I have a very simple login script.
<?php
$username = "######";
$password = "######";
$hostname = "######";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("logindashboard", $dbhandle);
$myusername = $_POST['user'];
$mypassword = $_POST['pass'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$query = "SELECT * FROM logindashboard.login WHERE user='$myusername' and pass='$mypassword'";
$result = mysql_query($query);
$count = mysql_num_rows($result);
mysql_close();
if($count==1){
$seconds = 5 + time();
setcookie(loggedin, date("F jS - g:i a"), $seconds);
header("location:index2.php");
}else{
echo 'Incorrect Username or Password';
}
?>
When users log in and are taken to my homepage. They log in, however the page is set to refresh after 45 seconds using meta refresh.
<META HTTP-EQUIV="REFRESH"CONTENT="45;URL=index2.php">
The only problem with this is, after 45 seconds they appear to be get taken back to the login screen rather than the page they are already on.
This is what I use on the index2.php file at the very top of the page.
<?php require_once('../../../.config2.php');
if(!isset($_COOKIE['loggedin'])){
header("location:index.php");
}
?>
Any help would be great!
first of all your problem is that you don't wrap your
loggedinin apostrophes. the line should be look like this, to set the login cookie correctlynow to your script logic. don't use cookies to check if a user is flagged as
loggedin. i don't know any user/password combination and can bypass your script simple by setting manually a cookie with the nameloggedIn.try to use
sessionsto check if a user is loggedIn.sessiondata is stored server-side and can't manually edited by the client.like this
your
index2.phpwould look like thisthis is much more safer then using cookies. as you see you don't need a meta tag to redirect users. use the php
headerfunction to redirect directly users