Authentication with Cookies

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Knives
Forum Newbie
Posts: 2
Joined: Wed Sep 01, 2004 6:04 am

Authentication with Cookies

Post by Knives »

I'm trying to make an authentication script with cookies here. I'm having some problems with the script below. Every time I type in the user and pass and hit submit it saids invalid user/password. I'm very sure the database table is setup correctly, and has my user/password in it. Anyone who can help, it is greatly appreciated :D

Code: Select all

<?php 
$user="vip-gotenjenova";
$pass="*******";
$hostname="localhost";
$dbase='vip-gotenjenova';
$connection = mysql_connect("$hostname" , "$user" , "$pass");
$db = mysql_select_db($dbase , $connection);
$time=time();  

if ($logout == true) {     
 setcookie ("user", md5($_POST[user]), $time-3200);  
 setcookie ("pass", md5($_POST[pass]), $time-3200);  
 header("Location: index.php"); 
}

if ($_POST[user] && $_POST[pass]) {
 $q="SELECT * FROM login WHERE username='$_POST[user]' and pw='$_POST[pass]'";
 $result= mysql_query($q, $connection) or die("Could not execute query : $q." . mysql_error());
  if (mysql_num_rows($result) == 0) {
    $login_error= true;
  }
  else {
    $r=mysql_fetch_array($result);
    $login_username=$r[user];
    $login_password=$r[pass];
  }
 if ($_POST[user]==$login_username && $_POST[pass]==$login_password) { 
  setcookie ("user", md5($_POST[user]), $time+3200);  
  setcookie ("pass", md5($_POST[pass]), $time+3200);  
  header("Location: index.php"); 
 } 
 else { 
  $login_error= true; 
 }
}

if ($login_error == true) { ?> 
 <table align=center style="font-family:arial; font-size:12; border:1 solid #000000;"> 
  <tr><td align=center bgcolor=#123dd4>LOGIN ERROR</td></tr> 
  <tr><td align=center><b>Invalid Username and/or Password</b><br><br><a href=index.php>Back</a></td></tr> 
</table> 
<? 
} elseif ($_COOKIE[user] == md5($login_username) && $_COOKIE[pass] == md5($login_password)) { ?> 
 <table align=center style="font-family:arial; font-size:12; border:1 solid #000000;"> 
  <tr><td align=center bgcolor=#123dd4>SECURE AREA</td></tr> 
  <tr><td align=right><a href=index.php?logout=true>Logout</a></td></tr> 
  <tr><td>You have successfully logged in.<br><br> 
   Encrypted Username: <b><?=  $_COOKIE[user] ?></b><br> 
   Encrypted Password: <b><?= $_COOKIE[pass] ?></b><br> 
  </td></tr> 
</table> 
<? 
} else {  
?> 
<form action=index.php method=post> 
<table align=center style="font-family:arial; font-size:12; border:1 solid #000000;"> 
  <tr><td colspan=2 align=center bgcolor=#123dd4>LOGIN</td></tr> 
  <tr><td align=right>Username: </td><td><input type=text name=user size=15></td></tr> 
  <tr><td align=right>Password: </td><td><input type=password name=pass size=15></td></tr> 
  <tr><td align=center colspan=2><input type=submit value=Login></td></tr> 
</table> 
</form> 
<? 
} 
?> 

?>
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

I think this might be the problem:

Code: Select all

$q="SELECT * FROM login WHERE username='$_POST[user]' and pw='$_POST[pass]'";
Try:

Code: Select all

$q="SELECT * FROM login WHERE username='{$_POST[user]}' and pw='{$_POST[pass]}'";
OR

Code: Select all

$q="SELECT * FROM login WHERE username='".$_POST[user]."' and pw='".$_POST[pass]."'";
Not a good idea to store the username and password in a cookie even MD5'ed.
Knives
Forum Newbie
Posts: 2
Joined: Wed Sep 01, 2004 6:04 am

Post by Knives »

It didn't work... but ty for the help :)
Draco_03
Forum Regular
Posts: 577
Joined: Fri Aug 15, 2003 12:25 pm
Location: Montreal, Canada

Post by Draco_03 »

Code: Select all

$q="SELECT * FROM login WHERE username='".$_POST['user']."' and pw='".$_POST['pass']."'";
how bout that ? OR

Code: Select all

$q="SELECT * FROM login WHERE username='{$_POST['user']}' and pw='{$_POST['pass']}'";
Post Reply