So it seems I have a working registration/login script, basic, I know. I've been told that session_regenerate_id(); will set a cookie that is secure. Is this true? Have I done it right? is the script as a whole secure? How can I make it secure? My main question is how to create an if statement on the navigation bar that will display either the log in button (if user not logged in) or a logout button (if the user is logged in). And the same for register account/viewaccount. Here is my script: <?php include($_SERVER["DOCUMENT_ROOT"]."/community/database.php"); session_start(); $name = $_POST['name']; $password = md5($_POST['password']); $query = "SELECT * from community WHERE name='$name' and password='$password'"; $result = mysql_query($query); if (mysql_num_rows($result) != 1) { include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-head.php"); echo "<div class=\"advertise\">I need to have you tested for dementia! Please try again with the correct Name & Password combination.</div>"; include($_SERVER["DOCUMENT_ROOT"]."/community/login.php"); include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-foot.php"); } else { session_regenerate_id(); $boo=mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID']=$boo['name']; session_write_close(); header("location: http://www.airwalk-design.com/community/"); exit(); } ?>
what you have used are sessions, not cookies. Setting a cookie : setcookie($cookiename,$cookievalue); //you can google it to specify expirations, timing ect. Code (markup): Check if cookie exists : if (isset($_COOKIE[$cookiename]) && ($_COOKIE[$cookiename]==$cookievalue)) { echo "User logged in";} else { echo "Not logged in ";} Code (markup): Checking sessions : if (isset($_SESSION['SESS_MEMBER_ID']) && ($_SESSION['SESS_MEMBER_ID']!="")) { echo "User logged in";} else {echo "Not logged in";} Code (markup):
Well i think its best using only sessions. When user closes the browser the session will expire automatically, so no need to worrie. personaly i do use only sessions for login scripts.
I just can't get this to work. I must be doing something seriously wrong. I've set the cookie when the user logs in successfully. here: <?php include($_SERVER["DOCUMENT_ROOT"]."/community/database.php"); session_start(); $name = $_POST['name']; $password = md5($_POST['password']); $query = "SELECT * from community WHERE name='$name' and password='$password'"; $result = mysql_query($query); if (mysql_num_rows($result) != 1) { include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-head.php"); echo "<div class=\"advertise\">I need to have you tested for dementia! Please try again with the correct Name & Password combination.</div>"; include($_SERVER["DOCUMENT_ROOT"]."/community/login.php"); include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-foot.php"); } else { setcookie($name, $value, time()+3600*24); header("location: http://www.airwalk-design.com/community/"); } ?> And then in the menu bar which is sitewide I have : <?php if (isset($_COOKIE[$name])) echo "<a href=\"http://www.airwalk-design.com/community/view-account/\" id=\"navigation\">View Account</a> - <a //href=\"http://www.airwalk-design.com/community/logout/\" id=\"navigation\">Logout</a></h1> \"$name\"" . $_COOKIE[$name] . "!<br />"; else echo "<a href=\"http://www.airwalk-design.com/community/create-account/\" id=\"navigation\">Register Account</a> - <a //href=\"http://www.airwalk-design.com/community/login/\" id=\"navigation\">Log Into Account</a></h1>"; ?>
i think you shoud place a static cookie name, not dynameic coz you have no way to know wich user has logged in this way. So when you set the cookie place the name example : setcookie("USERNAME", $name, time()+3600*24); where $name is the value of your cookie. and when you check the cookie you know what to check for : if (isset($_COOKIE['USERNAME'])) ....
Nope, it insists on always displaying the 2nd echo (the else one). I know it's logged in because I've done MySQL queries and retrieved my own data
hmmm, well try to clear all cache and saved cookies and sessions andfstart over. This code shoud work : <?php include($_SERVER["DOCUMENT_ROOT"]."/community/database.php"); session_start(); $name = $_POST['name']; $password = md5($_POST['password']); $query = "SELECT * from community WHERE name='$name' and password='$password'"; $result = mysql_query($query); if (mysql_num_rows($result) != 1) { include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-head.php"); echo "<div class=\"advertise\">I need to have you tested for dementia! Please try again with the correct Name & Password combination.</div>"; include($_SERVER["DOCUMENT_ROOT"]."/community/login.php"); include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-foot.php"); } else { setcookie('username', $name, time()+3600*24); header("location: http://www.airwalk-design.com/community/"); } ?> <?php if (isset($_COOKIE['username'])) { echo "<a href=\"http://www.airwalk-design.com/community/view-account/\" id=\"navigation\">View Account</a> - <a //href=\"http://www.airwalk-design.com/community/logout/\" id=\"navigation\">Logout</a></h1> \"$name\"" . $_COOKIE['username'] . "!<br />"; } else { echo "<a href=\"http://www.airwalk-design.com/community/create-account/\" id=\"navigation\">Register Account</a> - <a //href=\"http://www.airwalk-design.com/community/login/\" id=\"navigation\">Log Into Account</a></h1>"; } ?> Code (markup):
I literally erased all browser data and then C&P'd what you wrote, nada. First bit into /community/confirm/index.php 2nd into /community/main-navigation.php which is included on all /community pages From my understanding, it sets the cookie upon successfully logging in, which then causes the menu navigation to display the view account and logout text instead of register account and log in? But if the else statement doesn't occur due to incorrect log in, it won't set and just displays the log in error?
ok then take it step by step, be sure that if (mysql_num_rows($result) != 1) { } is veryfied or not. Maybe you have diffrent accounts with the same credentials while doing tests so make it if (mysql_num_rows($result) == 0) { Code (markup): ... to be sure that there is no user at all with those credentials. But anywyas this shoudnt be the problem. It seems you cannot read cookies. The else from the first parte does that, sets the cookie if user is found on db then makes the header location. After another test place somthing like this somwhere on your script to see if you are able to read cookies : if (isset($_COOKIE)){ var_dump($_COOKIE);} else { echo "there are no cookies stored";} Code (markup): This way you can check if any cookie is stored or setcookie is not working at all.
I changed that (even though I only have one user in my database which is me), and added the other bit, and it returned this: array(7) { ["__switchTo5x"]=> string(2) "61" ["__utmz"]=> string(92) "187783096.1300969141.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=airwalk design" ["PHPSESSID"]=> string(26) "fegpmtghocrhq6s0j0qlqdutp2" ["__unam"]=> string(30) "6087161-12ee7cdb2c6-1ec7cb8-11" ["__utma"]=> string(54) "187783096.577011627.1300969141.1300969141.1300969141.1" ["__utmc"]=> string(9) "187783096" ["__utmb"]=> string(26) "187783096.11.10.1300969141" }
well it seems that the cookie is not setted at all, you shoud see a value like this : ["username"]=> string(x) "usernamehere" maybe its a webserver configuration problem that doesn allows cookie storing :S i just did a similar test and the script works. Try using sessions instead, it would be much easier.
I'll have to query that with them later then. I did try sessions and aways got the same result. Could you do me a full example of it?
its pretty simple just replace $_COOKIE with session anyways here is your code : <?php if (!isset($_SESSION)) { session_start();} include($_SERVER["DOCUMENT_ROOT"]."/community/database.php"); #check if is a post if (isset($_POST['name']) && ($_POST['name']!="")) { $name = $_POST['name']; $password = md5($_POST['password']); $query = "SELECT * from community WHERE name='$name' and password='$password'"; $result = mysql_query($query); if (mysql_num_rows($result) != 1) { include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-head.php"); echo "<div class=\"advertise\">I need to have you tested for dementia! Please try again with the correct Name & Password combination.</div>"; include($_SERVER["DOCUMENT_ROOT"]."/community/login.php"); include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-foot.php"); } else { $_SESSION['username'] = $name; header("location: http://www.airwalk-design.com/community/"); } } ?> code to check if session exists : <?php if (isset($_SESSION['username'])) { echo "<a href=\"http://www.airwalk-design.com/community/view-account/\" id=\"navigation\">View Account</a> - <a //href=\"http://www.airwalk-design.com/community/logout/\" id=\"navigation\">Logout</a></h1>" . $_SESSION['username'] . "!<br />"; } else { echo "<a href=\"http://www.airwalk-design.com/community/create-account/\" id=\"navigation\">Register Account</a> - <a //href=\"http://www.airwalk-design.com/community/login/\" id=\"navigation\">Log Into Account</a></h1>"; } ?> Code (markup):
:S man i dont know what else to say the problem might be somewhere else. This code is working for me, so i guess is a webserver problem if you cannot save sessions and cookies. Try it somwhere else to be sure you dont get the same result, and then talk to your hosting provider.
i also strongly suggest to use session and the code from bledileka should do the work. if it's not, check your php.ini setting. is the session save path configured properly?
not sure what that means, but I'm not allowed access to the php.ini file whats literally the most basic way to test this somewhere else?
well i'd suggest you use a local webserver, its very easy and useful. Use XAMPP or WAMP for full installation so it will become more easy for you to start doing tests.