I'm trying to give users mechanism or means to prove their authenticity using a 2 field form and am supposed to get the following login result:
Congratulations, John Doe, you are authorized!
Authorized Users' Menu:
. secret page
But unfortunately, the above message is not displayed in the browser.
auth_users table
-----------------
create table auth_users
(
id int not null primary key auto_increment,
f_name varchar(50),
l_name varchar(50),
email varchar(150),
username varchar(25),
password varchar(75)
);
insert into auth_users values (null, 'john', 'doe', 'john@doe.com', 'jdoe', password('doepass'));
listing15.7.php - user login form
-------------------------------
Code: Select all
<html>
<head>
<title>Listing 15.7 User Login Form</title>
</head>
<body>
<H1>Login Form</H1>
<FORM METHOD="POST" ACTION="listing15.8.php">
<P><STRONG>Username/STRONG><BR>
<INPUT TYPE="text" NAME="username"></p>
<P><STRONG>Password/STRONG><BR>
<INPUT TYPE="password" NAME="password"></p>
<P><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login"></P>
</FORM>
</body>
</html>--------------------------------
Code: Select all
<?php
//check for required fields from the form
if ((!$_POST[username]) || (!$_POST[password])) {
header("Location: listing15.7.php");
exit;
}
//connect to server and select database
$conn = mysql_connect("localhost", "root", "olu1bal")
or die(mysql_error());
mysql_select_db("testDB",$conn) or die(mysql_error());
//create and issue the query
$sql = "select f_name, l_name from auth_users where username = '$_POST[username]' AND password = password('$_POST[password]')";
$result = mysql_query($sql,$conn) or die(mysql_error());
//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {
//if authorized, get the values of f_name l_name
$f_name = mysql_result($result, 0, 'f_name');
$l_name = mysql_result($result, 0, 'l_name');
//set authorization cookie
setcookie("auth", "1", 0, "/", "yourdomain.com", 0);
//prepare message for printing, and user menu
$msg = "<P>$f_name $l_name is authorized!</p>";
$msg .= "<P>Authorized Users' Menu:";
$msg .= "<ul><li><a href=\"listing15.8.php\">secret page</a></ul>";
} else {
//redirect back to login form if not authorized
header("Location: listing15.7.php");
exit;
}
?>
<HTML>
<HEAD>
<TITLE>Listing 15.8 User Login </TITLE>
</HEAD>
<BODY>
<? print "$msg"; ?>
</BODY>
</HTML>----------------------------------------
Code: Select all
<?php
if ($_COOKIE[auth] == "1") {
$msg = "<p>You are an authorized user.</p>";
} else {
//redirect back to login form if not authorized
header("Location: listing15.7.php");
exit;
}
?>
<html>
<head>
<title>Listing 15.8 Accessing a restricted page </title>
</head>
<body>
<?php print "$msg"; ?>
</body>
</html>