User Access Using Php & Mysql

[royarellano]

Hello All:I'm fairly new to PHP development and I have a few quesitons. I've developed a basic website which contains a directory which has files with forms to update the websites content, a Content Management System (CMS) per-say. I've included a username and password login form which will post to itself, upon returning to itself it should run some PHP code which should query the MySQL db. If it is a valid username and password then a cookie is set and the viewer is directed using the "header" code to the cms main page. No all the cms pages have a bit a code at the top which states that if the correct cookie is not set in the system then that viewer is not logged in and therefore will be redirected (header again) to the login page. All the pages are in PHP. I've divided the three main codes blocks below, can anyone review and tell me where I could be going wrong. What I am getting right now is that the user log's in, but the login error is kicked off stating that the username and password are invalid. Thanks.[LOGIN PAGE]<?php require("../php/dbConn.php"); require("../php/userCon.php"); $logInErrors = false; if(count($_POST) > 0) { $U = $_POST['fldUsername']; $P = $_POST['fldPassword']; openDBConn($dbcon); newLogIn($U, $P); if(newLogIn($U, $P)) { header('Location: cmsmain.php'); } else { $logInErrors = true; } }?>[dbConn.php PAGE]<?php function openDBConn($dbcon) { $dbcon = mysql_connect("localhost", "xxxxxxxxx", "xxxxxxxxx"); if(!$dbcon) { die('Could not connect: ' . mysql_error()); } mysql_select_db("xxxxxxxx", $dbcon); } function closeDBConn($dbcon) { mysql_close($dbcon); }?>[userCon.php PAGE]<?php function isLogedIn() { if(isset($_COOKIE["c61uAuth"]) && $_COOKIE['c61uAuth'] == 'true') { return true; } else { return false; } } function newLogIn($U, $P) { $selectuser = ("SELECT usrAccess FROM t_axxess WHERE usrAccess = '$U' AND usrPass = '$P'"); $row = openDBConn($selectuser); if($row != null) { setcookie("c61uAuth", urlencode("true")); setcookie("c61uAuthName", urlencode($rows[0]['usrAccess'])); return true; }else { return false; } } function logOut() { setcookie("c61uAuth", urlencode("")); setcookie("c61uAuthName", urlencode("")); unset($_cookie['u']); }?>

[Wander]

the code is pretty messy...not sure where to start, but here are a few things:in function logOut() u say: unset($_cookie['u']);if ur using the php $_COOKIE variable, then it should be in capitals, and using unset() on it doesnt remove he cookies, but just disables it in that scriptat the loginpage u have:newLogIn($U, $P);if(newLogIn($U, $P)){...}i dont see the use of calling the function newLogIn 2 times?then in the function newLogIn u have:$selectuser = ("SELECT usrAccess FROM t_axxess WHERE usrAccess = '$U' AND usrPass = '$P'");$row = openDBConn($selectuser);this doesnt really make sense, first of all u dont call the function mysql_querythen what u do is passing this query (or a result if u would use mysql_query) to openDBConn, and expect it to give a result backbut what openDBConn does is opening a connection to the database, the first parameter in it also seems pretty useless, since it gets overwritten in the first line of the functionu also never set any expiration time in setcookie(), which i guess would mean the cookies expire right away

[royarellano]

Thank you so much!So to clarify, the cookie setting can be fixed by making sure it is scriptted properly (using caps) and to remove it from the browser simply set the expiration date to a prior time, right?In the second statement you state that I shouldn't call the function newLogIn, so remove it, gotcha.As to your third statement, you state that I'm not calling the query function. I will review and make sure I put it in, thanks. You've been a great help.

[royarellano]

Okay, here is the updated code, still no go, what am I missing? I did not include the dbConn.php page because it is properly written and functions correctly; however these to still need some help, now the index.php page doesn't even show up, so something is off and I don't seem to see it:[index.php - MAIN LOGIN PAGE]<?php require("../php/dbConn.php"); require("../php/userCon.php"); $logInErrors = false; if(count($_POST) > 0) { $U = $_POST['fldUsername']; $P = $_POST['fldPassword']; openDBConn($dbcon); if(newLogIn($U, $P)) { header('Location: cmsmain.php'); } else { $logInErrors = true; } }?>[userCon.php PAGE]<?php function isLogedIn() { if(isset($_COOKIE["c61uAuth"]) && $_COOKIE['c61uAuth'] == 'true') { return true; } else { return false; } } function newLogIn($U, $P) { require("dbConn.php"); openDBConn($dbcon); $sql = "SELECT usrFullName FROM t_axxess WHERE usrAccess = '$U' AND usrPass = '$P'"; $rows = mysql_query($sql, $dbcon); if($rows != null) { setcookie("c61userAuth", urlencode("true"), time()+3600); setcookie("c61userAuthName", urlencode("true"), time()+3600); return true; }else { return false; } } function logOut() { setcookie("c61uAuth", urlencode("true"), time()-3600); setcookie("c61uAuthName", urlencode("true"), time()-3600; unset($_COOKIE['u']); }?>Thanks to everyone who took the time to help-out.

[clonetrooper9494]

In logout(), setcookie("c61uAuthName", urlencode("true"), time()-3600;you forgot the ) at the end.You are also requiring dbConn.php twice at begining of script and in newlogin(), or unless it doesn't work because of passing variables...setcookie("c61userAuth", urlencode("true"), time()+3600);and if(isset($_COOKIE["c61uAuth"]) && $_COOKIE['c61uAuth'] == 'true')the cookies have different names...Other than that, I don't see anything majorly wrong, try checking the name of everything, are your table names correct? DB connection username and password? are the column names right? Recheck everything, and it still doesn't work, then try looking at this and restarting. You should backup your old one, and take a look at it, maybe you want $_SESSIONS instead of $_COOKIES? Unless somebody else can find problems with yours.