Problem with Cookies

bb_sarkar

Hi everyone, this is my problem and I can't seem to solve it.

I have three files. Admin.php, Authenticate.php and LoggedIn.php. The user goes to Admin.php types their username, password and presses submit which goes to the authenticate.php to check to see if it is valid, if it is valid then it sends the person to Loggedin.php otherwise back to Admin.php. In Authenticate.php, if the user enters the correct username, password I create a cookie named Auth with the value = "Logged In". I put the following code in Loggedin.php:

if($_COOKIE[auth] != "Logged in")
{
?>
<pre>
You must login to authenticate yourself. Press the back button on
your browser to go back. Thank you!
</pre>
<?php
exit;
}

?>

The reason I put this code is to not allow the person to directly bypass the username/password screen and come directly to logged in screen. I get this error message:

Notice: Use of undefined constant auth - assumed 'auth' in C:\Inetpub\wwwroot\page1\admin\Loggedin.php on line 11

Notice: Undefined index: auth in C:\Inetpub\wwwroot\page1\admin\Loggedin.php.php on line 11

I got this piece of code from the "PHP FAST AND EASY DEVELOPMENT BOOK" which says it should prevent users going directly to certain pages. Why doesn't it work or is there another solution. Please someone help me. Thank you =)
Armond

Hafkas

please post the code that creates the cookie.

bb_sarkar

Ok in authenticate.php, i only create the cookie when the user enters the correct userid/password, otherwise no cookie is created. This is the code:

..etc // other code used to create the database

// Retrieve the number of records (rows)
$nrows = mysql_num_rows($result);

if($nrows == null)
{
?>
<div align="left">
<pre>
<font size="1" color="black">
You entered an incorrect userid and/or password. Please press the return
button to try again.
</font>
</pre>
</div>
<form method="post" action="Admin.php" name="frmFailedAuthentication" id="frmFailedAuthentication">
<input type="submit" value="Return" name="cmdClose" id="cmdClose">
</form>
<?php
exit;
}
else
{
?>
<div align="left">
<pre>
<font size="1" color="black">
You are now logged in <?php echo $userId ?>!
<?php
// Setting cookie for authorized user
$cookie_name = "auth";
$cookie_value = "Logged in";
$cookie_expire = "0";
$cookie_domain = "127.0.0.1";
setcookie($cookie_name, $cookie_value, $cookie_expire, "/", $cookie_domain, 0);
?>
</font>
</pre>
</div>
<form method="post" action="../admin/Loggedin.php" name="frmPassedAuthentication" id="frmPassedAuthentication">
<input type="hidden" value="<?php echo($userId); ?>" name="userId" id="userId">
<input type="submit" value="Continue" name="cmdClose" id="cmdClose">
</form>
<?php
}
?>

I guess what the problem is, when the user directly goes to Loggedin.php, the cookie has not been created yet and it gives me that error but should it? I'm copying this from the book.

Armond