On Mon, Jul 06, 2009 at 12:03:34AM -0400, Jason Carson wrote:
> Hello everyone,
>
> I am trying to create a PHP login script using cookies but am having some
> troubles. Here is my setup
>
> index.php -> authenticate.php -> admin.php
>
> I want a login form on index.php that allows me to login with my username
> and password and then passes $_POST['username'] and $_POST['password'] to
> authenticate.php
>
> Then authenticate.php authenticates against a database of allowed users
> (Which I already have setup and it works fine), if a valid user has
> entered the correct information then admin.php is loaded...
>
> header("location:admin.php");
>
> ...the admin.php code would look something like the following..
>
> Code: [Select]
> <?php
> if (isset($_COOKIE['username'])) {
> echo "success!";
> } else {
> echo "Failure";
> }
> ?>
>
> So basically I think I need to create a cookie from index.php OR
> authenticate.php and then pass the information to admin.php.
> I set the cookie like this...
>
> setcookie("Admin", $username);
>
> Which file(index.php OR authenticate.php) do I create the cookie and how
> do I access the information in the cookie on admin.php?
Just think about it. I assume you're not going to allow someone to run
admin.php unless they're authenticated. And you plan to determine
whether they're authenticated by checking a cookie. So you can only set
that cookie *after* you've authenticated them. Which means you'll need
to set the cookie after you've processed the results from
authenticate.php. My practice is generally to make forms re-entrant.
That is, the data returned from authenticate.php would be processed by
authenticate.php. You'd need to put a branch in authenticate.php to
determine if this is a fresh invocation of the file, or if the user is
returning data to you. The second time through, you check the returned
values against your database and set your cookie.
Checking the value in the cookie is as you detail it above:
$_COOKIE['blahblah'].
Paul
--
Paul M. Foster
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
