Hi,

i am creating a login script for my site and was hoping someone would be nice enough to have a look at my script and check i am not missing an important security hole. Basically is it safe once i have checked the cookie variables against the DB to set a session variable that is used while they are logged in, rather than having to query the DB each page load.


here is the code that does the checking to see if a cookie is already remembering the password to use to check against the DB.

hope this makes sense, any help/suggestions much appreciated

PHP Code:

<?php
//Let's check if there is a cookie set with password
if(isset($_COOKIE['username']) && isset($_COOKIE['password']) ){
    
    
//Check if there is a session set so we don't need to check the database otherwise do a database check
    
if($_SESSION['logged'] !== 'user' || $_SESSION['logged'] !== 'member' || $_SESSION['logged'] !== 'admin'){

        
        
//lets get the variables
        
$username mysql_real_escape_string($_COOKIE['username']);
        
$password mysql_real_escape_string($_COOKIE['password']);
        
        
//lets do a query on the database now we know they are wanting to login
        
$query_login mysql_query("SELECT * FROM users WHERE username = '$username' and password = '$password'")or die(mysql_error()); 
        
//get the results for the login
        
$row_login mysql_fetch_array($query_login);
        
        
$total_login mysql_num_rows($query_login);
        if(
$total_login == 0){
                
//it failed so we set an error message
        
$_SESSION['unwelcome'] = 'username and/or password not recognised';
        
$_SESSION['welcome'] = '<a href="login.php">Login</a>';    
    }
    else{
        
//it worked and we have a match so set a welcome message
                
$_SESSION['welcome'] = '<H4>Welcome '.$row_login['username'].' - <a href="logout.php">log out</a></h4>';
        
$_SESSION['unwelcome'] = '';    
        
//ok so they are good lets set a session variable to allow certain bits to be visible
        //options user,member,admin
        
$_SESSION['logged'] = $row_login['type'];
    }


        
    }
}
else {
//no cookie was found so we just ask them to log in
$_SESSION['welcome'] = '<H4><a href="login.php">Login</a></h4>';
}

?>


then on my pages i just have something simple like

PHP Code:

<?php echo $_SESSION['welcome'].' '.$_SESSION['unwelcome'];?>
<h1>hello page</h1>
<?php if($_SESSION['logged'] == 'user'){ ?>
<p>some text only registered people see</p>
<?php ;}
elseif(
$_SESSION['logged'] == 'admin'){ echo 'lets do some admin';}
else{
?>
<p>Log in to see extra stuff</p>
<?php }?>