Faulty log-in script

Ryodox · May 28, 2007

<?
	include('config.php');

if (($_POST['auth'] == addslashes($authpass_1)) || ($_POST['auth'] == addslashes($authpass_2)))
{
	$_POST['auth'] == addslashes($authpass_2) ? setcookie("auth", 2, time()+3600, "/") : setcookie("auth", 1, time()+3600, "/");
	print "<SCRIPT TYPE=\"text/javascript\">alert('Successfully authorized.');\n"
	."self.location = 'membership.php';</SCRIPT>";
}
elseif ($_GET['action'] == "logout")
{
	setcookie("auth", FALSE);
	print "<SCRIPT TYPE=\"text/javascript\">alert('Logged out.');\n"
	."self.location = 'membership.php';</SCRIPT>";
}
else
	print "<SCRIPT TYPE=\"text/javascript\">alert('Incorrect password.');\n"
	."self.location = 'membership.php';</SCRIPT>";
?>

This is a simple log-in script I made, but the problem is that it doesn't properly unset the cookie when the user logs out. Users are, however, able to properly log in. The passwords are stored as variables in the "config.php" file, and "membership.php" is the main page. All I need the login.php to do is handle setting and unsetting of cookies and return to the membership.php page, and display an alert that the user has logged in or out. I'm guessing that this isn't the best way to go about this, so could anyone else contribute an improvement to my code?

jmack159 · May 29, 2007

to unset the cookie, you need to set the cookie again, but with the time in the past, like so:

setcookie("auth", "", time()-3600, "/")

that will destroy the cookie.

Faulty log-in script

RRyodox

Jjmack159