Login System help

[Andrew B]

Well for my sight, I am making a simple login system. Below is the source of my login.php page. I am experimenting with cookies right now, I was going to us javascript but the PHP functions looked a lot easier.

 

Login.php

<?php
  $username = $_GET['username'];
  $password = $_GET['password'];
  $time = $_GET['time'];

  if ( file_exists('/users/'. $username. '.txt') == FALSE ) {
    $userInfo = file_get_contents('users/'. $username. '.txt');
    list($pass, $rank) = split(',', $userInfo, 2);

    if ($pass = $password) {
      setCookie('loggedIn', "y", time()+3600*$time);
      setCookie('user', $username, time()+3600*$time);
      setCookie('rank', $rank, time()+3600*$time);
    } else {
      setCookie('loggedIn', "n", time()+3600);
    }
  }

if ($_COOKIE['loggedIn'] = "y")
  echo "Yes, ". $_COOKIE['user'];
else
  echo "No"
?>

 

 

If you use the URL 'http://www.mypage.com/login.php?username=Sample&password=Secret', and you have the following doc in your users folder:

 

Sample.txt

Secret,5

 

For some reason, the 'loggedIn' cookie is set, but when it tries to load the cookies 'user' and 'rank', the page returns 'Yes, '. Is there something wrong with my setCookie parameters or something?

 

Thanks for any help,

 

- Andrew B

[papaface]

1. Don't use $_GET to store login information.

2. Don't use a flat file system for storing passwords.

 

I suggest you start again, using $_POST and a database where the passwords are md5 encrypted.

I've deliberately skirted around your cookie issue I don't think thats the real issue here tbh.

[revraz]

I really don't understand your question, because in your code, you never check for user and rank cookies.

[Andrew B]

Yeah, it does but you need to scroll down in the code box. Where the app checks the cookies is the last few lines down the bottom.

[jkewlo]

why dont u make it a session

 

session start();

 

and start from this

<?
session start();

$username = @$_POST['username']
$password = @$_POST['password']

 

google is your friend

plenty of tuts there

 

www.w3schools.com

youtube.com

 

and some other great ones out there as well

[Andrew B]

Thanks jkewlo.

 

@ papaface: I was only using get as an example, I was using post but it was easier to explain what I was trying to do with get.

[dennismonsewicz]

what does the @ symbol do? I am hearing that is isn't necessary then sometimes I hear it is! Explanation?

[stuart7398]

http://phpsense.com/php/php-login-script.html

[redarrow]

he might be learning cookies everyone help?

[Kieran Menor]

dennismonsewicz: @ is used to supress error messages.

 

Also:

 

if ($pass = $password)

 

if ($_COOKIE['loggedIn'] = "y")

 

The correct operator to use is ==, which is used for comparison. Not =, which is used for assignment.

[jkewlo]

i always use @ when im getting post or get method. looks fansy to