Some info please

artizan

Hi ppl
I’m new to all this hence newbie’s section. However I’ve created a addmember section to my site and login area which uses mysql. This all works a treat and im very pleased with it.

I now want to add some type of validation/security to my site, and im thinking of using cookies. What im trying to do is this: a new user fills in the addmember page. When this is done, I want a cookie to be sent with there user name password. Then should the user come back, and use the login page, it will check to see if a cookie is set, and if so let them in to the secure area, else redirect them to the login page. Is this possible?

Thanks for any input.

drawmack

don't put their password into a cookie

artizan

Not even if i use the secure method?

Will i guess it can be anything really, as long at its uniqe to the user.

Can you help at all?

Thanks in advance

artizan

Ok this is my code so far. however i get an error on line 23 and im not sure how to resolve.

<?php
//check for required fields from the form
if ((!$POST[username]) || (!$POST[password])) {
header("Location: login.php");
exit;
}

//connect to server and select database
$conn = mysql_connect("localhost", "root", "blah") or die(mysql_error());
mysql_select_db("members",$conn) or die(mysql_error());

//create and issue the query
$sql = "select email from users where username = '$_POST[username]' AND password =

'$_POST[password]';
$result = mysql_query($sql,$conn) or die(mysql_error());

//get the number of rows in the result set
if (mysql_num_rows($result) == 1) {
//if authorized, get the values
$username = mysql_result($result, 0, 'username');

//set authorisation cookie
setcookie("auth", "1", 0, "/", "localhost", 0);

//prepare message for printing, and user menu
$msg = "<P>$f_name $l_name is authorised!</p>";
$msg .= "<P>Authorised Users' Menu:";
$msg .= "<ul><li><a href=\"member.php\">secret page</a></ul>";
} else {
echo "not working";
//redirect back to login form if not authorised
//header("Location: login.php");
//exit;
}
?>

Please help

siwis

Not sure you can use "localhost" as the URL chunk of the cookie set.

setcookie('authpassed', "1", time() + 5184000, "", "www.thesite.com", 0);

You can then set up a cookie check which, before looking for username and passw variables being posted, looks for the "authpassed" cookie and redirects straight away. You certainly don't need to store, and shouldn't really store, a password in a cookie. Your cookie simply simply needs a yes/no value to determine whether the user is authenticated.

artizan

Thanks Siwis...

Thing is, the site is not real, it just runs from my server, not live. So im kinda stuck if i cant use localhost. Im new to cookies, so im not sure where in the line of code its going wrong, unless like you say its the path..

The error im getting is
Parse error: parse error, unexpected T_STRING in C:\Apache Group\Apache2\htdocs\RGCSite_01\member.php on line 23

siwis

So the abvious thing to do is to assess which line is line 23.
Then inspect the code within that line for irregularities.

We can't assume which is line 23 in the code you posted because it might not be the full script.

siwis

Taking a closer look, it could well be your $sql statement

$sql = "select email from users where username = '" . $_POST['username'] . "' AND password = '" . $_POST['password'] . "'";

When using $_POST[] variables, I always like to ensure that I've broken out to concatenate the variable value rather than assume it is correctly written into the string.

But you were missing a double quote from the end of the $sql anyway.