first of all your problem is that you don't wrap your loggedin
in apostrophes. the line should be look like this, to set the login cookie correctly
setcookie('loggedin', date("F jS - g:i a"), $seconds);
now to your script logic. don't use cookies to check if a user is flagged as loggedin
. i don't know any user/password combination and can bypass your script simple by setting manually a cookie with the name loggedIn
.
try to use sessions
to check if a user is loggedIn. session
data is stored server-side and can't manually edited by the client.
like this
// here connect to you db mysql_connect(...
// mysql_select_db(...
$user = mysql_real_escape_string( $_POST['user'] );
$pass = mysql_real_escape_string( $_POST['pass'] );
//query if user and pw is valid
$result = mysql_query("SELECT * FROM logindashboard.login WHERE user='".$user."' and pass='".$pass."'");
if( mysql_num_rows($result) == 1 ) {
$_SESSION['loggedIn'] = true;
header('Location: index2.php');
}
your index2.php
would look like this
<?php
session_start();
if( ! $_SESSION['loggedIn'] ) {
// not logged in redirect direct to login page
header('Location: loginPage.php');
}
this is much more safer then using cookies. as you see you don't need a meta tag to redirect users. use the php header
function to redirect directly users