Im creating a site with a basic login to use cookies ( this is a college assignment and so i don't need a registration page etc - i just need to show ive used cookies in the site) I have the below code:

login.htm

<table border="1" width="500px" height="400">
          <tr>
          <td> <center><h1>User Login </h1>
  <form name="login" method="post" action="login1.php">
   Username: <input type="text" name="username"><br><br><br>
   Password: <input type="password" name="password"><br><br><br>
   Remember Me: <input type="checkbox" name="rememberme" value="1"><br><br><br>
   <input type="submit" name="submit" value="Login!">
  </form></center> </td></tr></table>

login1.php

<?php
/* These are our valid username and passwords */
$user = 'louise';
$pass = 'password';

if (isset($_POST['username']) && isset($_POST['password'])) {

	if (($_POST['username'] == $user) && ($_POST['password'] == $pass)) {    
        
        if (isset($_POST['rememberme'])) {
            /* Set cookie to last 1 year */
            setcookie('username', $_POST['louise'], time()+60*60*24*365, '/htdocs', 'localhost');
            setcookie('password', md5($_POST['password']), time()+60*60*24*365, '/htdocs', 'localhost');
        
        } else {
            /* Cookie expires when browser closes */
            setcookie('username', $_POST['louise'], false, '/htdocs', 'localhost');
            setcookie('password', md5($_POST['password']), false, '/htdocs', 'localhost');
        }
        header("Location: http://localhost/index.php");
        
    } else {
        echo 'Username/Password Invalid';
    }
    
} else {
    echo 'You must supply a username and password.';
}
?>

index.php

<?php
/* These are our valid username and passwords */
$user = 'louise';
$pass = 'password';

if (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
    
    if (($_POST['username'] != $user) || ($_POST['password'] != md5($pass))) {    
        header('Location: http://localhost/index.htm');
    } else {
        echo 'Welcome back ' . $_COOKIE['username'];
    }
    
} else {
    header("Location: http://localhost/index.htm");
}
?>

This does not work though - if i input an incorrect username/password that says ive input an incorrect username/password - thats ok. But if I inpuut the correct username and password which are louise and password there is nothing to say welcome louise.. it just goes back to the index.htm.. any ideas what im doing wrong?????

Member Avatar

diafol

Is you index.php page actually accepting post data? I don't think so. The login1.php page is accepting the post data from the form, but this data is then lost as you move to a new page (index.php). In order to keep the data - you'll need to use something like sessions.

Right, like Ardav is saying, index1.php does not actually post anything to index.php, instead try using

if (($_COOKIE['username'] != $user) || ($_COOKIE['password'] != md5($pass)))

instead of

if (($_POST['username'] != $user) || ($_POST['password'] != md5($pass)))

Maybe that will help?

i changed the code but it still does nothing - not sure why it wont work....

Instead of relocating it, echo out a message 'wrong user/pass' or 'user/pass not set' for the two spots and maybe that will at least trouble shoot your problem. I can't tell if the cookies aren't setting right, sorry

Member Avatar

diafol

Personally, I'd use sessions to perpetuate data between pages. Cookies are useful for 'Remember Me' functionality, so you don't have to log in every time.

Place this in an include file (e.g. includes/functions.php) and put it into every page - right at the top.

<?php
  session_start();
  if(!isset($_SESSION['mysite']['username'])){
    if(isset($_COOKIE['username']) && isset($_COOKIE['password')){
       //check these values against your stored values - hardcoded or DB
       //if valid user:-
       $_SESSION['mysite']['username'] = $_COOKIE['username'];
       //also put other user values into session vars, e.g. rights level.
       //otherwise NOT logged in and not automatically stored
    }
  }
?>

Bet you're wondering where the cookie gets set - well that's from the login form handling page:

login_handler.php

<?php
session_start();
if(isset($_POST['username']) && isset($_POST['password']) && !isset($_SESSION['mysite']['username'])){ 
  //check to see whether post data is valid + verify
  if(isset($_POST['remember_me'])){
     // do your setcookie stuff for username and hashed password
  }
  //then send them back to the referring page with: 
  header("Location: {$_SERVER['HTTP_REFERER']}");
}else{
   //bad data - bump them back to a landing page, e.g. index.php with a header and an error flag
}
?>

The logout is then v. simple:

logout.php

<?php
session_start();
if(isset($_SESSION['mysite'])){
   unset($_SESSION['mysite'];
  //eat your cookies
}
header("Location: {$_SERVER['HTTP_REFERER']}");
?>

One thing this doesn't do is extend the cookie's expiry date every time you visit a page without needing to log in. You could set it up to do this very easily.