blizzdek
asked on
Cookies To Log In
I am using cookies to make a log in form. After the user logs in, it will still not log him/her in until he/she refreshes the page or clicks on a link. I'm not sure why... Here's what my code looks like:
<?php
$id = $_GET['id'];
mysql_connect ($mySQL_server, $mySQL_username, $mySQL_password);
mysql_select_db ($mySQL_database);
if($_POST) {
setcookie("qgn_login_usern ame", $submit_username, time()+604800);
setcookie("qgn_login_passw ord", $submit_password, time()+604800);
}
// log in
$qgn_login_username = $HTTP_COOKIE_VARS["qgn_log in_usernam e"];
$qgn_login_password = $HTTP_COOKIE_VARS["qgn_log in_passwor d"];
$qgn_login_query = mysql_query("Select * from qgn_members where
username='$qgn_login_usern ame' AND
password='$qgn_login_passw ord'");
$qgn_login_check = mysql_num_rows($qgn_login_ query);
if($qgn_login_check == "1") { $show_username = $qgn_login_username; }
else { $show_username = "Guest"; }
?>
<form action="index.php" method="POST">
Username<br>
<input maxLength="25" size="10" name="submit_username">
<br>Password<br>
<input type="password" maxLength="20" size="10" name="submit_password">
<br><input type="submit" value="Log In">
</form>
<?php
$id = $_GET['id'];
mysql_connect ($mySQL_server, $mySQL_username, $mySQL_password);
mysql_select_db ($mySQL_database);
if($_POST) {
setcookie("qgn_login_usern
setcookie("qgn_login_passw
}
// log in
$qgn_login_username = $HTTP_COOKIE_VARS["qgn_log
$qgn_login_password = $HTTP_COOKIE_VARS["qgn_log
$qgn_login_query = mysql_query("Select * from qgn_members where
username='$qgn_login_usern
password='$qgn_login_passw
$qgn_login_check = mysql_num_rows($qgn_login_
if($qgn_login_check == "1") { $show_username = $qgn_login_username; }
else { $show_username = "Guest"; }
?>
<form action="index.php" method="POST">
Username<br>
<input maxLength="25" size="10" name="submit_username">
<br>Password<br>
<input type="password" maxLength="20" size="10" name="submit_password">
<br><input type="submit" value="Log In">
</form>
I think the one you write is just a function. So try $_COOKIE instead of $HTTP_COOKIE_VARS
that's because after you verify that they are a valid user you don't redirect them. you just redisplay the login form.
i supposed so that all your codes are in the same file.
Thre redirection of index.php refreshes only your current page. THou you r cookie might
have been set, there is no codes tat shows the user his/her cookie has been set.
And why dint you print out the $show_username?
you set it but never did print out so of cus there is no feedback.
Thre redirection of index.php refreshes only your current page. THou you r cookie might
have been set, there is no codes tat shows the user his/her cookie has been set.
And why dint you print out the $show_username?
you set it but never did print out so of cus there is no feedback.
ASKER
well I did, that was just a little bit of a guideline of what my form looked like... sorry if it was a bit confusing.
ASKER
The $_COOKIE thing didn't fix the problem either. I'm pretty sure $HTTP_COOKIE_VARS is the same as $_COOKIE. I know for a fact that if I refresh the page it will show my username and everything, but it won't do it the first time.
The difference is that $_COOKIE is super global but $HTTP_COOKIE_VARS is not.
But it displays when you refresh, and it doesn't for the first time after that (right?), you should check if your page is cached. And you should put an phpinfo() to check if your cookie is set.
If it can't help, I think you'd better post your whole page.
But it displays when you refresh, and it doesn't for the first time after that (right?), you should check if your page is cached. And you should put an phpinfo() to check if your cookie is set.
If it can't help, I think you'd better post your whole page.
A cookie works by sending a set-cookie back with the page response. This means that when you set a cookie, it isn't available for reading until the next page, when the client browser will send all the cookies as part of the request to PHP.
I'd do something like this:
session_start();
if ($_POST['password']) {
// user is trying to log in
$username = $_POST['username'];
$password = $_POSER['password'];
$result = mysql_query("SELECT * from user where username='$username', password='$password'");
if (mysql_num_rows($result) == 1) {
// login was successful!
$_SESSION['user'] = mysql_fetch_assoc($result) ; // save user to session
setcookie('username', $username);
setcookie('password', $password);
header("Location: " . $_SERVER['PHP_SELF']); // redirect to current page
} else {
die("Login failed! Try again.");
}
}
I'd do something like this:
session_start();
if ($_POST['password']) {
// user is trying to log in
$username = $_POST['username'];
$password = $_POSER['password'];
$result = mysql_query("SELECT * from user where username='$username', password='$password'");
if (mysql_num_rows($result) == 1) {
// login was successful!
$_SESSION['user'] = mysql_fetch_assoc($result)
setcookie('username', $username);
setcookie('password', $password);
header("Location: " . $_SERVER['PHP_SELF']); // redirect to current page
} else {
die("Login failed! Try again.");
}
}
The above code also uses the $_SESSION variable, so if you want to see if a user is logged in, just check if $_SESSION['user'] is set. This saves lots of trips to the database to check username/password for each page. But the most important part is the header("Location: $PHP_SELF); redirect, so the cookies can get read.
ASKER
I found the problem...
it was right here:
$qgn_login_username = $HTTP_COOKIE_VARS["qgn_log in_usernam e"];
$qgn_login_password = $HTTP_COOKIE_VARS["qgn_log in_passwor d"];
Those two lines should've beein in the else{} of the if($_POST) condition. This is because the cookies will get overwritten and if the cookies contain naught, then they will give back naught, deleting everything else that was stored. But since the cookies will leave their mark, a long term sign on can be made...
I kinda ruined the whole points idea, who am I supposed to reward the points to?
it was right here:
$qgn_login_username = $HTTP_COOKIE_VARS["qgn_log
$qgn_login_password = $HTTP_COOKIE_VARS["qgn_log
Those two lines should've beein in the else{} of the if($_POST) condition. This is because the cookies will get overwritten and if the cookies contain naught, then they will give back naught, deleting everything else that was stored. But since the cookies will leave their mark, a long term sign on can be made...
I kinda ruined the whole points idea, who am I supposed to reward the points to?
shmert! ;)
Is there a reason you don't want to use $_SESSION vars?
ASKER
cause, I'm a fool >_<
ill accept the points!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.