So I'm using cookies to identify a user and prevent someone who isn't logged in access. This is the check code for the page
if (!isset($_COOKIE['username']) && !isset($_COOKIE['password']))
{
header("location:clientlogin.php");
}
However, this is only half of the check. Here is my problem. My url is formated like this
site.com/?Client=$Client&Product=$Product
Now before I do anything, I wanna make sure that the cookie username matches the info in the link. I have to grab info from the DB first I think, because $Client is last name while username is E-mail column. I've tried comparison of cookies, I just fail at it.
Second, I want to prevent url tampering, as current setup allows anyone to change $Client and $Product and get information that doesn't belong to them. However, whenever I insert a check like this:
if($Client != $LastName)
{
header("location:clientlogin.php");
}
Where I already have $Client (page starts with GET) it creates a redirect loop and I can't login. Each time I log in and get redirected to that page, I get back to clienlogin.php I'm guessing if I can compare the cookie username (it lasts a year by the way) to the actual data, I might be able to solve both problems?
I hope I provided enough info, and would be cool if you went easy on me, this is a first project I'm learning on.
Thank you!
