Hi all,
I wonder if any of you have this problem before..
I have a login page with "checked box remember me" - It is working fine in my localhost machine I can see the COOKIE in my browser's option setting (Firefox).
But now the problem is: When I run the script in my test server; and do exactly the same thing..the COOKIE did not seem know.
When I logged in as an admin and checked the box. And closed all the browser. Then, open the browser (Firefox)and go to the index page (landing page) then it redirect me to the login page instead. I looked the at COOKIE setting in my Firefox and I can it is stored there.
Any ideas whats wrong?
Here are the codes:
The folder includes contains: application_top.php, connection.php, global.php, cookie.php, autologin.php
application_top.php
require 'connection.php';
require 'global.php';
require 'cookie.php';
cookie.php
$cookie_name = 'siteAuth';
$cookie_expire = (3600 * 24 * 30); // 30 days
connection.php
session_start();
//All the connection to DB
global.php
if (!isset($_SESSION['authuser'])){
header ("location: login.php");
exit();
}
login.php
require 'includes/connection.php';
require 'includes/autologin.php';
require 'includes/cookie.php';
$error_msg = "";
if (!empty($_POST)) {
//If variable `username` and `password` are set do the following
if(!empty($_POST['username']) && (!empty($_POST['password']))){
$_POST['password'] = md5($_POST['password']);
$query = "SELECT `username`, `admin` FROM `user` WHERE `username` = '".$_POST['username']."' AND `password` = '".$_POST
['password']."'";
// Send a MySQL query
$result = mysql_query($query);
//Get number of rows in result
$num_rows = mysql_num_rows($result);
if ($num_rows == 1) { //Any record?
$row = mysql_fetch_array($result);
//session_start();
$_SESSION['username'] = $_POST['username'];
$_SESSION['authuser'] =0;
if ( isset($_POST['rememberme']) && $_POST['rememberme'] == "on" ) {
setcookie ($cookie_name, 'usr=' . $_POST['username'] .
'&hash='.$_POST['password'], time() + $cookie_expire);
}
if ( $row['admin'] == 1 ) {
$_SESSION['authuser'] =1;
}
header ("Location: indexlist.php");
exit();
} else {
$error_msg = "Invalid username/password combination!";
}
}
else {
$error_msg = "Please enter your username and password to view this page!";
}
}
?>
[HTML FORM CODE]
autologin.php
<?php
if(isset($cookie_name))
{
// Check if the cookie exists
if(isset($_COOKIE[$cookie_name]))
{
parse_str($_COOKIE[$cookie_name]);
$query = "SELECT `username`, `admin` FROM `usar` WHERE `username` = '". $usr ."' AND `password` = '". $hash . "'";
// Send a MySQL query
$result = mysql_query($query);
//Get number of rows in result
$num_rows = mysql_num_rows($result);
if ($num_rows == 1) {
$row = mysql_fetch_array($result);
$_SESSION['authuser'] =0;
// Register the session
$_SESSION['username'] = $row['username'];
//$_SESSION['username'] = $_POST['username'];
if ( $row['admin'] == 1 ) {
$_SESSION['authuser'] =1;
}
header ("Location: indexlist.php");
exit;
}
}
echo "cookie is not set";
}
?>
logout.php
<?php
session_start();
session_destroy();
$cookie_name = 'siteAuth';
$cookie_expire = (3600 * 24 * 30); // 30 days
if(isset($_COOKIE[$cookie_name]))
{
setcookie ($cookie_name, '', time() - $cookie_expire);
}
header("Location: login.php");
exit();
?>
