lol this might be a big post, i got a login script from a friend, converted it to suite my needs and it works fine for one person, (btw the person has id1 if that means anything) and for all the others it goes fine up to when the cookies are made and then on redirect back to the main page it doesnt detect that the user has logged in,
oh and all the logins when they get to the cookie page they all say failed even though one of the users login successfully.
ok the procedure goes: login.php -> memlogin.php -> cookiestuff.php -> monkey.php
hers the code:
login.php
<?php
echo "<FORM name=\"login\" method=\"POST\" action=\"memlogin.php\">";
echo "<table border=0><tr><td>Username: </td><td><input type=\"text\" name=\"username\"></td></tr>";
echo "<tr><td>Password: </td><td><input type=\"password\" name=\"password\"></td></tr></table>";
echo "<input type=\"submit\" value=\"Login\">";
?>
memlogin.php
<html>
<body onload="document.cookieform.submit()">
<?php
require ("$DOCUMENT_ROOT/cgi-bin/connect.php");
$flag=0;
$result = @mysql_query("SELECT username, password FROM ".$membertable."");
if (!$result) {
echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();
}
$pass=md5($pass);
while ( $row = mysql_fetch_array($result) ) {
$duser = $row["username"];
$dpass = $row["password"];
if ($username==$duser && $password==$dpass) {$flag=1;}
else if ($username == $duser) {$flag=2;}
}
if ($flag != 1 && $flag != 2) {
die("You entered an incorrect username.");
}
else if ($flag == 2) {die("You entered an incorrect password for this username: ".$username."");}
else if ($flag == 1) {
echo "You were successfully logged on as ".$username."<br>";
echo "<form name=\"cookieform\" method=\"post\" action=\"cookiestuff.php\">
<input type=\"hidden\" name=\"username\" value=\"$username\">
<input type=\"hidden\" name=\"password\" value=\"$password\">";
}
mysql_close($cid);
?>
</body>
</html>
cookiestuff.php
<?php
$cookiename = setcookie('membername', $username, time()+315360000, '/', ".hellrazer.net");
$cookiepass = setcookie('memberpass', md5($password), time()+315360000, '/', ".hellrazer.net");
$username=md5($username);
$cookieval = "$password$username";
$cookielogin = setcookie('memberlogon', $cookieval, time()+315360000, '/', ".hellrazer.net");
echo "Enabling cookies...<br>";
if ($cookiename == "false") {$ans = "failed";}
else {$ans = "complete";}
echo ("membername cookie..." . $ans);
if ($cookiepass == "false") {$ans = "failed";}
else {$ans = "complete";}
echo ("<br>memberpass cookie..." . $ans);
if ($cookielogin == "false") {$ans = "failed";}
else {$ans = "complete";}
echo ("<br>memberlogin cookie..." . $ans);
echo "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=monkey.php\">";
?>
monkey.php
<?php
require ("".$DOCUMENT_ROOT."/cgi-bin/connect.php");
$flag=0;
$result = @mysql_query("SELECT * FROM ".$membertable."");
if (!$result) {
echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();
}
while ( $row = mysql_fetch_array($result) ) {
$dpass = $row["password"];
$duser = md5($HTTP_COOKIE_VARS['membername']);
$dtotal = "$dpass$duser";
$dcookie = $HTTP_COOKIE_VARS['memberlogon'];
if ($dtotal==$dcookie) {$flag=1; $temp = "$dpass";}
}
if ($flag != 1) {
die("You do not have access to this page");
}
else if ($flag == 1) {
$result = @mysql_query("SELECT * FROM ".$membertable."");
if (!$result) {
echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();
}
while ( $row = mysql_fetch_array($result) ) {
$rname = $row["username"];
}
echo "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=../index.php\">";
}
mysql_close($cid);
?>
ty for the help
