checking for cookie

Anon

I want to check to see if a user is logged in if they are then it's should say
Welcome: $cookieuser
else
Welcome: Guest
the auth script checks a DB (MySQL) where the user is registered, so when the user enters the site it should say
Welcome: Guest
till the user loggs in, at that point it should echo $cookieuser.

I use cookies to keep track of the user though out the site untill they do something that requires the DB. other wise I want to check to see if there are logged in by check the cookie

<?
if (authenticateUser($cookie_user,cookie_password)) {
echo "$cookie_user";
} else {
echo "Guest";
}
?>
I thought if I check to see if the User is authenticated I would be able to echo the $cookie_user if so or Guest if not

Can Any one help
TIA
Richie TM

kaneda

HI what is this function you are calling "authenticateUser" is it something you have written? what is the code inside it? and where does it get the password from?
as it is your code will pass the string "cookie_password" as the second argument to the function.

Anon

Yes authenticateUser is a function I made to check if a user is authenticated or not

function authenticateUser($user, $password)
{
global $server, $HTTP__HOST, $db_user, $pass, $DB, $DOCROOT ;

// Open a persistent connection with the MySQl server
if (!($link = mysql_pconnect ($server,$db_user, $pass))) {
// DisplayErrMsg(sprintf("internal error %d:%s\n",
// mysql_errno(), mysql_error()));
DisplayErrMsg(sprintf("internal error %s %s %s %d:%s\n",$server, $db_user, $pass,
mysql_errno(), mysql_error()));
return 0 ;
}

// Do the user/password authentication
if (!($result = mysql_db_query("$DB", "select * from user_profile where
user_id='$user'"))) {
DisplayErrMsg(sprintf("internal error %d:%s\n",
mysql_errno(), mysql_error()));
return 0 ;
}

if (($row = mysql_fetch_array($result)) && ($password == $row["password"]
&& $password != ""))
return 1 ;
else
return 0 ;
}

I use this on top of each page to see if the user is authenticated so I guess I could do the same to echo the results accordingly

if this is not a good way how els can I do this

TIA

Anon

Why don't you make 1 login page, when the user is logged in make a session for the userid ,for the password. Then include a code to see if there is a session. If not, not logged in.

So, if username and password are correct, make the sessions:

session_start();
$ses_user = $username;
$ses_pass = $password;
session_register('ses_user');
session_register('ses_pass');

Then, include on every page that needs authentication:

if (IsSet($ses_user)) {
// user is logged in, so keep him/her
echo("Welcome $ses_user");
}

else {
//trow him out or display login screen
echo("You are not logged in");
}

to make a more secure (if needed), you can check for the password session to, and check on every page if the username and pass are correct.

Note: instead of sessions you could also work with cookies. But sessions are better.