Hello…
I am trying to make my script identify if the user is logged in or not, and if they arent then it will restrict calling the pages directly from the browser… I am pretty much basing my scripts on [URL=http://forums.webdeveloper.com/showthread.php?s=&threadid=9950]THIS THREAD
login.php
[code=php]
<?PHP
if (isset($_POST[“login”])) {
$frmuser = $_POST[“user”];
$frmpass = $_POST[“pass”];
//DB Variables
$user = “***”; #username
$pass = “***”; #password
$dbname = “***”; #database name
$tablename = “***”; #table name
$dbh = mysql_connect (“localhost”, “$user”, “$pass”) or die (‘I cannot connect to the database because: ‘ . mysql_error());
mysql_select_db (“$dbname”);
$query = “SELECT * FROM $tablename WHERE user=’$frmuser'”;
if (mysql_db_query ($dbname, $query, $dbh)) {
$result = mysql_query($query);
$num_rows = mysql_num_rows($result);
if ($num_rows != 0) { #if a username was found
while($row = mysql_fetch_array($result)) {
if ($row[“pass”] == $frmpass) { #if password matches the one in the DB
include ‘index_logged.php’;
setcookie (“verified”, true);
header(“Location:http://www.jdm71488.com/???????”);
}
else { #if it did not match
echo “Password Incorrect”;
}
}
}
else { #if a username was not found
echo “Username Incorrect”;
}
}
mysql_close ($dbh);
}
?>
I added <? include_once(“protect.php”); ?> to all of my protected pages, and changed .html to .php on them all…
When I log in with login.php it gives me access denied when I enter the right information. I enter the wrong username, or password it works fine, and it will display wrong username, or wrong password… But when I log in with my user and pass, it gives me the access denied page. Which is on the protect.php page found in the link… Pyro may know what I am talking about…
My questions are… Is my login.php script right? I dont think it is where I added the set cookie part. Also where to I put the header for that cookie? Is it to my home page or where?