I am trying to use authentication cookies.
This page works after user input and transfer.
<?
if ((!$_POST[username]) || (!$_POST[password])) {
header("Location: show_login.html");
exit;
}
$db_name = "testDB";
$table_name = "auth_users";
$connection = @mysql_connect("localhost", "user", "pass") or die(mysql_error());
$db = @mysql_select_db($db_name, $connection) or die(mysql_error());
$sql = "SELECT * FROM $table_name WHERE username ='$_POST[username]' AND password = password('$_POST[password]')";
$result = @mysql_query($sql, $connection) or die(mysql_error());
$num = mysql_num_rows($result);
if ($num != 0) {
$cookie_name = "auth";
$cookie_value = "ok";
$cookie_expire = "0";
$cookie_domain = "domain.com.au";
setcookie($cookie_name, $cookis_value, $cookie_expire, "/", $cookie_domain, 0);
$display_block = "
<p><strong>Secret Menu:</strong></p>
<ul>
<li><a href=\"secretA.php\">secret page A</a>
<li><a href=\"secretB.php\">secret page B</a>
</ul>";
} else {
header("Location: show_login.html");
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Secret Area</title>
</head>
<body>
<? echo "$display_block"; ?>
</body>
</html>
If you click on secretA.php or secretB.php, I am redirected to re-login, it should work. here is the code. secretB.php
<?php
if ($_COOKIE[auth] == "ok") {
$msg = "<p>Welcome to secret page B, authorised user! </P>";
} else {
header( "Location: /show_login.html");
exit;
}
?>
<HTML>
<HEAD>
<title>Secret Page B:</title>
</HEAD>
<BODY>
<? echo "$msg"; ?>
</BODY>
</HTML>
source
share