Hi James,
Php on IIS or PWS are known to have problems with session and cookie. Try using session instead of cookie. That's the safest way. Also anyone can disable cookies on the client side where by your login authentcation may fail. So best way is use session instead of cookie. For details pls refer "php session handling" in the php Manual.
....SuDeEp....
James Nunnerley <webmaster@xxxxxxxxxxxxxxxxx> wrote:
I'm trying to create a simple login script for user to the web application I'm
writing. I previously wrote it for using PHP4 & Apache, however I've recently
had to move to IIS5, and also upgraded to PHP5.
[script]
if (isset($_POST["username"]) AND isset($_POST["password"])) {
$res=mysql_query('SELECT username, password, agent_id FROM user where
username="'.$_POST["username"].'"');
if (mysql_num_rows($res)==0) {
$message="Username does not exist.";
} elseif (mysql_num_rows($res)==1) {
while ($user=mysql_fetch_array($res)) {
if (strtolower($user["password"])!=strtolower($_POST["password"])) {
$message="Incorrect Password.";
} else {
setcookie("username",$user["username"],time()+31449600,"/");
setcookie("agent_ID",$user["agent_id"],time()+31449600,"/");
setcookie("logged_in",time(),time()+60*60*12,"/");
header("Location: http://".$_SERVER["HTTP_HOST"]."/";);
exit;
}
}
}
}
[/script]
The above works fine on Apache, but on IIS, it would seem no cookie is set.
I've found something suggesting I change php.exe to nph-php.exe - is this true,
does it work - it seems a little drastic - is there another way around it?
Cheers as ever
Nunners
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
