User Authentication Page with cookies, please help.

[russ_gillespie]

Hi there,

 

This is only my 2nd post here but I've just been on a PHP Intro course so I've spent today trying some stuff out. Now I'm stuck

 

Here what I want to do:

 

3 Pages.

 

The first asks the user to enter their name and password (the name is irrelevent really its the password that important).

The next time they visit this page, their name and password will be retrieved from cookies and they are automatically forwarded to the secure page.

 

The second page is the page that checks whether the password they entered is the correct one, saves the cookies and sends them forward or back depending on the outcome.

 

The third page is the secure page which, like the first, checks for cookies with the correct info and either lets them stay or it sends them back to the first page.

 

Here's what I have so far (Ive changed cookienames and document names):

 

 

PAGE 1:

 

Before the <html> tag.

 

<?php

$password = $_COOKIE['cookie_password'];

if($password == "password") {

header("Location:PAGE3.php");

exit();

}

?>

 

 

Then in the <body> of the document:

 

<form action="check.php" method="post" name="auth" id="auth">

<input name="firtsname" type="text" id="firtsname">

<input name="lastname" type="text" id="lastname">

<input name="password" type="password" id="password">

<input type="submit" name="Submit" value="Submit">

<input type="reset" name="Reset" value="Clear">

</form>

 

 

PAGE 2:

 

<?php

header("Cache-control: private");

$firstname = $_POST['firstname'];

$lastname = $_POST['lastname'];

$password = $_POST['password'];

if(($firstname != null) && ($lastname != null) && ($password == "password")) {

setcookie("cookie_firstname", $firstname, time() +60*60*24*7*365);

setcookie("cookie_lastname", $lastname, time() +60*60*24*7*365);

setcookie("cookie_password", $password, time() +60*60*24*7*365);

header("Location:PAGE3.php");

exit();

} else {

header("Location:PAGE1.php");

}

?>

 

 

PAGE 3:

 

<?php

$password = $_COOKIE['cookie_password'];

if($password != "password") {

header("Location:PAGE1.php");

exit();

}

?>

 

-------------------------------------------------------------------------------------------

 

The problem I'm getting is the 'if' statement in PAGE2 is never coming true, it sends me back to PAGE1 every time. I cannot see where I've gone wrong.

 

Please could someone help?

[russ_gillespie]

Ive just noticed I missed an edit, the form action on PAGE1 says check.php, it should say PAGE2.php. Sorry for the confusion. I still can't work this out

[superuser2]

You have an endless loop. Page 1 sends you to page 3 sends you to page 1 sends you to page 3... over and over and over. Could you show us this intro course?

[Archadian]

if(($firstname != null) && ($lastname != null) && ($password == "password")) {

 

Right here you are saying if $firstname, $lastname, and $password are not equal to "null" then continue.

 

Try this:

 

if((isset($firstname)) && (isset($lastname)) && (isset($password))) {

 

Now if you are checking against the firstname, lastname and password in the db you would do this:

 

include('dbconection.php');

$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$password = $_POST['password'];   

$sql = mysql_query("SELECT firstname, lastname, password FROM user_table WHERE firstname = '$firstname' AND lastname = '$lastname' AND password = '$password'");
$row = mysql_fetch_array($sql);

if ($row['firstname'] == $firstname && $row['lastname'] == $lastname && $row['password'] == $password) {

 

Now this:

 

setcookie("cookie_firstname", $firstname, time() +60*60*24*7*365);
setcookie("cookie_lastname", $lastname, time() +60*60*24*7*365);
setcookie("cookie_password", $password, time() +60*60*24*7*365);

 

you need to put the time in the cookie yourself, i don't think it does the time itself. here is my cookie:

 

setcookie("user", $sess, time()+58060800, "/", $wbsite);

 

user: the name of the cookie

$sess: the value of the cookie

Time(): the time of how long to stay alive

/: the directory to store the cookie

$wbsite: the website to use the cookie on...in my case its www.ehvelocity.com

 

All of this has to be correct ESPECIALLY the website at the end, www.ehvelocity.com it alot different than ehvelocity.com so i just make a cookie for both.

 

I hope this helps

 

 

 

 

 

[russ_gillespie]

Hi,

 

thanks for your suggestions, but I am still having trouble.

 

superuser2: I cant see the infinite loop you speak of, could you point it out for me? The course was at my local college, it wasnt online.

 

Archadian: I changed the code as you suggested but Im still getting the same results. I am not using a MySQL database, just cookies. The 'if' statement on page2 is never coming true, but I cant see why.

 

What does:

if((isset($firstname)) && (isset($lastname)) && (isset($password))) {

Do?

 

I want the statement to come true if firstname and lastname have any value, and if password has a specific value.

[russ_gillespie]

I just figured it out.

 

Spot the typo on the form in PAGE1:

 

<input name="firtsname" type="text" id="firtsname">

 

This seemed to be stopped the whole thing from working, but without generating any errors.

 

Thanks a lot for your help guys.

[superuser2]

Glad you figured it out. The endless loop I was referring to was not really a loop, but it would have caused you to bounce back and forth between page1 and page3. Page 1 says that if there's no password, go to page 3. Page 3 says, if there's no password go to page 1. I'm not quite sure how this isn't messing you up.

 

So is everything working for you now?

[russ_gillespie]

Yes everything seems to be working fine now.

 

PAGE1 says if the password in the cookie is correct, then go straight to page3 (so they dont have to type in the password again).

PAGE3 says if the password in the cookie is incorrect, or the cookie is not present, then go back to page1 (to stop people directing themselves straight to page3 without having entered the password).

 

[superuser2]

Oh, I see that now. Never mind, missed a !.