I am trying to set up a PHP-based login sytem on my website, and this is what I have so far.
I have a login page running this PHP script:
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$success_page = './class_resources.php';
$error_page = './class_resources.php';
$database = './n2e2w0li1f0e0.php';
$crypt_pass = md5($_POST['password']);
$found = false;
$logindata = array();
if(filesize($database) == 0)
{
header('Location: '.$error_page);
exit;
}
else
{
$items = file($database);
foreach($items as $line)
{
list($username, $password) = explode('|', trim($line));
$logindata[$username] = $password;
if ($username == $_POST['username'])
{
$found = true;
}
}
}
if($found == false)
{
header('Location: '.$error_page);
exit;
}
if($logindata[$_POST['username']] == $crypt_pass)
{
session_start();
$_SESSION['username'] = $_POST['username'];
$rememberme = isset($_POST['rememberme']) ? true : false;
if ($rememberme)
{
setcookie('username', $_POST['username'], time() + 3600*24*30);
setcookie('password', $_POST['password'], time() + 3600*24*30);
}
header('Location: '.$success_page);
exit;
}
else
{
header('Location: '.$error_page);
exit;
}
}
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$password = isset($_COOKIE['password']) ? $_COOKIE['password'] : '';
?>
I then have the password-protected page (newlifeforhealth.com/class_resources.php) running this script:
<?php
session_start();
if(!isset($_SESSION['username']))
{
header('Location: ./login.php');
exit;
}
?>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
session_start();
unset($_SESSION['username']);
header('Location: ./logout.php');
exit;
}
?>
When I try to login, the username and password are authenticated, but when the browser tries to load the password protected page I am redirected to the "access-denied". Is something wrong with my coding? Any suggestions?
Thank you!
