speedy_rudolf Posted September 17, 2010 Share Posted September 17, 2010 Hi. I'm trying to make a website where people have to login to be able to see some contents. But I kind of got stuck. I'm trying to use cookies, but I can't get them to work. (The following code is to test if the cookies/site work) Login page: <html> <head> <script language="javascript"> <!-- function setcookie(){ document.cookie = "logged="+escape("Dom Director") window.location = "/site.html"} </script> </head> <body onload="setcookie()"></body> </html> Site Page: <html> <head><title>TITLU</title> </script> <script language="javascript"> <!-- function getCookie(cookies){ var results = document.cookie.match ( '(^| ?' + cookies + '=([^;]*)(;|$)' ); if ( results ) return ( unescape ( results[2] ) ); else return null;} </script> </head> <body> <table width="100%"> <tr height="150"></tr> <tr><td width="150">bara navigatie</td> <td width="0*"><img src="400p.png"> <script>if (!getCookie('logged')) document.write('You're not logged in.') else document.write('Hello , '+getCookie("logged"))</script> The problem is that it doesn't matter if I load the site page or the login page, I only get "you're not logged in", so either the cookie isn't being set, or the search doesn't find the cookie. Any help will be very much appreciated. Bye. Quote Link to comment Share on other sites More sharing options...
Adam Posted September 17, 2010 Share Posted September 17, 2010 First up, NEVER rely on a cookie for user authentication. It'd take a user a few seconds to modify the cookie to be any user they want. Not only that, but not every user has JavaScript enabled. You need to look server-side for a secure login. I'd read up on a few PHP user login tutorials to familiarise yourself with the logic behind it. Then I'd also have a good read up on security (to ensure your system has no vulnerabilities), PHPFreaks have a good tutorial on security. Then I'd scrap the tutorials you read and write your own from scratch, then have someone look over it; to ensure you understand the concept and are following the best practises. JavaScript though is certainly not the way to go. Quote Link to comment Share on other sites More sharing options...
speedy_rudolf Posted September 17, 2010 Author Share Posted September 17, 2010 First up, NEVER rely on a cookie for user authentication. It'd take a user a few seconds to modify the cookie to be any user they want. Not only that, but not every user has JavaScript enabled. You need to look server-side for a secure login. I'd read up on a few PHP user login tutorials to familiarise yourself with the logic behind it. Then I'd also have a good read up on security (to ensure your system has no vulnerabilities), PHPFreaks have a good tutorial on security. Then I'd scrap the tutorials you read and write your own from scratch, then have someone look over it; to ensure you understand the concept and are following the best practises. JavaScript though is certainly not the way to go. Thanks for the heads up. And I just found out what was wrong with my script (I was missing the cookie path=/) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.