Hi, here are 2 scripts..login.php & members.php, but the login page can't redirect me to the member page & no error has been showing. plz help. Login.php........................................ <?php $database="admin"; $username="root"; $password=""; $connect=mysql_connect("localhost",$username,$password) or die ("Couldn't connect to the databse" . mysql_error()); mysql_select_db($database,$connect) or die ("Couldn't select database" . mysql_error()); // Check if there is any login cookie if(isset($_COOKIE['sanjay'])) // if there is a cookie then it redirects to the member page { $username=$_COOKIE['sanjay'] ; $password=$_COOKIE['bhowmick']; $check=mysql_query("select * from users where user_name='$username'") or die ("Couldn't select" . mysql_error()); while ($info=mysql_fetch_array($check)) { if($pass!=$info['password']) { } else { header("Location:members.php"); } } } // If the login form is submitted if (isset($_POST['submit'])) { if(!$_POST['username']|!$_POST['password']) { die ("You did not fill up the required field."); } // checks it against the database if(!get_magic_quotes_gpc()) { $_POST['username']=addslashes($_POST['username']); } $check=mysql_query("select * from users where user_name='$username'") or die ("Couldn't select" . mysql_error()); // if user doesn't exist $finalcheck=mysql_num_rows($check); if($finalcheck==0) { die("User doesn't exist <a href=regis.php>Click Here to Register</a>"); } while($info=mysql_fetch_array($check)) { $_POST['password']=stripslashes($_POST['password']); $info['password']=stripslashes($info['password']); $_POST['password']=md5($_POST['password']); // gives error if password is wrong if ($_POST['password']!=$info['password']) { die ("Incorrect Password"); } else { // if login is ok, we add a cookie $_POST['username']=stripslashes($_POST['username']); $hour=time()+3600; setcookie('sanjay',$_POST['username'],$hour); setcookie('bhowmick',$_POST['password'],$hour); header("Location:members.php"); } } } else { // If they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> <table border="0"> <tr> <td colspan="2"><h1>Login</h1></td> </tr> <tr> <td>Username</td> </tr> <tr> <td><input type="text" name="username" maxlength="40"></td> </tr> <tr> <td>Password</td> </tr> <tr> <td><input type="password" name="password" maxlength="50"></td> </tr> <tr> <td colspan="2" align="right"> <input type="submit" value="Login"></td> </tr> </table> </form> <?php } ?> Code (markup): ------------------------------------------------------------------------ Members.php......................................... <?php $database="admin"; $username="root"; $password=""; $connect=mysql_connect("localhost",$username,$password) or die ("Couldn't connect to the databse" . mysql_error()); mysql_select_db($database,$connect) or die ("Couldn't select database" . mysql_error()); // check cookies to make sure that they are logged n if (isset($_COOKIE['sanjay'])) { $username=$_COOKIE['sanjay']; $password=$_COOKIE['bhowmick']; $check=mysql_query("select * from users where user_name='$username'") or die ("Couldn't connect to the databse" . mysql_error()); while ($info=mysql_fetch_array($check)) { // if the cookie has wrong password.. redirect to the login page if($_password!=$info['password']) { header("Location:login.php") ; } // Otherwise show the admin are else { echo "Admin area<p>"; echo "My content<p>"; echo "<a href=logout.php>Logout</a>"; } } } else // if the cookie doesn't exist... redirect to the login page { header ("Location:login.php") ; } ?> Code (markup):
you are overwriting your $username and $password variables: $username=$_COOKIE['sanjay'] ; $password=$_COOKIE['bhowmick'];