Ahmedamer Posted September 4, 2014 Share Posted September 4, 2014 (edited) i was trying to make a new login script and wanted to make point system which i can add points manually to member so i made a new column and named it userpoint i tried many many codes First i used $_SESSION['userName'] = $username; echo "Welcome ".$_SESSION['userName']."!"; $_SESSION['userpoint'] = $userpoint; echo "you got".$_SESSION['userpoint']."!"; the page showed username but didn`t show the points ! i tried then i figured out cookies if(isset($_COOKIE['ID_my_site'])) { setcookie( "userpoint"); $username = $_COOKIE['ID_my_site']; $userpoint = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check)) { this time the page shows both of usernames without mentioning the points ! i changed $userpoint = $_COOKIE['ID_my_site']; to $userpoint = $_COOKIE['Key_my_site'] ; and it showed the hashed password i want to set a new $_COOKIE so i can get members point to member area is that possible ? the script is still missing secure and salt and the security stuff i`ll add them later i just want to know if is that possible Edited September 4, 2014 by Ahmedamer Quote Link to comment Share on other sites More sharing options...
sKunKbad Posted September 4, 2014 Share Posted September 4, 2014 It is good that you want to learn about an authentication script, but what you don't realize is how much work it can take to make it safe for you and your site visitors. I suggest that you learn how to debug your script. For instance, at any given point in your script, you should know what the values are for the variables you are using. One observation: what is the meaning of using setcookie() on line 4? Also, why set two variables with the same value ( $_COOKIE['ID_my_site'] )? Also, $username in your query is not safe. You should be using a prepared statement or somehow sanitizing $username. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted September 4, 2014 Share Posted September 4, 2014 Ahmedamer, you can ask your question as often as you want, the answer will always be the same: The code you've stolen is garbage, PHP simply doesn't work like that. You do not store your user credentials in friggin' cookies. Why did you even create a new thread? Strider64 just pointed you to his log-in tutorial which is actually a good introduction. So why not take the chance? Learn from people who know what they're doing, not from some 10-year-old crap code you found somewhere on the Internet. I understand that you're impatient and expect to have a fully working application by tomorrow. But programming takes time, especially when you're new to all this. Don't rush it. Sure, you could take the next best code snippet you found on Google, upload it and hope that it will do what you want. But then you'll have the same problem like the people who open random e-mail attachments: You'll get “hacked”. How does that help you? Calm down, throw away the garbage code and carefully read Strider's tutorial. If you have a question about it, I'm sure we can help you. Quote Link to comment Share on other sites More sharing options...
Ahmedamer Posted September 4, 2014 Author Share Posted September 4, 2014 (edited) Sorry for opening a new topic jacques1 also i found that script on the internet didn`t steal it ! Btw i`ll stick with Strider64 login tutorial and if i needed any help i`ll come to you, Thanks Edited September 4, 2014 by Ahmedamer Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.