Cookies To Log In

blizzdek used Ask the Experts™
I am using cookies to make a log in form. After the user logs in, it will still not log him/her in until he/she refreshes the page or clicks on a link. I'm not sure why... Here's what my code looks like:

 $id = $_GET['id'];
 mysql_connect ($mySQL_server, $mySQL_username, $mySQL_password);
 mysql_select_db ($mySQL_database);

 if($_POST) {
  setcookie("qgn_login_username", $submit_username, time()+604800);
  setcookie("qgn_login_password", $submit_password, time()+604800);

 // log in
 $qgn_login_username = $HTTP_COOKIE_VARS["qgn_login_username"];
 $qgn_login_password = $HTTP_COOKIE_VARS["qgn_login_password"];
 $qgn_login_query = mysql_query("Select * from qgn_members where
                          username='$qgn_login_username' AND
 $qgn_login_check = mysql_num_rows($qgn_login_query);

 if($qgn_login_check == "1") { $show_username = $qgn_login_username; }
 else { $show_username = "Guest"; }

    <form action="index.php" method="POST">
    <input maxLength="25" size="10" name="submit_username">
    <input type="password" maxLength="20" size="10" name="submit_password">
    <br><input type="submit" value="Log In">
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

I think the one you write is just a function. So try $_COOKIE instead of $HTTP_COOKIE_VARS
that's because after you verify that they are a valid user you don't redirect them. you just redisplay the login form.

i supposed so that all your codes are in the same file.
Thre redirection of index.php refreshes only your current page. THou you r cookie might
have been set, there is no codes tat shows the user his/her cookie has been set.

And why dint you print out the $show_username?
you set it but never did print out so of cus there is no feedback.
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.


well I did, that was just a little bit of a guideline of what my form looked like... sorry if it was a bit confusing.


The $_COOKIE thing didn't fix the problem either. I'm pretty sure $HTTP_COOKIE_VARS is the same as $_COOKIE. I know for a fact that if I refresh the page it will show my username and everything, but it won't do it the first time.

The difference is that $_COOKIE is super global but $HTTP_COOKIE_VARS is not.
But it displays when you refresh, and it doesn't for the first time after that (right?), you should check if your page is cached. And you should put an phpinfo() to check if your cookie is set.
If it can't help, I think you'd better post your whole page.

A cookie works by sending a set-cookie back with the page response. This means that when you set a cookie, it isn't available for reading until the next page, when the client browser will send all the cookies as part of the request to PHP.

I'd do something like this:

if ($_POST['password']) {
    // user is trying to log in
    $username = $_POST['username'];
    $password = $_POSER['password'];
    $result = mysql_query("SELECT * from user where username='$username', password='$password'");
    if (mysql_num_rows($result) == 1) {
        // login was successful!
        $_SESSION['user'] = mysql_fetch_assoc($result); // save user to session
        setcookie('username', $username);
        setcookie('password', $password);
        header("Location: " . $_SERVER['PHP_SELF']); // redirect to current page
    } else {
        die("Login failed!  Try again.");

The above code also uses the $_SESSION variable, so if you want to see if a user is logged in, just check if $_SESSION['user'] is set.  This saves lots of trips to the database to check username/password for each page.  But the most important part is the header("Location: $PHP_SELF); redirect, so the cookies can get read.


I found the problem...
it was right here:

$qgn_login_username = $HTTP_COOKIE_VARS["qgn_login_username"];
$qgn_login_password = $HTTP_COOKIE_VARS["qgn_login_password"];

Those two lines should've beein in the else{} of the if($_POST) condition. This is because the cookies will get overwritten and if the cookies contain naught, then they will give back naught, deleting everything else that was stored. But since the cookies will leave their mark, a long term sign on can be made...

I kinda ruined the whole points idea, who am I supposed to reward the points to?

shmert! ;)

Is there a reason you don't want to use $_SESSION vars?


cause, I'm a fool >_<
ill accept the points!!
PAQed with points refunded (250)

Community Support Moderator

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial