CODEWITHSUNDEEP
phpmysqlcookiessession-cookies
maxgee
maxgee

Reputation: 157

PHP Cookie User System If Statements

I am trying to get php to choose which link should appear depending on if this person is logged into my site using cookies.I tried to code this my self but it isn't working.So How would I go about doing this the right way here is my code:

<?php
if(isset($_COOKIE['maxgee_me_user'])) {
$username = $_COOKIE['maxgee_me_user']; 
$password = $_COOKIE['maxgee_me_password']; 
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))   

    { 



//if the cookie has the wrong password, echo's login 

    if ($password != $_COOKIE['maxgee_me_password']) 

        {           ?> <a href="logout.php"><?php echo "Logout"; ?></a> &nbsp;&nbsp 
         <?php
    else {
    ?> <a href="loginpage.php"><?php echo "User Login";} ?></a> &nbsp;&nbsp;

Upvotes: 0

Views: 570

Answers (3)

thomrand
thomrand

Reputation: 85

<?php
    if(isset($_COOKIE["maxgee_user"])) {
        $username = $_COOKIE["maxgee_user"];
        $password = $_COOKIE["maxgee_password"];
        $q = mysql_query("SELECT password FROM users WHERE username = '".$username."' AND password = '".$password."'");
        if(mysql_count_rows($q) > 0){
          print("<a href='/logoutpage.php'>Logout</a>");
        }else{
          print("<a href='/loginpage.php'>Login</a>");
        }
     }else{
          print("<a href='/loginpage.php'>Login</a>");
     }
 ?>

Quick and dirty. It's been years since i did any dev. in PHP, but i think i still remember the essentials. Remember to never trust input, included that saved in cookies, or you will be vulnerable to exploits. Good luck mate!

Upvotes: 0

xelber
xelber

Reputation: 4637

Quite a lot of errors on your code. First of all, you need to use both user name and password when checking if a valid user exist. Assuming you have the pwd saved as well in you table.

    $check = mysql_query("SELECT * FROM users WHERE username = '$username' AND password='$password'") or die(mysql_error());

And use mysql_num_rows($check)>0 to see if a valid user found. Following is a complete code, but do note this is bad coding practise which you say you are working on it.

<?php
if(isset($_COOKIE['maxgee_me_user']))
{
    $username = $_COOKIE['maxgee_me_user']; 
    $password = $_COOKIE['maxgee_me_password']; 
    $check = mysql_query("SELECT * FROM users WHERE username = '$username' AND password='$password'") or die(mysql_error());
    if (mysql_num_rows($check)>0) 
    {

        ?>
        <a href="logout.php">Logout</a> &nbsp;&nbsp 
        <?php
    }
    else
    {
        ?>
        <a href="loginpage.php"><?php echo "User Login"; ?></a> &nbsp;&nbsp;
        <?php
    }
}
else
{
    ?>
    <a href="loginpage.php"><?php echo "User Login"; ?></a> &nbsp;&nbsp;
    <?php
}
?>

Upvotes: 0

G-Nugget
G-Nugget

Reputation: 8846

You never read the password from the query. You have this at the top:

$password = $_COOKIE['maxgee_me_password'];

And you're comparing it to itself farther down:

if ($password != $_COOKIE['maxgee_me_password'])

You can fix it by replacing the comparison with this:

if ($password != $info['password'])

You're also missing some curly braces. You need to add one before the else and at the end of your code if that's not the end of the script. With formatting and the above fixes:

<?php
if(isset($_COOKIE['maxgee_me_user'])) {
    $username = $_COOKIE['maxgee_me_user']; 
    $password = $_COOKIE['maxgee_me_password']; 
    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
    $info = mysql_fetch_array( $check );
    //if the cookie has the wrong password, echo's login 
    if ($password != $info['password']){ ?>
        <a href="logout.php">Logout</a> &nbsp;&nbsp;
    <?php }else{ ?>
        <a href="loginpage.php">User Login</a>&nbsp;&nbsp;
    <?php
    }
}
?>

Upvotes: 1

Related Questions