Not displaying the username???

[cturner01]

When I test the following code it displays 1 on the next page not the username. Can someone please help me solve this problem? Thanks in advance.

This code is to login:

require "config.php";
$admin_username = $_POST['admin_username'];
$admin_password = $_POST['admin_password'];
if (isset($_POST['login'])) {
md5($admin_password);
$check = mysql_query ("SELECT COUNT(*) FROM tbl_admin WHERE admin_username='". mysql_real_escape_string($admin_username) . "' AND admin_password ='". mysql_real_escape_string($admin_password) . "'") or die ("Query did not work because: ".mysql_error());

$result = mysql_result ($check, 0, 0);

if ($result >= 1) {
	setcookie ("admin_username", $result['admin_username']);
	setcookie ("admin_password", $result['admin_password']);
	header('Location: products.php');
	exit;
} else {
    echo "Sorry, don't know who you are.";
}
}
mysql_close();

This is code on the next page:

session_start();
if (isset($_COOKIE['admin_username']) && ($_COOKIE['admin_password'])) {
	echo "You are logged in as: " . $_COOKIE['admin_username']."<br />";
	echo "<a href=logout.php>Logout</a>";
} else {
	echo "Welcome, <b>Guest</b>. Please login or <a href=registration_form.php>register</a>.<br />";
	echo "<form name=loginform method=post action=login.php><input type=text name=admin_username id=admin_username><input type=password name=admin_password id=admin_password><input name=login type=submit id=login value=LOGIN></form>";
}

 

[sleipnir214]

As a first piece of advice, I recommend that you not store this information in cookies because it's insecure. You're leaving information around that can be played with by users.

As a second piece of advice, I recommend that you set in php.ini [tt]display_errors[/tt] to "on" and [tt]error_reportin[/tt] to E_ALL. There are likely some warnings that would be helpful debugging this that you aren't seeing.



Your MySQL query (it begins "SELECT COUNT(*) FROM ") only fetches into its return recordset one field from the table, a count of matching records. But later you try to pull admin_name and admin_password from the recordset and set those values as cookies.

It seems in script 1 you'd want to change:

[tt] setcookie ("admin_username", $result['admin_username']);
setcookie ("admin_password", $result['admin_password']);[/tt]

for:

[tt]
$_SESSION['admin_username'] = $admin_username;
$_SESSION['admin_password'] = $admin_password;[/tt]


Then in your second script change all references to $_COOKIE['admin_username'] and $_COOKIE['admin_password'] to $_SESSION['admin_username'] and $_SESSION['admin_password'], respectively.



Want the best answers? Ask the best questions! TANSTAAFL!

 

[cturner01]

Thanks for your advice and help sleipnir214. I will use it but I would still like to know why my code is displaying 1 and not the username when I log in.

 

[sleipnir214]

Again, because you are trying to fetch from a query a username that is not returned by the query.

Take a look at what your SELECT query fetches. It is a single thing, a count. But you attempt to get from $result entities named "admin_username" and "admin_password" and store in cookies. Those values will not be in $result.



Want the best answers? Ask the best questions! TANSTAAFL!