Im making a simple login for my adminpage. But I get the ERR_TOO_MANY_REDIRECTS error when I try to logg back in when I logged out. When I remove my cookies it works again so I think my logout file doenst remove the cookie correctly. I'm using chrome.
Login.php:
<?php
//Connects to your Database
mysql_connect("db location", "username", "password") or die(mysql_error());
mysql_select_db("database name") or die(mysql_error());
//Checks if there is a login cookie
if(isset($_COOKIE['ID_your_site'])){ //if there is, it logs you in and directes you to the members page
$username = $_COOKIE['ID_your_site'];
$pass = $_COOKIE['Key_your_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )){
if ($pass != $info['password']){}
else{
header("Location: login.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) {
// makes sure they filled it in
if(!$_POST['username']){
die('You did not fill in a username.');
}
if(!$_POST['pass']){
die('You did not fill in a password.');
}
// checks it against the database
if (!get_magic_quotes_gpc()){
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0){
die('That user does not exist in our database.<br /><br />If you think this is wrong <a href="login.php">try again</a>.');
}
while($info = mysql_fetch_array( $check )){
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']){
die('Incorrect password, please <a href="login.php">try again</a>.');
}
else{ // if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_your_site, $_POST['username'], $hour);
setcookie(Key_your_site, $_POST['pass'], $hour);
//then redirect them to the members area
header("Location: members.php");
}
}
}
else{
// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>
Logout.php
<?php
$past = time() - 100;
//this makes the time in the past to destroy the cookie
setcookie(ID_my_site, gone, $past);
setcookie(Key_my_site, gone, $past);
header("Location: login.php");
?>
members.php
<?php
//Connects to your Database
mysql_connect("db location", "username", "password") or die(mysql_error());
mysql_select_db("database name") or die(mysql_error());
//checks cookies to make sure they are logged in
if(isset($_COOKIE['ID_your_site'])){
$username = $_COOKIE['ID_your_site'];
$pass = $_COOKIE['Key_your_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )){
//if the cookie has the wrong password, they are taken to the login page
if ($pass != $info['password']){
header("Location: login.php");
}
//otherwise they are shown the admin area
else{
echo "Admin Area<p>";
echo "Your Content<p>";
echo "<a href=logout.php>Logout</a>";
}
}
}
else{ //if the cookie does not exist, they are taken to the login screen
header("Location: login");
}
?>
Aucun commentaire:
Enregistrer un commentaire