This question already has an answer here:
I'm trying to make a login system in PHP but it isn't working as intended. The code is supposed to generate a random integer and assaign it to a cookie named "token", then it uploads the value of the cookie to a database. If there is no token, it redirects the user to a 404 page, or if the token isn't equal to the token in the database it also redirects the user to a 404 page. But when I login, instead of setting the token in the database to the cookie's value, it sets it to 2147483647. How can I make the PHP code set the token in the database to the cookie's value?
Code:
admin.php:
include_once "connect.php";
if (!empty($_POST['user']) && !empty($_POST['pass'])) {
$user = $_POST['user'];
$pass = $_POST['pass'];
$_user = mysqli_escape_string($conn, $user);
$_pass = mysqli_escape_string($conn, $pass);
$query = "SELECT * FROM supa WHERE user='$_user' AND pass='$_pass'";
$result = mysqli_query($conn, $query);
if (mysqli_fetch_assoc($result) > 0) {
setcookie("token", random_int(111, 8942));
$ok = $_COOKIE['token'];
$conn->query("INSERT INTO token (token) VALUES ('$ok')");
echo "<script>location.href = \"panel.php\"</script>";
} else {
echo "Wrong Cridentials";
}
}
panel.php:
include_once 'connect.php';
if (!empty($_COOKIE['token'])) {
$token = $_COOKIE['token'];
$query = "SELECT * FROM token WHERE token='$token'";
$result = mysqli_query($conn, $query);
if (mysqli_fetch_assoc($result) > 0) {
} else {
echo "<script>location.href = \"/\";</script>";
}
} else {
echo "<script>location.href = \"/\";</script>";
}
</div>
