I have a script that authorizes the user and sets a cookie but when I
run the script it takes the username and password sets the
cookie. Verifies the cookie is set and then runs the rest of the code
on the page. except it does not pass on the user name. I have to do a
manual refresh to get it to pull the data from the database using
the username furnished by the cookie. Look at the code below. how can
I overcome this refresh problem.
This is the script that calls the userauth.php file look at the
userauth.php file below
include("../inc/dataconf.inc");
include("userauth.php");
include("../inc/function.inc");
conf();
$username = $user_name;
$db = MYSQL_CONNECT($roothostname,$rootusername, $rootpassword) OR DIE("Unable to
connect to database");
$query = "Select * from customers,datsubd,plans where datsubd.id = customers.id and
customers.cusername='$username'and plans.planno=customers.plan";
$result=mysql_db_query($dbName,$query);
$row = mysql_fetch_array($result);
?>
<? include("top.inc");?>
<table width="100%" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td colspan="3"></td>
</tr>
<tr>
<td width="25%" align="left" valign="top"><?php include("left.inc");?> </td>
<td width="100%" align="center" valign="top">
#########################################################
Userauth.php
function query($query)
{
Global $roothostname,$rootusername, $rootpassword,$dbName;
// Connect to DB
if (!$link = @MYSQL_CONNECT($roothostname,$rootusername, $rootpassword))
{
$result = 0;
die("db connect error");
}
else
{
// Select DB
if (!@mysql_select_db($dbName, $link))
{
$result = 0;
die("db select error");
}
else
{
// Execute query
if (!$result = @mysql_query($query, $link))
{
$result = 0;
die("db query error");
}
}
}
@mysql_close($link);
return $result;
}
function login_user($user_name, $password)
{
// Form our sql query
$result = query("SELECT * FROM customers WHERE cusername ='$user_name'");
$row = mysql_fetch_array($result);
if (($row["cusername"] == $user_name) AND ($row["cpassword"] == $password) AND
($user_name != ""))
{
// User has been authenticated, send a cookie
$user_id = $row["cusername"];
$encryptedpassword = md5($password);
SetCookie("LoginCookie", "$user_id-$encryptedpassword", time()+50); // 3600
expires one hour from now you can increse this if you what it to last longer
$success = 1;
} else {
$success = 0;
}
return $success;
}
function verify_auth($cookie)
{
// Split the cookie up into userid and password
$auth = explode("-", $cookie);
$query = query("SELECT * FROM customers WHERE cusername = '$auth[0]'");
$row = mysql_fetch_array($query);
$encryptedpassword = md5($row["cpassword"]);
if (($row["cusername"] == $auth[0]) AND ($encryptedpassword == $auth[1]) AND
($auth[0] != ""))
{
$success = 1;
} else {
$success = 0;
}
return $success;
}
function display_loginform()
{
global $SCRIPT_URL,$user_name;
?>
<table width="400" border="1" align="center">
<form name=login action="<?$SCRIPT_URL?>" method=post>
<tr><td bgcolor=black><font face="Arial" color=white
size=2><b>Login<b></font></td></tr>
<tr><td><font face="Arial" color=black size=2>Name <input name="user_name" value=""
size=10> Password <input name="password" type=password value=""
size=10></font></td></tr>
<tr><td><font face="Arial" color=black size=2> <input type="submit" value="Login">
<input type=reset value="Clear"></font></td></tr>
</form>
</table>
<?
exit;
}
//////////////// script entry point here
$SCRIPT_URL=getenv("SCRIPT_NAME");
if($LoginCookie) // if cookie exists, check authenticity
{
$authenticated=verify_auth($LoginCookie);
if($authenticated==0) display_loginform();
} else {
$login=login_user($user_name,$password);
if($login==0) display_loginform();
}
// if user has logged in, the script carries on here....
$cookie_var = split("-", $LoginCookie);
// this variable contains who the user is logged in as!
$username = $cookie_var[0];
Best regards,
Richard
mailto:[EMAIL PROTECTED]
