problem with login system

[fael097]

hi, I'm coding a website, after being away from php for a while, and there's this simple thing that's driving me crazy. I made a simple login system to test, and I have to refresh the page twice so it becomes active, and I can't figure out why. what's wrong with this code? (keep in mind that it's just a test, I plan to get username from database, send encrypted info to cookies, and all that, but after I get this working)

 

<?php
if (isset($_POST['submitlogin']))
{	if ((($_POST['username'])&&($_POST['password']))=="admin")
{ setcookie("user", "Administrator", time()+3600);
} else { $loginerror="1"; } }
if (isset($_GET['logout']))
{ setcookie("user", "", time()-3600); }
?>
<html>
<head>
</head>
<body>

<?php
if (isset($_COOKIE['user']))
{ echo "Hello, ".$_COOKIE['user'];
?>

<br /><a href="?logout=yes">Logout</a>

<?php }else{?>

<form action="" method="post">
<input name="username" type="text" /><br />
<input name="password" type="password" /><br />
<input name="submitlogin" type="submit" value="Login" />
</form>

<?php }?>

</body>
</html>

 

thanks for any help!

[AyKay47]

this line should be the problem:

 

if ((($_POST['username'])&&($_POST['password']))=="admin")

 

the parenthesis are a little out of whack.

 

should read:

 

if (($_POST['username'] == 'admin') && ($_POST['password']))

 

but, what exactly is supposed to equal 'admin'? Both fields?

learn to space your code out to make it more readable.

If this does not solve your issue, post any errors that you are receiving.

[fael097]

thanks, and yeah, I just made both fields "admin" as a placeholder.

 

but that didn't fix the problem. when I enter username and password, and press login, it runs form action, fields reset, but it doesn't login. cookies are set, but page is still the same. then if I press again, or simply refresh the page or even press enter on adress bar again, page changes, and I can see that I'm logged in, and the "hello administrator" message. then if I press logout, same thing. the hello page will still be there, until I press logout a second time, or refresh my page. and I have no idea why that's happening, but no errors or anything. I tried this on my local xampp server, and on an online host, same thing on both, so it's my code

[fael097]

ok, so I found out that you can't set the cookie and retrieve it's value on the same request, that's why you need to refresh it twice. but how do i do this then? what's a workaround for that?

[AyKay47]

why not use sessions?

[fael097]

actually I don't know why not to use sessions. guess I learned with cookies some time ago.

I fixed my problem by simply adding a header after setting the cookie.

setcookie("User", "value", time()+3600);
header("location: admin.php?ref=login");

that would refresh the page again, and therefore it could properly check if cookie has been set. same thing worked with logout.

 

but now that you mentioned, it would be better to use sessions indeed. I'd still have to use cookies if I wanted a "remember me" option, right?

suggestions?

[l0gic]

actually I don't know why not to use sessions. guess I learned with cookies some time ago.

I fixed my problem by simply adding a header after setting the cookie.

setcookie("User", "value", time()+3600);
header("location: admin.php?ref=login");

that would refresh the page again, and therefore it could properly check if cookie has been set. same thing worked with logout.

 

but now that you mentioned, it would be better to use sessions indeed. I'd still have to use cookies if I wanted a "remember me" option, right?

suggestions?

 

A healthy combination of both would work well.

[AyKay47]

I'd still have to use cookies if I wanted a "remember me" option, right?

 

yes, just don't store sensitive data in them like a user id or password, they can be hijacked.