Hi guys!

I have now tried to take some of your hints into consideration, by
encrypting the password with md5 adding a salt.
As some of you pointed out, this code is the work of a newbie, that is
totally correct, so please bear with me ;)

I have tried to implement a cookie to remember the login for 48 hours, but
it still logs the user out after the default 24min for a session like this:

*              //We compare the submited password and the real one, and we
check if the user exists*
*                if($dn['password']==$password and mysql_num_rows($req)>0)*
*                {*
*                        *
*                        //If the password is ok, we set the $loginok var to
true*
*                        $loginok = true;*
*                        //If the password is good, we dont show the form*
*                        $form = false;*
*                        *
*                }*
*                                  if ($loginok = true)*
*                                  {*
*                                          if ($remember=="on")
                          *
*                                            setcookie("username",
$username, time()+7200*24);*
*                                          elseif ($remember=="")

*
*                   //We save the user name in the session username and the
user Id in the session userid*
*                                         $_SESSION('username')=$username; *
*                                               $_SESSION['userid'] =
$dn['id'];*
*                                               $_SESSION['usr_level'] =
$dn['usr_level'];*
*
*
*.*
*.*
*.*
*.*
*.*
*.*
*}*


Another problem I am now facing, is to check whether to user is logged in,
and if it is the user should be redirected from the index-page(with the
login-form) to its user area based on the user level(newbie, advanced or
admin).
For now I have written a function, in the config.php.

*function loggedin()*
*{*
* if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))*
* {*
* $loggedin = true;*
* return $loggedin;*
* }*
*}*




I have both tried to include the config.php into the index-page(login-form)
and into the connexions.php script (where cookie is implemented). Along with
this code:


*<?php*
*
*
*if (loggedin==true)*
*{*
*                     if($usr_level == admin)*
*                        {*
*                          ?>*
*<div class="message">You have successfuly been logged in. You can now
access the admin area.<br />*
*<?php header("Location: index_admin.php"); ?></div>*
*<?php*
*                        }*
*                 if($usr_level == newbie)*
*                        {*
*                        ?>*
*<div class="message">You have successfuly been logged in. You can now
access to the newbie area.<br />*
*<?php header("Location: index_newbe.php"); ?></div>*
*<?php*
*                        }*
*                 if($usr_level == advanced)*
*                        {*
*                        ?>*
 *<div class="message">You have successfuly been logged in. You can now
access the advanced area.<br />*
*<?php header("Location: index_advanced.php"); ?></div>*
*<?php*
*                        }*
* *
*}*
*
*
*?> *
*
*
This does not redirect an alredy logged in user to its user area...

I know this is messy, but if some of you can spot some improvements that
hopfully can fix my cookie and redirect problem, please let me know.

Tanks a lot!

Reply via email to