Hi guys!
I have now tried to take some of your hints into consideration, by
encrypting the password with md5 adding a salt.
As some of you pointed out, this code is the work of a newbie, that is
totally correct, so please bear with me ;)
I have tried to implement a cookie to remember the login for 48 hours, but
it still logs the user out after the default 24min for a session like this:
* //We compare the submited password and the real one, and we
check if the user exists*
* if($dn['password']==$password and mysql_num_rows($req)>0)*
* {*
* *
* //If the password is ok, we set the $loginok var to
true*
* $loginok = true;*
* //If the password is good, we dont show the form*
* $form = false;*
* *
* }*
* if ($loginok = true)*
* {*
* if ($remember=="on")
*
* setcookie("username",
$username, time()+7200*24);*
* elseif ($remember=="")
*
* //We save the user name in the session username and the
user Id in the session userid*
* $_SESSION('username')=$username; *
* $_SESSION['userid'] =
$dn['id'];*
* $_SESSION['usr_level'] =
$dn['usr_level'];*
*
*
*.*
*.*
*.*
*.*
*.*
*.*
*}*
Another problem I am now facing, is to check whether to user is logged in,
and if it is the user should be redirected from the index-page(with the
login-form) to its user area based on the user level(newbie, advanced or
admin).
For now I have written a function, in the config.php.
*function loggedin()*
*{*
* if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))*
* {*
* $loggedin = true;*
* return $loggedin;*
* }*
*}*
I have both tried to include the config.php into the index-page(login-form)
and into the connexions.php script (where cookie is implemented). Along with
this code:
*<?php*
*
*
*if (loggedin==true)*
*{*
* if($usr_level == admin)*
* {*
* ?>*
*<div class="message">You have successfuly been logged in. You can now
access the admin area.<br />*
*<?php header("Location: index_admin.php"); ?></div>*
*<?php*
* }*
* if($usr_level == newbie)*
* {*
* ?>*
*<div class="message">You have successfuly been logged in. You can now
access to the newbie area.<br />*
*<?php header("Location: index_newbe.php"); ?></div>*
*<?php*
* }*
* if($usr_level == advanced)*
* {*
* ?>*
*<div class="message">You have successfuly been logged in. You can now
access the advanced area.<br />*
*<?php header("Location: index_advanced.php"); ?></div>*
*<?php*
* }*
* *
*}*
*
*
*?> *
*
*
This does not redirect an alredy logged in user to its user area...
I know this is messy, but if some of you can spot some improvements that
hopfully can fix my cookie and redirect problem, please let me know.
Tanks a lot!
