Hello, I am new to programming. All evening I can not solve the problem. In the login.php file there is the following code (it works on entry, it works with the table: username, password, login):

<?php error_reporting(E_ALL & ~E_DEPRECATED); $connect=mysql_connect('localhost', 'root', '') or die (mysql_error()); mysql_select_db('rash'); if (isset($_POST['enter'])) { $e_login=$_POST['e_login']; $e_password=$_POST['e_password']; $query=mysql_query("SELECT * FROM WIreg WHERE login='$e_login'"); $user_data=mysql_fetch_array($query); if ($user_data['password']==$e_password) { $re=mysql_query("SELECT * FROM WIreg WHERE 'login'='$user'"); $name=mysql_fetch_array($re); setcookie('cookie_name', $name['username']); $_SESSION['cookie_name'] = $name['username']; header("location: user/auth.html"); } else { echo "wrong password or login"; } } ?>

Displays the entire auth.html page except the name username. Further in the auth.html file (located in the user directory) there is the following code:

 <? session_start(); echo $_SESSION['cookie_name']; ?>

Question: why the username is not displayed?

  • In the html file you can not insert the php code ....... only in php and in phtml. By the way, which may not work due to short tags (meaning opening the code not through <?php , but through <? ) - Alexey Shimansky
  • @ Alexey Shimansky as a whole can be configured on the server, why can't it be immediately? - teran
  • @teran I wrote that it may not work because of this (for the vehicle, as a beginner, may not know this). Where I wrote that it is impossible? I do not forbid anything. - Alexey Shimansky
  • @ Alexey Shimansky I mean php code in html file :) - teran
  • @teran aah. nobody does it anyway. except that selected perverts) - Alexey Shimansky

1 answer 1

After checking the password you make a second request:

 $re=mysql_query("SELECT * FROM WIreg WHERE 'login'='$user'");

But the $ user variable is not previously defined for you, therefore, this query produces an empty result, respectively, and then the cookies are determined empty.

Given that you have previously received the data you need from the database (they are in the $ user_data variable), I suggest rewriting the last if if so:

 if ($user_data['password']==$e_password) { setcookie('cookie_name', $user_data['username']); $_SESSION['cookie_name'] = $user_data['username']; header("location: user/auth.html"); } else { echo "wrong password or login"; }

But in general, storing passwords explicitly is wrong.