Checked box Remember me HELP

[siabanie]

Hi guys,

 

I wonder if any if you could help me: I have created a login page with "remember me" function... The page will redirect either to Admin Page or User Page depends their 'level'.

 

But when I logged in as Admin and checked the box "remember me" and close all the browser to see IF the "remember me" work.

 

When I open a new browser - and go to the index page - it is okay, I can view the page.... but it redirect me to the USER page NOT Admin page.

 

Does anyone know why this happens?

[cssfreakie]

I think that really depends on that function of yours. If it uses sessions, the session is destroyed when you close your window. IF you use cookies it depends on the cookie settings and perhaps even on your browser settings too. My browser just removes everything when I close the browser (temp files cookies history etc) I did that on purpose. maybe show your function, so  people that really know what is going on can have a look. I am more a css guy but this is my guess

[PFMaBiSmAd]

Does anyone know why this happens?

 

Yes, you have an error in your program logic.

 

If you want specific help with what your code is doing, you would need to post enough of your code that demonstrates and duplicates the problem so that someone could tell you what is wrong with your code.

[siabanie]

Thanks for the reply; here is the codes.

 

Thanks..

 

login.php

<?php
    session_start();
    require 'includes/connection.php';
     require 'includes/autologin.php';
    
    $error_msg = "";
    if (!empty($_POST)) {
    
    
    if(!empty($_POST['username']) && (!empty($_POST['password']))){
    
        $_POST['password'] = md5($_POST['password']);

        $query = "SELECT `username`, `admin` FROM `users` WHERE `username` = '".$_POST['username']."' AND `password` = '".
        $_POST['password']."'";
        
    
        $result = mysql_query($query);
        
        $num_rows = mysql_num_rows($result);
        
     if ($num_rows == 1) {
		$row = mysql_fetch_array($result);

		session_start();
		$_SESSION['username'] = $_POST['username'];
		$_SESSION['authuser'] =0;

		if ( isset($_POST['rememberme']) && $_POST['rememberme'] == "on" ) {
			setcookie ($cookie_name, 'usr=' . $_POST['username'] .
									 '&hash='.$_POST['password'], time() + $cookie_time);
		}

		if ( $row['admin'] == 1 ) {
			$_SESSION['authuser'] =1;
		}

		header ("Location: indexlist.php");
		exit();
        } else {
            $error_msg = "Invalid username/password combination!";
        }
        
    }
    else {
        $error_msg = "Please enter your username and password to view this page!";
    }
}
?> 
<!--HTML CODE WHERE THE FORM ARE-->

 

 

 

autologin.php

<?php
if(isset($cookie_name))
{
// Check if the cookie exists
if(isset($_COOKIE[$cookie_name]))
{
	parse_str($_COOKIE[$cookie_name]);

	// The code here should look familiar.
	$query = "SELECT `username`, `admin` FROM `users` WHERE `username` = '". $usr ."' AND `password` = '". $hash . "'";

	// Send a MySQL query
	$result = mysql_query($query);

	//Get number of rows in result
	$num_rows = mysql_num_rows($result);

	if ($num_rows == 1) {
		$row = mysql_fetch_array($result);
		$_SESSION['authuser'] =0;

		// Register the session
		$_SESSION['username'] = $row['username'];

		if ( $row['admin'] == 1 ) {
			$_SESSION['authuser'] =1;
		}

		header ("Location: indexlist.php");
		exit;
	}
}
}
?>

 

logout.php

<?php
session_start();
session_destroy();

$cookie_name = 'siteAuth';
$cookie_time = (3600 * 24 * 30); // 30 days

if(isset($_COOKIE[$cookie_name]))
{
	// remove 'siteAuth' cookie
	setcookie ($cookie_name, '', time() - $cookie_time);
}

header("Location: login.php");
?>