0

I am trying to integrate a simple login for my site with php. i found a script here http://www.phpfreecode.com/php-Login-system.htm got everything set up but this php code is cause the page not to load at all

<?php
 if (isset($_COOKIE['user'])) {
 echo "You are logged in: $_COOKIE['user'] Enjoy.";
 } else{ 
 echo "You are not logged in. <a href='register.php'>Register here</a>";
 ?>

I get a server error "The website encountered an error while retrieving (my website) It may be down for maintenance or configured incorrectly" i have php configured on my server, i know this because i have other php files that work on the website. what am i doing wrong? also if someone knows of a better login system im open for suggestions. Thank you.

Improve this question
6
  • 1
    This code is fine, it must be something else Commented Jun 15, 2012 at 3:17
  • Look at the server's error log and see what the real problem is. Commented Jun 15, 2012 at 3:18
  • 1
    That code is vulnerable to sql injection, dont use it Commented Jun 15, 2012 at 3:19
  • @MarcB how do i check that i am running ubuntu server with apache2 Commented Jun 15, 2012 at 3:25
  • look at the httpd.conf stuff and see where the error logs are stored, then go dig around those files. Commented Jun 15, 2012 at 3:25

1 Answer 1

Reset to default
1

The error with this piece of code you have suppled, is the $_COOKIE array not being seperated by curly brackets or broken out of the string.

<?php
if (isset($_COOKIE['user'])) {
    echo "You are logged in: {$_COOKIE['user']} Enjoy.";
} else{
    echo "You are not logged in. <a href='register.php'>Register here</a>";
}
?>

or better yet:

<?php
if (isset($_COOKIE['user'])) {
    echo "You are logged in: ".htmlentities($_COOKIE['user'])." Enjoy.";
} else{
    echo "You are not logged in. <a href='register.php'>Register here</a>";
}
?>

Also that script is vulnerable to sql injection username: whatever' OR 'X'='X & is using the soon tobe deprecated mysql_* functions.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

You forgot the "i" in .htmlentites - should read .htmlentities. Tried an edit but gave me an error of minimum characters. Should he want to copy/paste your code, he'll get an error.
that did the trick thank you so much too bad now im worried about the security issue side of things.. guess ill have to do some more research to find a more secure way to login
The actual script can be fixed just change the sql functions used to PDO of mysqli_* and use prepared query's.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.