YA: Check User Cookie For Login WC 20130620074829AAJvlEe

1. <?php
2. // Yahoo Ansers' Question: http://answers.yahoo.com/question/answer?qid=20130620074829AAJvlEe
3.  
4.  
5. // Variable to hold the message we want displayed.
6. $message = '';
7.  
8.  
9. // Check and see if the $_COOKIE['username'] exists
10. If(isset($_COOKIE['username'])) {
11.    
12.     // I'm assuming that the 'connect.php' file, automatically connects to your database.
13.     // So you should NOT include it untill you need it. If the user doesn't poccess the
14.     // the username cookie, then there is no need for the MySQL connection.
15.     // Also, with include(), if php doesn't find the file to include, it simply shows
16.     // an error message, but continues on anyways. In this case, it will cause some more
17.     // errors and the process of the site will break. By using require_once(), it forces
18.     // php to stop if it cannot locate the file. The '_once', part ensures that the file
19.     // is only included one, so if the file is already loaded, it won't load it again.
20.     // Not really needed here, but when you start nesting the includes, then it will be
21.     // a good thing.
22.     // Goto: http://www.php.net/manual/en/language.control-structures.php and look more
23.     // at the include, include_once, require and require_once differences. There is
24.     // definitely times to use each of them, knowing those differences is what will make
25.     // you better.
26.     require_once('connect.php');
27.    
28.    
29.     // You must always assume that all user input is a possible security threat and
30.     // you must treat it as so. The cookie is stored on the user's computer, where the
31.     // user has access to it. This means that we must protect it from SQL Injection
32.     // (Google it for more info).
33.     $username = mysql_real_escape_string( $_COOKIE['username'] );
34.    
35.     // Statement to determine if username is legit.
36.     // The { } are simply for readability and are optional. PHP Removes them when it
37.     // replaces the variable value.
38.     $sql = "SELECT user_id FROM users WHERE username='{$username}' LIMIT 1";
39.    
40.     $result = mysql_query($sql);
41.    
42.     // Check to make sure statement and query are good.
43.     if( !$result ){
44.         // Query mis-formed, Connection failed or an internal error with MySQL.
45.         // Display error, but you could easily change it to log the error and tell
46.         // the user a default error message.
47.         $message .= 'Internal Error: ' . mysql_error();
48.     }else if( mysql_num_rows($result) === 0){
49.         // The query was successful, but did not match any rows in the database.
50.         // In this case it means that the username is not in the database.
51.         // I would suggest a message stating that they need to login again.
52.         $message .= 'Welcome, Guest!<br />'; // As they do not have a valid username.
53.     }else{
54.         // Username Exists in database. Not sure if you want you want with the userid.
55.         // If you need this information on other pages, I would strongly suggest not
56.         // storing it in a COOKIE, but rather a SESSION ( http://php.net/manual/en/book.session.php
57.         // && http://www.tizag.com/phpT/phpsessions.php );
58.        
59.         $row = mysql_fetch_assoc($result);
60.         $user_id = $row['user_id'];
61.         // Option 2: $user_id = mysql_fetch_object($result)->user_id;
62.         // First one is probably more your style right now, just wanted to show you options.
63.        
64.         // Welcome Message.
65.         $message .= 'Welcome . ' . $username . '!<br /><br />';
66.         $message .= 'Your <a href="profile.php?id=' . $user_id . '">Profile Page</a> awaits.';
67.     }
68. } else {
69.     // Default message, if $_COOKIE['username'] not set.
70.     $message .= "Welcome, Guest! <br/>";
71. }
72.  
73. ?>
74. <html>
75.     <head>
76.         <title>Home</title>
77.         <style type="text/css">
78.             /***
79.                 Although there is nothing wrong with putting it all on one line; It does make it easier to read this way.
80.             ***/
81.            
82.             a:link {
83.                 color: blue;
84.                 text-decoration: none;
85.             }
86.             a:visited {
87.                 color: purple;
88.                 text-decoration: none;}
89.             a:hover {
90.                 color: black;
91.                 text-decoration: none;
92.             }
93.             h3 {
94.                 text-align: center;
95.             }
96.         </style>
97.     </head>
98.     <body>
99.         <!-- Note: center elements are deprecated. -->
100.         <h3>Home</h3>
101.         <hr />
102.         <br />
103.         <br />
104.         <?php echo $message; ?>
105.     </body>
106. </html>