Login with cookies

My forum gives a fault. When some users are working on a network sometimes
when the log in... they logged in as the other user. Now i want to fix this.
And I want to change this login-script in a loginscript with ONLY using
cookies...
I tried sometimes... but it wasn't good... :-(

Can anyone help me please?


Login.php
++++++++++++++++++
<?php
include "nav.php";
echo "<br><br>";

if (isset ($submit)) {
$login_nick = $HTTP_POST_VARS["login_nick"] or $login_nick="error";
$login_password = $HTTP_POST_VARS["login_password"];

$query = "SELECT id,password FROM users WHERE nick='$login_nick'";
$exec = mysql_query($query);
$result = mysql_fetch_array($exec);
$users_nick = mysql_num_rows ($exec);
$users_id = $result["id"];
$users_password = $result["password"];

if ($users_nick == 0) {
$login_nick_error = 1;
$login_password_error = 1;
}

else {
$login_nick_error = 0;
$smart_login_nick = $login_nick;

if ($login_password != $users_password) {
$login_password_error = 1;
}

else {
$login_password_error = 0;
$smart_login_password = $login_password;
}
}

if ($login_nick_error == 0 AND $login_password_error == 0) {
$query = "UPDATE users SET ip='' WHERE ip='$myip'";
$exec = mysql_query ($query);

$query = "UPDATE users SET ip='$myip' WHERE nick='$login_nick'";
$exec = mysql_query ($query);

$bancheck_query = "SELECT user FROM banned WHERE user=$users_id";
$bancheck_exec = mysql_query ($bancheck_query);
$bancheck = mysql_num_rows ($bancheck_exec);

if ($bancheck == 1) {
$ban_query = "UPDATE banned SET ip='$myip' WHERE user=$users_id";
$ban_exec = mysql_query ($ban_query);
}

echo '<script>location.href="index.php"</script>';
}
}

echo "<center>";
echo "<table width=750 bgcolor=$mycolor2 style='border-style: solid;
border-width: 1; border-color: $mycolor3;'>";
echo "<tr><td witdh=210></td>";
echo "<td colspan=2><b>Inloggen</b><hr noshades color=$mycolor4
size=1><br><br></td>";
echo "<td witdh=210></td></tr>";

echo "<form method=post action=login.php>";

if (isset ($login_nick_error)) {
if ($login_nick_error == 0) {
echo "<tr><td witdh=210></td>";
echo "<td width=75><b>Gebruikersnaam</b></td><td width=125><input
name=login_nick type=text value=$smart_login_nick size=15 maxlength=50
style='border-color: #000000; border-width: 1;'></td>";
echo "</tr>";
}

if ($login_nick_error == 1) {
echo "<tr><td witdh=210></td>";
echo "<td width=75><b>Gebruikersnaam</b></td><td width=125><input
name=login_nick type=text size=15 maxlength=50 style='border-color: #000000;
border-width: 1;'></td>";
echo "</tr>";
}
}
else {
echo "<tr><td witdh=210></td>";
echo "<td width=75><b>Gebruikersnaam</b></td><td width=125><input
name=login_nick type=text size=15 maxlength=50 style='border-color: #000000;
border-width: 1;'></td>";
echo "</tr>";
}


if (isset ($login_password_error)) {
if ($login_password_error == 0) {
echo "<tr><td witdh=210></td>";
echo "<td><b>Wachtwoord</b></td><td><input name=login_password
type=password value=$smart_login_password size=15 maxlength=50
style='border-color: #000000; border-width: 1;'></td>";
echo "</tr>";
}

if ($login_password_error == 1) {
echo "<tr><td witdh=210></td>";
echo "<td><b>Wachtwoord</b></td><td><input name=login_password
type=password size=15 maxlength=50 style='border-color: #000000;
border-width: 1;'></td>";
echo "</tr>";
}
}

else {
echo "<tr><td witdh=210></td>";
echo "<td><b>Wachtwoord</b></td><td><input name=login_password
type=password size=15 maxlength=50 style='border-color: #000000;
border-width: 1;'></td>";
echo "</tr>";
}

echo "<tr>";
echo "<td></td><td></td>";
echo "<td><input name=submit type=submit value=Inloggen style='border-color:
#000000; border-width: 1;'></td>";
echo "</tr>";
echo "</form>";
echo "</table><BR><BR><a href=forgot.php><font face=$myfont color=$mycolor3
size=2>Wachtwoord vergeten?</font></a>";
echo "</center>";
?>

Why not working with sessions ?


"Arjan" <c> schrieb im Newsbeitrag
news:3fd47d8f$0$4672$1b62eedf@news.euronet.nl...
> My forum gives a fault. When some users are working on a network sometimes
> when the log in... they logged in as the other user. Now i want to fix
this.
> And I want to change this login-script in a loginscript with ONLY using
> cookies...
> I tried sometimes... but it wasn't good... :-(
>
> Can anyone help me please?
>
>
> Login.php
> ++++++++++++++++++
> <?php
> include "nav.php";
> echo "<br><br>";
>
> if (isset ($submit)) {
> $login_nick = $HTTP_POST_VARS["login_nick"] or $login_nick="error";
> $login_password = $HTTP_POST_VARS["login_password"];
>
> $query = "SELECT id,password FROM users WHERE nick='$login_nick'";
> $exec = mysql_query($query);
> $result = mysql_fetch_array($exec);
> $users_nick = mysql_num_rows ($exec);
> $users_id = $result["id"];
> $users_password = $result["password"];
>
> if ($users_nick == 0) {
> $login_nick_error = 1;
> $login_password_error = 1;
> }
>
> else {
> $login_nick_error = 0;
> $smart_login_nick = $login_nick;
>
> if ($login_password != $users_password) {
> $login_password_error = 1;
> }
>
> else {
> $login_password_error = 0;
> $smart_login_password = $login_password;
> }
> }
>
> if ($login_nick_error == 0 AND $login_password_error == 0) {
> $query = "UPDATE users SET ip='' WHERE ip='$myip'";
> $exec = mysql_query ($query);
>
> $query = "UPDATE users SET ip='$myip' WHERE nick='$login_nick'";
> $exec = mysql_query ($query);
>
> $bancheck_query = "SELECT user FROM banned WHERE user=$users_id";
> $bancheck_exec = mysql_query ($bancheck_query);
> $bancheck = mysql_num_rows ($bancheck_exec);
>
> if ($bancheck == 1) {
> $ban_query = "UPDATE banned SET ip='$myip' WHERE user=$users_id";
> $ban_exec = mysql_query ($ban_query);
> }
>
> echo '<script>location.href="index.php"</script>';
> }
> }
>
> echo "<center>";
> echo "<table width=750 bgcolor=$mycolor2 style='border-style: solid;
> border-width: 1; border-color: $mycolor3;'>";
> echo "<tr><td witdh=210></td>";
> echo "<td colspan=2><b>Inloggen</b><hr noshades color=$mycolor4
> size=1><br><br></td>";
> echo "<td witdh=210></td></tr>";
>
> echo "<form method=post action=login.php>";
>
> if (isset ($login_nick_error)) {
> if ($login_nick_error == 0) {
> echo "<tr><td witdh=210></td>";
> echo "<td width=75><b>Gebruikersnaam</b></td><td width=125><input
> name=login_nick type=text value=$smart_login_nick size=15 maxlength=50
> style='border-color: #000000; border-width: 1;'></td>";
> echo "</tr>";
> }
>
> if ($login_nick_error == 1) {
> echo "<tr><td witdh=210></td>";
> echo "<td width=75><b>Gebruikersnaam</b></td><td width=125><input
> name=login_nick type=text size=15 maxlength=50 style='border-color:
#000000;
> border-width: 1;'></td>";
> echo "</tr>";
> }
> }
> else {
> echo "<tr><td witdh=210></td>";
> echo "<td width=75><b>Gebruikersnaam</b></td><td width=125><input
> name=login_nick type=text size=15 maxlength=50 style='border-color:
#000000;
> border-width: 1;'></td>";
> echo "</tr>";
> }
>
>
> if (isset ($login_password_error)) {
> if ($login_password_error == 0) {
> echo "<tr><td witdh=210></td>";
> echo "<td><b>Wachtwoord</b></td><td><input name=login_password
> type=password value=$smart_login_password size=15 maxlength=50
> style='border-color: #000000; border-width: 1;'></td>";
> echo "</tr>";
> }
>
> if ($login_password_error == 1) {
> echo "<tr><td witdh=210></td>";
> echo "<td><b>Wachtwoord</b></td><td><input name=login_password
> type=password size=15 maxlength=50 style='border-color: #000000;
> border-width: 1;'></td>";
> echo "</tr>";
> }
> }
>
> else {
> echo "<tr><td witdh=210></td>";
> echo "<td><b>Wachtwoord</b></td><td><input name=login_password
> type=password size=15 maxlength=50 style='border-color: #000000;
> border-width: 1;'></td>";
> echo "</tr>";
> }
>
> echo "<tr>";
> echo "<td></td><td></td>";
> echo "<td><input name=submit type=submit value=Inloggen
style='border-color:
> #000000; border-width: 1;'></td>";
> echo "</tr>";
> echo "</form>";
> echo "</table><BR><BR><a href=forgot.php><font face=$myfont
color=$mycolor3
> size=2>Wachtwoord vergeten?</font></a>";
> echo "</center>";
> ?>
>
>
>

> Please snip when posting and quote correctly:

hope this is right for you ;)

> OTOH, I agree, sessions are good, but not much use if you want to use a
> "keep me logged in" system which is often found on forums =)

an here you are right again....nothing else to say about =)

Greetings

Lars