I have been haveing a problem with my login script. It seems to work just fine but the first page you see when you login doesn't seem to show that your logged in. What I mean by that is that I have a navbar on the right hand side that shows a form that you can fill in to log in. But if your logged it then it will show a link to the members home page and a link to logout. But right when you log in it still shows the form to log in. I have tried everything I know of to fix this problem but havn't had any succes the following is the code to the navbar.
<? $authorized=$HTTP_COOKIE_VARS["authorized"]; ?> The above is above the <HTML> tags.
<? if($authorized!=yes){ ?> <tr> <td class=nobordercell width="25%" background="vvv.jpg"> <div align="center" style="color:white"> </div> </td> </tr> <tr> <td class=nobordercell width="25%" background="midleft.jpg"> <div align="center" style="color:white"> <form method="post" action="members.php"> Username: <input type="text" name="username" size="10"> </div> </td> </tr> <tr> <td class=nobordercell width="25%" background="midleft.jpg"> <div align="center" style="color:white"> Password: <input type="password" name="password" size="10"> </div> </td> </tr> <tr> <td class=nobordercell width="25%" background="midleft.jpg"> <div align="center" style="color:white"> <input type="submit" name="submit" value="Log In"> </form> </div> </td> </tr> <tr> <td class=nobordercell width="25%" background="fff.jpg"> <div align="center"> </div> </td> </tr> <? } else { ?> <tr> <td class=nobordercell width="25%" background="vvv.jpg"> <div align="center" style="color:white"> <a href="/members.php">Home</a> </div> </td> </tr> <tr> <td class=nobordercell width="25%" background="midleft.jpg"> <div align="center" style="color:white"> <a href="/logout.php">Log Out</a> </div> </td> </tr> <tr> <td class=nobordercell width="25%" background="midleft.jpg"> <div align="center" style="color:white"> </div> </td> </tr> <tr> <td class=nobordercell width="25%" background="fff.jpg"> <div align="center"> </div> </td> </tr> <? } ?>
Ok, first of all, store "userloggedin" in a session.
NEVER NEVER use 'authorized', because it's fallacious.
If you give anything to the user in a cookie, make it a session id.
Never assume the user has cookies enabled.
For some reason IIS on Windows XP platform with PHP doesn't work with sessions. I can't figure it out. If you could help with that I would do that.
Generate a custom Session ID, store it in your sql database, and set the id in a cookie.
That would accomplish the same thing.
