exit;
}
?>
<html>
<head>
<title>Listing 15.8 User Login</title>
</head>
<body>
<?php print "$msg"; ?>
</body>
</html>

 

Secret/Restricted Page:

<?php
if ($_COOKIE['auth'] == "1") {
$msg = "<p>You are an authorized user.</p>";
} else {
//redirect back to login form if not authorized
header("Location: listing15.7.php");
exit;
}
?>
<html>
<head>
<title>Listing 15.9 Accessing a restricted page</title>
</head>
<body>
<?php print "$msg"; ?>
</body>
</html>

 

What am I doing wrong?

Link to comment
https://forums.phpfreaks.com/topic/165567-solved-authorization-script-problem/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.