I'm trying to do a simple login script that uses a cookie to check if the user has logged in or not (website admin) ive been trying different things since about noon plus looking through all my php books and even checking php.net and i cant find the answer anywhere....
The cookie is working correct.. keeps users out of the admin area if they dont have a cookie from the login.. but with set cookie in the validation script to check against mysql the validation dont work anymore and it allows anything to be entered and accepted as a legit login then sets a cookie and allows anyone to access the admin area...
Here is the code to the validation script:
<?PHP
$user = $POST['username'];
$pass = $POST['password'];
setcookie("admin", "$user", "0");
$db = mysql_connect("localhost","*******","******");
mysql_select_db("********",$db);
$query = mysql_query("SELECT * FROM admin WHERE username = '$user' && password = '$pass'");
if ($query = true) {
//I need to figure out how to redirect here
echo "<a href='*****************************'>Click Here</a>";
} else {
//I need to figure out how to close a cookie here
echo "You must login in to access this page!";
}
?>
Here is the code at the start of the admin page to verify the username exists in mysql or if a cookie is set and if it doesnt its supposed to die and go to "You must be logged in" but dont.. 🙁
<?PHP
if(isset($COOKIE['admin'])){
$user = $COOKIE['admin'];
$db = mysql_connect("localhost","*********","*******");
mysql_select_db("**********",$db);
$query = mysql_query("SELECT * FROM admin WHERE username = '$user'");
if ($query = false) {
echo "You must be logged in!";
} else {
//The admin page is here..
}
}
} else {
echo "You must be logged in!";
}
?>
Would i not want the setcookie in validating the login or somethin?
thanks to anyone thats able to help me out..
Buddy
