On Mon, Jul 6, 2009 at 1:45 AM, Jason Carson<jason@xxxxxxxxxxxxxx> wrote:
>> Hello everyone,
>>
>> I am trying to create a PHP login script using cookies but am having some
>> troubles. Here is my setup
>>
>> index.php -> authenticate.php -> admin.php
>>
>> I want a login form on index.php that allows me to login with my username
>> and password and then passes $_POST['username'] and $_POST['password'] to
>> authenticate.php
>>
>> Then authenticate.php authenticates against a database of allowed users
>> (Which I already have setup and it works fine), if a valid user has
>> entered the correct information then admin.php is loaded...
>>
>> header("location:admin.php");
>>
>> ...the admin.php code would look something like the following..
>>
>> Code: [Select]
>> <?php
>> if (isset($_COOKIE['username'])) {
>> echo "success!";
>> } else {
>> echo "Failure";
>> }
>> ?>
>>
>> So basically I think I need to create a cookie from index.php OR
>> authenticate.php and then pass the information to admin.php.
>> I set the cookie like this...
>>
>> setcookie("Admin", $username);
>>
>> Which file(index.php OR authenticate.php) do I create the cookie and how
>> do I access the information in the cookie on admin.php?
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
> I finally got it working. I needed to setcookie() in login.php. Also, the
> names of the cookies(Using setcookie()) where wrong (The names where
> "Admin" when they should have been "adminuser" and "adminpass") Once I
> fixed that then the following worked in admin.php...
> <?php
> if (isset($_COOKIE['adminuser']) && isset($_COOKIE['adminpass'])) {
> echo "Success";
> } else {
> echo "Failed";
> }
> ?>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
You're not storing anything usable in the adminpass cookie, are you?
It sort of sounds like you're storing a password, or even a passhash,
in the cookie and you might want to rethink what that cookie contains
to prevent session hijacking.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
