Yet another problem with password authentication script

Xeon

I am able to login successfully; yet when I reload the page, I am prompted once again for a password. What's wrong here?

 session_start();
 session_register("password");
 $HTTP_SESSION_VARS["password"] = $_POST["password"];

 if(isset($_SESSION["password"]) && $_SESSION["password"]=="thepassword"){
  echo "good pswd";
 }elseif(isset($_SESSION["password"]) && $_SESSION["password"]!="thepassword"){
  echo "<p>
   Incorrect password.
  </p>
      <form method=\"post\" action=\"/admin/index.php\">
       Password:
       <input type=\"password\" name=\"password\" size=\"20\">
       <br />
       <input type=\"submit\" value=\"Login\">
      </form>";
 }else{
  echo "<form method=\"post\" action=\"/admin/index.php\">
       Password:
       <input type=\"password\" name=\"password\" size=\"20\">
       <br />
       <input type=\"submit\" value=\"Login\">
      </form>";
 }

crazychris

when using $_SESSION you don;t need to use session_register()

$HTTP_SESSION_VARS["password"] should be $_SESSION['password'] ??

Xeon

Still not working... :S

Xeon

Perhaps I need to use a cookie instead?

samudasu

First of all you should READ the manual carefully for sessions since you're making several mistakes that the manual explains clearly.

Your first code block should look like this:

session_start();
$_SESSION["password"] = $_POST["password"];

Your second code block should have session_start() at the beginning.

Xeon

I've decided to use a cookie instead, but now I'm getting a parse error:

Parse error: syntax error, unexpected '{' in C:\Websites\chandlerhilldesign\admin\index.php on line 22

$password==$_POST["password"];
 if($password!=NULL){
  setcookie("AdminPassword",$password,time()+60*60*24);
 }

 if(isset($_COOKIE["AdminPassword"]) && $_COOKIE["AdminPassword"]=="thepassword"){
  echo"good password!";
 /*line 22*/}elesif(isset($_COOKIE["AdminPassword"]) && $_COOKIE["AdminPassword"]!="thepassword"){
  echo "<p>
   Incorrect password.
  </p>
      <form method=\"post\" action=\"/admin/index.php\">
       Password:
       <input type=\"password\" name=\"password\" size=\"20\">
       <br />
       <input type=\"submit\" value=\"login\">
      </form>";
 }else{
  echo "<form method=\"post\" action=\"/admin/index.php\">
       Password:
       <input type=\"password\" name=\"password\" size=\"20\">
       <br />
       <input type=\"submit\" value=\"login\">
      </form>";
 }

Xeon

What am I doing wrong here?

$password==$_POST["password"];
 if($password!=NULL){
  setcookie("AdminPassword",$password,time()+60*60*24);
 }

 if(isset($_COOKIE["AdminPassword"]) && $_COOKIE["AdminPassword"]=="thepassword"){
  echo"good password!";
 /*line 22*/}elesif(isset($_COOKIE["AdminPassword"]) && $_COOKIE["AdminPassword"]!="thepassword"){
  echo "<p>
   Incorrect password.
  </p>
      <form method=\"post\" action=\"/admin/index.php\">
       Password:
       <input type=\"password\" name=\"password\" size=\"20\">
       <br />
       <input type=\"submit\" value=\"login\">
      </form>";
 }else{
  echo "<form method=\"post\" action=\"/admin/index.php\">
       Password:
       <input type=\"password\" name=\"password\" size=\"20\">
       <br />
       <input type=\"submit\" value=\"login\">
      </form>";
 }

The result:

Parse error: syntax error, unexpected '{' in C:\Websites\chandlerhilldesign\admin\index.php on line 22