Set Cookie Login Script !!! HELP !!!

Seldimi · #1 (**permalink**) 11-05-03, 11:49 AM

Any good soul want to clean this code ??? I Get a lot of errors

(Username1 and Password1 are posted by a separate form and function_connect.php includes database connection. I saw it on a tutorial but couldn't make it work ....

PHP Code:


			
<?php



$username1 = $_POST['user'];

$password1 = $_POST['pass'];

include "function_connect.php";



// valid login credentials 

if ($username1 && $password1) { 

$sql="SELECT id, username, password FROM pointgather WHERE 

username='$username1' AND password='$password1'";

$result = mysql_query ($sql) or die('Error: ' . mysql_error());

$user_data = mysql_fetch_array ($result);

$id = $user_data ['id'];

$username = $user_data ['username'];

$password = $user_data ['password'];



 if ($user_data['id'] > 0) { 

  setcookie ("user", md5($user_data['username']));  

  setcookie ("pass", md5($user_data['password']));  

  print "success"; 

 } else { $login_error= true; } 

} 



// grab current time 

$time=time(); 



// handle the logout event 

if ($logout == true) {     

 setcookie ("user", md5($username1), $time-3200);  

 setcookie ("pass", md5($password1), $time-3200);  

// header("Location: index.php"); 

} 



// handle validation event 

if ($_POST[user] && $_POST[pass]) {     

 if ($username1==$username && $password1==$password) { 

  setcookie ("user", md5($username1), $time+3200);  

  setcookie ("pass", md5($password1), $time+3200);  

 // header("Location: index.php"); 

 } else { $login_error= true; } 

} 



// handle login event, both successful and erroneous, or show login screen 

if ($login_error == true) { ?> 

 <table align=center style="font-family:arial; 

font-size:12; border:1 solid #000000;"> 

  <tr><td align=center bgcolor=#123dd4>LOGIN ERROR</td></tr> 

  <tr><td align=center><b>Invalid Username and/or Password</b><br><br>

<a href=index.php>Back</a></td></tr> 

</table> 

<? 

} elseif ($_COOKIE[user] == md5($username) && $_COOKIE[pass] == 

md5($password)) { ?> 

 <table align=center style="font-family:arial;

 font-size:12; border:1 solid #000000;"> 

  <tr><td align=center bgcolor=#123dd4>SECURE AREA</td></tr> 

  <tr><td align=right>

<a href=index.php?logout=true>Logout</a></td></tr> 

  <tr><td>You have successfully logged in.<br><br> 

   Encrypted Username: <b><?=  $_COOKIE['user'] ?></b><br> 

   Encrypted Password: <b><?= $_COOKIE['pass'] ?></b><br> 

  </td></tr> 

</table> 

<? 

}

?>

NeverMind · #2 (**permalink**) 11-05-03, 02:21 PM

first thing I noticed is that you are not checking if the user name existed or not !? you just assigned ID,user and password to cookie !
and then you are using MD5() to encyrpt the username ?? why ? also it is recommended to encrypt the password in database not in cookie !! not to mention it's a security risk to store the password in a cookie ..

Stefan · #3 (**permalink**) 11-06-03, 03:50 AM

storing the md5'ed password in the cookie is not an extreme security risk though if you can avoid it, you should avoid it

encrypting the username is slightly useless, thats for sure.

you said you were getting errors. what kind of errors do you get?

Seldimi · #4 (**permalink**) 11-06-03, 08:46 AM

Multiple errors

I am sure this code is not correct, can sb fix it ?

Stefan · #5 (**permalink**) 11-06-03, 03:35 PM

can you please post the errors here, so it is easier for us to check what might be wrong? we can not test this code on our local system since we don't have your full system that this is a part of.

Seldimi · #6 (**permalink**) 11-08-03, 05:45 AM

Here is the zip file with the 2 files I try to run ...

The Hooded · #7 (**permalink**) 11-08-03, 07:05 AM

I took a look at your script an it looks like it would work depending on the version and configuration of your php.
I sugguest that you check your
phpinfo()
to see how yours is setup and version you are using.
And if your uploading this to a different server know it's PHP information and setup.