2) On a side note, your query doesnt seem to be sql injection safe. for security, perhaps you should check inputs before runnign them into your db

see here for more hlep
[us3.php.net...]

this is the way i m setting the cookie...here $username =$_POST['username'];
username is the text input field..

I don think that the sql query is creating a problem coz the same code works well in other conditions for eg :

if( (!isset($_COOKIE['user'])) && (session_is_registered("password"))) {
if($Login){ // If clicked on Login button.
// Check matching of username and password.
$result=mysql_query("select * from users where username='$username' and password='$password'");
if(mysql_num_rows($result)!='0'){ // If match.
setcookie("user", $username, $time+3600);
if ($action == "") {
header("location:main.php");
} else {
header("location:$action.php");
} // Re-direct to main.php
exit;
}else{ // If not match.
$message=" Incorrect Username or Password ";
}
} // End Login authorize check.
if ($message!= ""){
echo "<div id=\"failure\">$message</div>";
}
displayform ();

this works well in all the browsers

?>

how are you getting your "$time"? or this a typo as you are trying to call the "time()" function as appose to a variable?

also i had a type earlier, it should have been
setcookie("user", $user, time()+3600);

<?
session_start();
if( (isset($_COOKIE['user'])) && (session_is_registered("password")) ){ /// if already signed in then redirect to main.php
header ("location: main.php");
}
include ('mysql.php');
$time = time();
$Login=$_POST['Login'];
$username=$_POST['username'];
$password=md5($_POST['password']); // Encrypt password with md5() function.
function displayform() {?>
<html>
<head>
<link type="text/css" rel="stylesheet" href="css.css">
<title>::: VSE Nepal ::: Login</title>
<style type="text/css">
<!--
.style1 {font-size: 80%}
-->
</style>
</head>
<body>
<div id = "forms">
<form id="form1" name="form1" method="post" action="">
<fieldset>
<legend>Login</legend>
<table align="center">
<tr>
<td class="querywhite">User : </td>
<td><div align="left" /> <? if (isset($_COOKIE['user'])) {
if (!session_is_registered("password")) {
echo $_COOKIE['user'];
} } else { echo "<input name=\"username\" type=\"text\" id=\"username\" />";
}?></div></td>
</tr>
<tr>
<td class="querywhite">Password : </td>
<td><input name="password" type="password" id="password" /></td>
</tr>
<tr>
<td><input name="Login" type="submit" id="Login" value="Login" /></td></tr>
</table>
<center><font size="-2">Forgot Username ¦ Forgot Password ¦ Register</center></font>
</fieldset>
</form>
</div>
</body>
</html>
<? }
/////////////////////////////LOGOUT SECTION///////////////////////////////////////////////////
$action = $_GET['action'];
if ($action == "logout") {
$check = "Logged Out";
$time = time();
if (isset($_COOKIE['user']))
{
unset($_SESSION['password']);
setcookie ("user", "", $time - 3600);
}
if($Login){ // If clicked on Login button.
// Check matching of username and password.
$result=mysql_query("select * from users where username='$username' and password='$password'");
if(mysql_num_rows($result)!='0'){ // If match.
setcookie("user", $username, $time+3600);
session_register("password");
header("location:main.php"); // Re-direct to main.php
exit;
}else{ // If not match.
$message=" Incorrect Username or Password ";
}
}
if ($message!= ""){
echo "<div id=\"failure\">$message</div>";
}
displayform();
} else if( ($action!= "logout") ){
///////////////////////////////////////////////////////////////////////////////////////////
if( (!isset($_COOKIE['user'])) && (!session_is_registered("password")) ) {
$message="";
if($Login){ // If clicked on Login button.
// Check matching of username and password.
$result=mysql_query("select * from users where username='$username' and password='$password'");
if(mysql_num_rows($result)!='0'){ // If match.

setcookie("user", $username, $time+3600);
session_register("password");
if ($action == "") {
header("location:main.php");
} else {
header("location:$action.php");
} // Re-direct to main.php
exit;
}else{ // If not match.
$message=" Incorrect Username or Password ";
}
} // End Login authorize check.
if ($message!= ""){
echo "<div id=\"failure\">$message</div>";
}
displayform ();
} else if( (isset($_COOKIE['user'])) && (!session_is_registered("password")) ) {
$message="";
$check="Cookie Yes. Session No.";

if($Login){ // If clicked on Login button.
$result=mysql_query("select * from users where username='" .$_COOKIE['user']."' and password='$password'");
if(mysql_num_rows($result)!='0'){ // If match.
session_register("password");
if ($action == "") {
header("location:main.php");
} else {
header("location:$action.php");
} // Re-direct to main.php
exit;
}else{ // If not match.
$message=" Incorrect Username or Password ";
}
}// End Login authorize check.
if ($message!= ""){
echo "<div id=\"failure\">$message $check</div>";
}
displayform();
} else if( (!isset($_COOKIE['user'])) && (session_is_registered("password"))) {
if($Login){ // If clicked on Login button.
// Check matching of username and password.
$result=mysql_query("select * from users where username='$username' and password='$password'");
if(mysql_num_rows($result)!='0'){ // If match.
setcookie("user", $username, $time+3600);
if ($action == "") {
header("location:main.php");
} else {
header("location:$action.php");
} // Re-direct to main.php
exit;
}else{ // If not match.
$message=" Incorrect Username or Password ";
}
} // End Login authorize check.
if ($message!= ""){
echo "<div id=\"failure\">$message</div>";
}
displayform ();
}}?>

Everything works well except for the condition : COOKIE SET, SESSION EXPIRED

error_reporting(E_ALL);

And see if that throws any errors.

dc

This is the warning i get

The problem was that the register_globals was turned on i had to turn it off...its now working fine....but my registration page is now not working fine :( ........Please see if u can help me in that..