Php Login Help

[RenegadeFX]

ok so I've never really done this in php so I just need a little help with this heres the code I have so far :)Login.php

<body><div align="center">	<div class="BannerLogo">				</div>		<div class="Content">			<div class="NavBar">				<?php				include("../Includes/Navigation.php");				?>				</div>				<div class="ContentCol">			<form name="LoginForm" method="post" enctype="multipart/form-data" action="/Login/LoggingIn.php">				<label for="Email" class="Labels">Email:</label>		<br />		<input type="text" name="Email" id="Email" class="Field" />		<br />		<label for="Password" class="Labels">Password</label>		<br />		<input type="password" name="Password" id="Password" class="Field" />		<br />		<input type="submit" name="Login" value="Login" />				</form>				</div>		</div></div></body>

and heres the other page :)LoggingIn.php

<?php$Email 	= $_POST['Email'];$Pass	= $_POST['Password'];$Conn = mysql_connect("server", "root", "");if (!$Conn) {	die('Could not connect: ' . mysql_error());}mysql_select_db("Database", $Conn);$Results = mysql_query("SELECT UserId, Email, Password, FirstName, LastName FROM Users WHERE LOWER(Email) =  '" . strtolower($Email) . "' AND Password = '" . $Pass . "'");if(mysql_num_rows($Results) == 0) {	header("location: /Login/?Failed=true");}else {	while($Row = mysql_fetch_array($Results)) {		$Expires = time() + 60*60*24*30;		setcookie('UserId', $Row['UserId'], $Expires);	}}?>

so what I want it to do is check to see if the email and password match an email and password in the database,if they do then create a cookie with the value of the UserId and then go to the Home Page and thats just the part that I can't get please Help.

[justsomeguy]

Is the script not working? It looks like you're checking the database and setting a cookie. If you only need to redirect you just send a location header and quit:header('Location: home.php');exit();

[RenegadeFX]

Ok yeah that worked just fine but now the cookie isn't working (sorry I'm new to php )heres the home pageIndex.php

	<?php		if(isset($_COOKIE['UserId']) && $_COOKIE['UserId'] != '') {	echo 'Ok you are now Logged in as ' . $_COOKIE['UserId'] . ' :)';}		else {	echo "Nope your not logged in :(";}				?>

[justsomeguy]

Oh, right. If you're setting a cookie you shouldn't use a header redirect, you should use an HTML meta redirect instead. Some browsers will ignore the cookie header if they also get a location header.

...setcookie('UserId', $Row['UserId'], $Expires);echo <<<EOT<html><head><title>Thank You</title><meta http-equiv="refresh" content="2;URL=home.php"></head><body><a href="home.php">Redirecting...</a></body></html>EOT;exit();

You can style the HTML stuff if you want to center the message or change the text. Change the "2" in the meta tag if you want to change the number of seconds before it redirects. This is the type of "thanks for logging in" page you see on a lot of sites.Be careful when pasting that code, the EOT; line must not have any spaces before it, character 1 on that line should be the E.

[RenegadeFX]

Nope for some reason that doesn't work either

[s-p-n]

Those scripts look like they should work.I cleaned them up a little bit, a few things were a bit redundant. Also, you should use mysql_real_escape_string to prevent SQL injections.

<?php$Email 	= mysql_real_escape_string($_POST['Email']);$Pass 	= mysql_real_escape_string($_POST['Password']);$Conn 	= mysql_connect('server', 'root', '');if (!$Conn) {	die('Could not connect: ' . mysql_error());}mysql_select_db('Database', $Conn);$Results = mysql_query('SELECT UserId FROM Users 						WHERE LOWER(Email) =  "' . strtolower($Email) . '" 						AND Password = "' . $Pass . '" LIMIT 1');if(mysql_num_rows($Results) == 0) {	header('location: /Login/?Failed=true');}else {	$Row 		= mysql_fetch_array($Results)	$Expires 	= time() + 60*60*24*30;	setcookie('UserId', $Row['UserId'], $Expires);?><html>	<head>		<title>Thank You</title>		<meta http-equiv="refresh" content="2;URL=home.php">	</head>	<body>		<a href="home.php">Redirecting...</a>	</body></html><?php}?>

There's really no point in stressing that <html> is the VERY first thing the browser see's, it's good and all, but one line of white space won't hurt anything, so why not just use regular HTML for the message? The while loop isn't necessary for only one row.This should work for the checking process:

<?php		if(strlen($_COOKIE['UserId'])>0) {	echo 'Ok you are now Logged in as ' . $_COOKIE['UserId'] . ' :)';}		else {	echo "Nope your not logged in :(";}				?>

You only need to make sure that the length (strlen; string length) of userId is greater than 0. using (isset($str) && $str!='') will return the expected result, but it's easier to check a single thing.Take note that we only selected the UserID from the database because that's all we're using. We also want MySQL to stop looking for more values after it finds a match. It helps the SQL execute faster if we tell it to grab one row, from one column (id), rather then having it look through all of the rows for that matching email and password even after it finds a match.Later on you might run into a need for more complex checking, like ranks, groups, etc. In that case, a while loop is necessary and we can use the acronym(*;ALL) when selecting from the database. As for logging a user in simply to check later, you'll only need their ID.Hope that works & helps