Log-ins and Cookies
Posted: Wed Nov 20, 2002 1:06 pm
Hi all. I'm still very much in the process of learning PHP and am wanting to setup a new admin section on my site. However I can't get my head round using the header and setcookie function at the moment.
This is the code I have at the moment for logging in. It doesn't set a cookie but it does work:
And this was my first attempt at setting a cookie (don't laugh too hard!):
At the moment the second set of code is automatically bringing up the message "Log-in failed". I'm guessing that the cookie is saving the password as an md5, and then md5-ing it again, but I'm not entirely sure. Anyone got any better ideas on how to set a cookie here?
This is the code I have at the moment for logging in. It doesn't set a cookie but it does work:
Code: Select all
<?php
echo "
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1">
<meta name="description"
content="trulybizarre.co.uk admin section">
<meta name="keywords"
content="trulybizarre.co.uk admin section">
<title>trulybizarre.co.uk | ADMIN | $pagetitle
</title>
<STYLE TYPE="text/css">
P {font: 12pt times, arial;}
td {font: 12pt times, arial;}
H3 {font: bold 14pt arial, times;}
H2 {font: bold 18pt arial, times;}
H1 {font: bold 24pt arial, times;}
</STYLE>
<style>
a:hover{color:#add8e6}
</style>
<STYLE TYPE="text/css">
P.menu {font: 10pt Arial, sans-serif;}
</style>
</head>
<body bgcolor="#FFFFFF" text="#000000"
link="#ff0000" vlink="#ff0000" alink="#eec900">
<script>
window.defaultStatus = "trulybizarre.co.uk admin section"
</script>
<table border="0" cellpadding="5" width="600" align="center">
<tr>
<td valign="top" align="center">
<p><img
src="admin.jpg"><br><hr>
";
// testline
$content = "This is just a test line.";
// Check to see if $username already contains info
if (!isset($username)) {
// If empty, bring up form.
print ("
<p align="right">
<form action=$PHP_SELF method=post>
<b>Username:</b> <input type=text name=username SIZE=10 MAXLENGTH=80><br>
<b>Password:</b> <input type=password name=password SIZE=10 MAXLENGTH=80><br>
<input type=hidden name=sent value=1>
<input type=submit value="Submit">
<input type=reset value="Reset">
</FORM>
");
} else if (isset($username)) {
// If non-empty, check the database for matches
// connect to MySQL
mysql_connect("host", "username", "password")
or die ("Unable to connect to database.");
// select database on MySQL server
mysql_select_db("database")
or die ("Unable to select database.");
// Formulate the query
$sql = "SELECT *
FROM newsuser
WHERE username='$username' and password='".md5($MD5_PREFIX.$password)."'";
// Execute the query and put results in $result
$result = mysql_query($sql);
// Get number of rows in $result. 0 if invalid, 1 if valid.
$num = mysql_numrows($result);
if ($num != "0") {
// Should move on if log-in is successful.
echo "
<P align="right"><b>$username LOGGED IN</b>
<P align="left">$content
";
} else {
echo "<p align="left">Log-in failed.";
}
}
echo "
<p align="center">
<a href="index.php">Return to admin index</a><br>
<a href="/index.php">Return to main site index</a>
</body>
</html>";
?>Code: Select all
<?php
// Note to self - do not leave spaces with header information.
if ($budweiser = "true") {
$details = $username."+".$password;
setcookie("tb_admin", "$details", time()+ "14400");
$cookie_crumbs = explode('+',$_COOKIEї'tb_admin']);
$username = $cookie_crumbsї0];
$password = $cookie_crumbsї1];
}
echo "
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1">
<meta name="description"
content="trulybizarre.co.uk admin section">
<meta name="keywords"
content="trulybizarre.co.uk admin section">
<title>trulybizarre.co.uk | ADMIN | $pagetitle
</title>
<STYLE TYPE="text/css">
P {font: 12pt times, arial;}
td {font: 12pt times, arial;}
H3 {font: bold 14pt arial, times;}
H2 {font: bold 18pt arial, times;}
H1 {font: bold 24pt arial, times;}
</STYLE>
<style>
a:hover{color:#add8e6}
</style>
<STYLE TYPE="text/css">
P.menu {font: 10pt Arial, sans-serif;}
</style>
</head>
<body bgcolor="#FFFFFF" text="#000000"
link="#ff0000" vlink="#ff0000" alink="#eec900">
<script>
window.defaultStatus = "trulybizarre.co.uk admin section"
</script>
<table border="0" cellpadding="5" width="600" align="center">
<tr>
<td valign="top" align="center">
<p><img
src="admin.jpg"><br><hr>
";
// testline
$content = "This is just a test line.";
// Check to see if $username already contains info
if (!isset($username)) {
// If empty, bring up form.
print ("
<p align="right">
<form action=$PHP_SELF method=post>
<b>Username:</b> <input type=text name=username SIZE=10 MAXLENGTH=80><br>
<b>Password:</b> <input type=password name=password SIZE=10 MAXLENGTH=80><br>
<input type=hidden name=sent value=1>
<input type=submit value="Submit">
<input type=reset value="Reset">
</FORM>
");
} else if (isset($username)) {
// If non-empty, check the database for matches
// connect to MySQL
mysql_connect("host", "username", "password")
or die ("Unable to connect to database.");
// select database on MySQL server
mysql_select_db("database")
or die ("Unable to select database.");
// Formulate the query
$sql = "SELECT *
FROM newsuser
WHERE username='$username' and password='".md5($MD5_PREFIX.$password)."'";
// Execute the query and put results in $result
$result = mysql_query($sql);
// Get number of rows in $result. 0 if invalid, 1 if valid.
$num = mysql_numrows($result);
if ($num != "0") {
// Should move on if log-in is successful.
$budweiser = "true";
echo "
<P align="right"><b>$username LOGGED IN</b>
<P align="left">$content
<p align="center">
<a href="index.php">Return to admin index</a><br>
<a href="/index.php">Return to main site index</a>
</body>
</html>
";
} else {
echo "<p align="left">Log-in failed.";
}
}
?>