I am trying to make a simple cookie-based login script for my website, and I'm having problems. Here's what I have so far in the login.php file:
<?php
// check for required fields from the form
if ((!$_POST[id]) || (!$_POST[password])) {
header("Location: login.html");
exit;
}
// connect to server and select database
$conn = mysql_connect("localhost", "username", "password")
or die(mysql_error());
mysql_select_db("my_db",$conn) or die(mysql_error());
// create and issue the query
$sql = "SELECT first_name, last_name FROM users WHERE id =
'$_POST[id]' AND password = password('$_POST[password]')";
$result = mysql_query($sql,$conn) or die(mysql_error());
// get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {
// if authorized, get the values of first_name last_name
$first_name = mysql_result($result, 0, 'first_name');
$last_name = mysql_result($result, 0, 'last_name');
// set authorization cookie
setcookie("auth", "1", 0, "/", "mydomain.com", 0);
// prepare message for printing, and user menu
$msg = "<P>$first_name $last_name is authorized!</P>";
$msg .= "<P>Authorized Users' Menu:";
$msg .= "<ul><li><a href=\"user_page.php\">User Page</a></ul>";
} else {
// re-direct back to login form if not authorized
header("Location: login.html");
exit;
}
?>
<html>
<head>
<title>User Control Panel</title>
</head>
<body>
<?php print "$msg"; ?>
</body>
</html>
Everytime I try to login from login.html, I am re-directed back to login.html. I tested different links, and the I get re-directed back when it gets to the code block with the comment "re-direct back to login form if not authorized." So that means it doesn't think I'm authorized. I've checked for typos in my database over and over, but I just can't find a mistake. Can somebody help?
