Forum Moderators: coopster
<?php
// valid login credentials
$username = 'admin';
$password = 'admin_pass';
// grab current time
$time=time();
// handle the logout event
if ($logout == true) {
setcookie ("user", md5($_POST[user]), $time-3200);
setcookie ("pass", md5($_POST[pass]), $time-3200);
header("Location: index.php");
}
// handle validation event
if ($_POST[user] && $_POST[pass]) {
if ($_POST[user]==$username && $_POST[pass]==$password) {
setcookie ("user", md5($_POST[user]), $time+3200);
setcookie ("pass", md5($_POST[pass]), $time+3200);
header("Location: index.php");
} else { $login_error= true; }
}
// handle login event, both successful and erroneous, or show login screen
if ($login_error == true) {?>
<table align=center style="font-family:arial; font-size:12; border:1 solid #000000;">
<tr><td align=center bgcolor=#123dd4>LOGIN ERROR</td></tr>
<tr><td align=center><b>Invalid Username and/or Password</b><br><br><a href=index.php>Back</a></td></tr>
</table>
<?
} elseif ($_COOKIE[user] == md5($username) && $_COOKIE[pass] == md5($password)) {?>
<table align=center style="font-family:arial; font-size:12; border:1 solid #000000;">
<tr><td align=center bgcolor=#123dd4>SECURE AREA</td></tr>
<tr><td align=right><a href=index.php?logout=true>Logout</a></td></tr>
<tr><td>You have successfully logged in.<br><br>
Encrypted Username: <b><?= $_COOKIE[user]?></b><br>
Encrypted Password: <b><?= $_COOKIE[pass]?></b><br>
</td></tr>
</table>
<?
} else {
?>
<form action=index.php method=post>
<table align=center style="font-family:arial; font-size:12; border:1 solid #000000;">
<tr><td colspan=2 align=center bgcolor=#123dd4>LOGIN</td></tr>
<tr><td align=right>Username: </td><td><input type=text name=user size=15></td></tr>
<tr><td align=right>Password: </td><td><input type=password name=pass size=15></td></tr>
<tr><td align=center colspan=2><input type=submit value=Login></td></tr>
</table>
</form>
<?
}
?>
The problem is when i enter the correct username and password it should execute the code in the "elseif" condition but it doesn't. Instead, it executes the code in the "else" condition displaying the login form.
Can someone help?
It won't work as you have it. Cookie data are made available to the current page via an http request on an existing cookie. They are set as an http header, which is what you are doing with setcookie(). Those cookie data are no more available to the current script than the data from your form that has yet to be submitted.
In other words, the cookie is not available on the user's machine until after the headers are sent. You should just test against the $_POST variable as you did previously (or actually, when you test against the post variables, you should set $login_error to false and that would be your 'else' condition)... or you coudl set a session... or many other things.
A few other thing with your script
- array indexes. You should use
$_POST['user'] not $_POST[user]
They are not the same thing.
Why do you set the cookie on logout? Don't you want to clear the cookie? so it should be something like
setcookie ("user", '', $time-3200);
good luck
tom
