Home/ Questions/Q 7942517
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T23:59:44+00:00

Excuse the poor title… I’m trying to write a basic form for a login

  • 0

Excuse the poor title…

I’m trying to write a basic form for a login script. The user enters a username and password and presses “login”. The action assigned to the form is just to refresh the same page. The page has code that checks for the username and password in $_POST and if they are there, checks credentials, creates a session ID and sets a cookie. If the login succeeds, the login section of the page should no longer be displayed.

The problem I’m having is that after I hit login, it seems like the cookie doesn’t get written fast enough or something, because the subsequent read from that cookie fails. If I manually refresh my page immediately however, it has in fact successfully logged in.

// Login function, MD5 hashing would be replaced with something better
// if this were something mission critical, but as it stands I'm only
// using this as a learning tool
function login($username, $password) 
{

    $username = addslashes($username);
    $password = md5($password);
    $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

    if(mysql_num_rows($query) == 1) 
    {
        $info = mysql_fetch_array($query);
        $userid = $info[uid];
        $sessionid = md5($userid . time());
        $time = time();
        setcookie ("testcookie", $sessionid, $time+3600, '/', '');
        mysql_query("DELETE FROM sessions WHERE uid='$userid'");
        mysql_query("INSERT INTO sessions (sessionid,uid,timestamp) VALUES('$sessionid','$userid','$time')");
        return $userid;
    } 
    else 
    {
        return 0;
    }
}







// Check the cookie and return the userid

function status() 
    {

        $sessionid = $_COOKIE[nojunkcontest];
        $oldtime = time() - 3600;
        $query = mysql_query("SELECT * FROM sessions WHERE sessionid='$sessionid' AND timestamp>$oldtime");


        if(mysql_num_rows($query) == 1) 
        {
            $info = mysql_fetch_array($query);
            return $info[uid];
        }

        return 0;
    }





// Check whether to attempt login, get userid either way

if($_POST[username] !='' || $_POST[password] != '') 
{
    $login_status = login($_POST[username], $_POST[password]);
} 

else if($_GET[logout]) 
{
    logout();
}

unset($userid); 
$userid = status();





// This is in the body of the document...

<?php
if($userid > 0) 
{ 
echo "Logged in  (<a href='?logout=1'>Logout</a>)"; 
} 

else 
{

if($login_status != '' && $login_status == 0) 
{ 
    echo "Invalid username/password combo.<br>"; 
}

?>

<form action = 'index.php' method ='post'>
<table border = '0' cellspacing = '5'>
<tr>
    <td>Username</td>
    <td><input type = 'text' name = 'username'></td>

    <td>Password</td>
    <td><input type = 'password' name = 'password'></td>

    <td><input type = 'submit' name = 'submit' value = 'Login'></td>
</tr>
</table>
</form>

As you can see, the form action is “index.php” which is the same page where all this code resides, so it just performs a refresh. The status() function returns 0 on this refresh though, but if I refresh manually afterwards, it succeeds, which leads me to believe it’s the $_COOKIE call that is failing. The login() function which I didn’t include writes the cookie that status() reads from. So everything is working in that department, it’s just this annoying refresh thing I can’t figure out.

Any help would be appreciated, thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As you stated that you are just experimenting and it doesn’t have to be secure:

    The problem with your cookie is that a cookie is set after execution and delivery to the user is done. This is why you cannot read the cookie a few lines after you set it in the same script.

    But as others in the comments already suggested, never use a cookie for this, use sessions.

    • 0