Hi, I am having a bit of trouble with a login scritp I have written. I have a script setting some cookies (so i know when the user is logged in) and on my other pages i use a scrip to see if they are logged in, If they are logged in it give them a menue, if not it just has sign up / register.

The problem i am getting is, sometimes the cookie works and sometimes it doesn't. Is there anything i can change/add to make this more reliable or is there a better way to write a log in/out script.

Thanks!!

Here is the code i have setting/removing the cookie:

if(isset($_COOKIE["email"])) {
    setcookie("email", "", time() - 3600);
    setcookie("pass", "", time() - 3600);
    setcookie("ID", "", time() - 3600);
    header("Location: http://www.down2party.com/myadspace/home.php");
    exit;
}

$pass = $_POST['pass'];
$email = $_POST['email'];

if($email != "" && $pass != "") {

    $DB = mysql_query("select * FROM adbayUser WHERE email = '$email' AND password = '$pass'"); 
    $results = mysql_fetch_array($DB);
    $num_rows = mysql_num_rows($DB); 

        $email1 = $results['email'];
        $pass1 = $results['password'];
        $ID = $results['ID'];

    if ($num_rows == 1) {
        setcookie("email", $email1);
        setcookie("pass", $pass1);
        setcookie("ID", $ID);
        header("Location: http://www.down2party.com/myadspace/home.php");
        exit;
    } else {
        $error = "Invalid email or password";
        include "login.php";
    }

} else {
    $error = "username or email was blank";
    include 'login.php';
}

Here is the code I have checkin if the cookie is set. (this code appears on all pages the user can navigate to)

if(isset($_COOKIE["email"])) {
    echo ('Logged in');
    $loggedIn = "true";
    $logInOut = "Log out";
    $page = "usercheck.php";
} else {
    echo ('Logged out');
    $logInOut = "Log in";
    $page = "login.php";
    $loggedIn = "false";
}


$email = $_COOKIE["email"];
$password = $_COOKIE["pass"];
$ID = $_COOKIE["ID"];

would really appreciate some help/advice!

setcookie("email", $email1);
setcookie("pass", $pass1);
setcookie("ID", $ID);

should be:

setcookie("email", $email1,time()+3600);
setcookie("pass", $pass1,time()+3600);
setcookie("ID", $ID,time()+3600);
//setcookie(cookie name, cookie value, cookie expire unix timestamp);
//time() = NOW in seconds since 1970, -3600 would make it expire an hour ago

Oh and this at the top:

if(isset($_COOKIE["email"])) {
    setcookie("email", "", time() - 3600);
    setcookie("pass", "", time() - 3600);
    setcookie("ID", "", time() - 3600);
    header("Location: http://www.down2party.com/myadspace/home.php");
    exit;
}

is deleting the cookie whenever it is set, how i check logins is generate a token and update the database and set a cookie.

 if ($num_rows == 1) {
        //not a good idea to store password in cookie
        $token = md5(rand());
        setcookie("token", $token);
        $Q = "UPDATE users SET token = '$token' WHERE userid = {$userid}";
        if(mysql_query($Q)){
            header("Location: http://www.down2party.com/myadspace/home.php");
            exit;
        }else{
            echo "login error: ".mysql_error();
            exit;
        }
    } else {

Then at the top:

if(isset($_COOKIE["token"]) && ctype_alnum($_COOKIE["token"])) {
    $Q = "SELECT `userid`,`email1`,`username` FROM users WHERE token = '{$_COOKIE["token"]}'";
    $R = mysql_query($Q);
    if(mysql_num_rows($R) == 1){
        //logged in
        $userdata = mysql_fetch_assoc($R);
        //$userdata contains email and any user data in the select query
   }else{
        //not logged in
        header("Location: http://www.down2party.com/myadspace/home.php");
        exit;
    }
}else{
    //not logged in
    header("Location: http://www.down2party.com/myadspace/home.php");
    exit;
}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.