I'm building web app aas my major project for degree. Simple login was working but now I'm trying to implement cookies and my script is not working for some reason. I need to find out why, but can't do for last 2h. Here is my question:
From login form variables are passed into my login script (no security for password or jql injection was implemented so far), when I press login errors comes up, "Error Loading Page", this is login script:
session_start();
$username = $_GET["name"];
$password = $_GET["password"];
$remember_me = $_GET['remember_me'];
include('mysql_connection.php');
mysql_select_db("jzperson_imesUsers", $con);
$res1 = mysql_query("SELECT * FROM temp_login WHERE username='$username' AND password='$password'");
$count1=mysql_num_rows($res1);
if(isset($_COOKIE['usr_IMes']) && isset($_COOKIE['psw_IMes'])){
$user_n = $_COOKIE['usr_IMes'];
$pasw_n = $_COOKIE['psw_IMes'];
$res2 = mysql_query("SELECT * FROM temp_login WHERE username='$user_n' AND password='$pasw_n'");
$count2=mysql_num_rows($res2);
if($count2 == 1){
$_SESSION['username'] = $user_n;
header('Location: http://imes,jzpersonal.com/userpanel.php');
}else {
setcookie('usr_IMes', $user_n, time() - 31*24*60*60);
setcookie('psw_IMes', $pasw_n, time() - 31*24*60*60);
header('Location: http://imes,jzpersonal.com/index.html');
}
}else{
if($count1==1){
$_SESSION['username'] = $username;
if(isset($remember_me)){
setcookie('usr_IMes', $username, time() + 30*24*60*60);
setcookie('psw_IMes', $password, time() + 30*24*60*60);
header("Location: http://imes.jzpersonal.com/userpanel.php");
}else{
header("Location: http://imes.jzpersonal.com/userpanel.php");
}
}else{
$login = "failed";
}
}
Can anyone see problem in my script? In login part? If not here is my authentication script on the start of every page, maybe my error is there:
session_start();
if(isset($_COOKIE['usr_IMes']) && isset($_COOKIE['psw_IMes'])){
$user_n = $_COOKIE['usr_IMes'];
$pasw_n = $_COOKIE['psw_IMes'];
$res2 = mysql_query("SELECT * FROM temp_login WHERE username='$user_n' AND password='$pasw_n'");
$count2=mysql_num_rows($res2);
if($count2 == 1){
header('Location: http://imes,jzpersonal.com/userpanel.php');
}else {
setcookie('usr_IMes', $user_n, time() - 31*24*60*60);
setcookie('psw_IMes', $pasw_n, time() - 31*24*60*60);
header('Location: http://imes,jzpersonal.com/index.html');
}
}else{
if(!isset($_SESSION['username']))
{
header('Location: http://imes.jzpersonal.com/index.html');
}
if(empty($_SESSION['username']))
{
header('Location: http://imes.jzpersonal.com/index.html');
}
}
Hope some error will be found, thank you for all your help.