Jump to content

little help about cookies


Ahmedamer

Recommended Posts

i was trying to make a new login script and wanted to make point system which i can add points manually to member so i made a new column and named it userpoint i tried many many codes First i used


$_SESSION['userName'] = $username;
echo "Welcome ".$_SESSION['userName']."!";
$_SESSION['userpoint'] = $userpoint;
echo "you got".$_SESSION['userpoint']."!";
 

the page showed username but didn`t show the points ! i tried then i figured out cookies

if(isset($_COOKIE['ID_my_site'])) 

 { 
setcookie( "userpoint");
 	$username = $_COOKIE['ID_my_site']; 
 	$userpoint = $_COOKIE['ID_my_site'];

 	$pass = $_COOKIE['Key_my_site']; 

 	 	$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); 
 

 	while($info = mysql_fetch_array( $check)) 	 

 		{  

this time the page shows both of usernames without mentioning the points ! i changed    

$userpoint = $_COOKIE['ID_my_site']; 

 to    

$userpoint = $_COOKIE['Key_my_site'] 

; and it showed the hashed password i want to set a new $_COOKIE so i can get members point to member area is that possible ? the script is still missing secure and salt and the security stuff i`ll add them later i just want to know if is that possible 

Edited by Ahmedamer
Link to comment
Share on other sites

It is good that you want to learn about an authentication script, but what you don't realize is how much work it can take to make it safe for you and your site visitors.

 

I suggest that you learn how to debug your script. For instance, at any given point in your script, you should know what the values are for the variables you are using.

 

One observation: what is the meaning of using setcookie() on line 4?

 

Also, why set two variables with the same value ( $_COOKIE['ID_my_site'] )?

 

Also, $username in your query is not safe. You should be using a prepared statement or somehow sanitizing $username.

Link to comment
Share on other sites

Ahmedamer, you can ask your question as often as you want, the answer will always be the same: The code you've stolen is garbage, PHP simply doesn't work like that. You do not store your user credentials in friggin' cookies.

 

Why did you even create a new thread? Strider64 just pointed you to his log-in tutorial which is actually a good introduction. So why not take the chance? Learn from people who know what they're doing, not from some 10-year-old crap code you found somewhere on the Internet.

 

I understand that you're impatient and expect to have a fully working application by tomorrow. But programming takes time, especially when you're new to all this. Don't rush it. Sure, you could take the next best code snippet you found on Google, upload it and hope that it will do what you want. But then you'll have the same problem like the people who open random e-mail attachments: You'll get “hacked”. How does that help you?

 

Calm down, throw away the garbage code and carefully read Strider's tutorial. If you have a question about it, I'm sure we can help you.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.