View Full Version : Another Login Script issue

10-12-2009, 10:19 PM
could someone please fill me in on how to keep the session alive..


I login.. no problem..
It shows the username that is logged in..

the problem..

when I goto a different page within the website is stop showing the username that is logged in.. and shows the login screen again.

Thanks in advance.


10-12-2009, 10:25 PM
Did you include session_start(); at the top of every page? That's a start. If so, please post some code.

10-12-2009, 10:40 PM
I have not... I guess I should..

Thanks.. I will let ya know.


10-12-2009, 10:42 PM
added that to 2 pages just to test..

the index page and the page that I was clicking on to test..?


10-12-2009, 11:32 PM
I was looking though my cookies to see if the cookie is created.. and it is not..

but when I logout ther is one..??

any thoughts..?


10-12-2009, 11:44 PM
Could you post some of your code? It makes it a lot easier to diagnose that way.

10-12-2009, 11:52 PM
PHP SESSIONS are stored on the server, not on the user's PC (like cookies).
So, they are like "server cookies".

Sessions will expire when the user closes their browser, or "logs-out", if you have
that feature on your site. And yes, we need to see your code.

10-12-2009, 11:55 PM

// Connects to your Database
mysql_connect("localhost", "***", "***") or die(mysql_error());
mysql_select_db("db") or die(mysql_error());

//Checks if there is a login cookie

//if there is, it logs you in and directes you to the members page
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM gsiteusers WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
if ($pass != $info['email'])
header("Location: welcome.php");


//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['username'] | !$_POST['email']) {
echo "You did not fill in a required field.";
// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
$check = mysql_query("SELECT * FROM gsiteusers WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
echo "That user does not exist in our database. <a href='reg.php' target='middle'>Click Here to Register</a>";
while($info = mysql_fetch_array( $check ))
$_POST['email'] = stripslashes($_POST['email']);
$info['email'] = stripslashes($info['email']);
$_POST['email'] = md5($_POST['email']);

//gives error if the password is wrong
if ($_POST['email'] != $info['email']) {
echo "Incorrect email, please try again.";


// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['email'], $hour);

//then redirect them to the members area
echo "Welcome, <font color=red><b>".$_POST['username']."</b></font> to the Slayer's Intranet";
echo "<br><a href=\"syslogin/logout.php\">Logout</a>";
header("Location: notwelcome.php");

// if they are not logged in
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1></h1></td></tr>
<input type="text" name="username" size="10" maxlength="40">
<input type="text" name="email" size="10" maxlength="50">
<tr><td colspan="2" align="right">
<input type="hidden" name="date" value="date">
<input type="submit" name="submit" value="Login">



header('Location: index.php');
$past = time() - 100;
//this makes the time in the past to destroy the cookie
setcookie(ID_my_site, gone, $past);
setcookie(Key_my_site, gone, $past);


If need be I could send you the link to the site with a temp password and username to see what is happening.

Thanks again.. in advance.


10-13-2009, 03:05 AM
It's too bad they are only using cookies for this ...
I think it poses a big security issue.

Normally, SESSIONS are used for the login, and if there is a checkbox to
"remain logged-in", that alone uses a cookie that validates against the database,
and a session is established. The cookie really does nothing except tell the script
that the user has permission to establish a session.

Too many changes required to convert your script.
I really recommend you find a newer, more secure "membership" script.

To answer your question though, EVERY page you have needs to have the whole
upper part of the script that opens the database, reads, checks cookie, etc.
A whole lot of processing when simple SESSIONS could be used instead.

Sorry I don't have a better answer, but that's the scoop.

10-13-2009, 05:09 AM
Thanks for the input..

I have no issues with what you have to say.. I will always take what you have to say as knowledge.

I would love it if you could lead me down the path to a new and more secure heading.

Thanks, Slayer.

10-13-2009, 02:38 PM
Thank you all for your help.

I found a solution and have now got it implemeted.


10-13-2009, 03:25 PM
Slayer ...
For others viewing this thread,
what was the solution?
Did you find another script?

10-13-2009, 07:43 PM
Yes I found another script that would allow me to get what was needed after you told me that the current script was not what I was looking for.

when I get home tonight I will post the script.

if that is okay..

thanks, Slayer

10-13-2009, 09:16 PM
Yea ... or post the link to it.
There might be some others on here who have the same issue as you had.