Cookie Problems

[Blackstone]

Okay, I'm trying to create an administration panel for my site, which I've been longing to do for a while now but I just kept putting off. Now I've finally started working on it, and I can't get the cookies to work on the login page. I've looked over the code millions of times, and I can't find anything wrong, a reason why it shouldn't be working, so I decided I would get some extra help and see if someone else could find something I missed.

The code:

Code:

<?php
/*
   This page processes the log in form the information entered into the log in form. If the information matches a row in the database,
   then it will log in a redirect to the index page. Otherwise, it will show an error.
*/

//Include the databse information so we can access the database.
include&#40;'database.php'&#41;;

//Store the information given in the form into easier-to-type variables.
$Username = $_REQUEST['username'&#93;;
$Password = $_REQUEST['password'&#93;;
$Length = $_REQUEST['length'&#93;;

//Search for the user in the database.
$Query = "SELECT * FROM `xxxxxx` WHERE `username` = '$Username' AND `password` = '$Password' LIMIT 1";
$Result = mysql_query&#40;$Query&#41; or die&#40;'Failed to execute query&#58; $Query. '.mysql_error&#40;&#41;&#41;;

if&#40;mysql_fetch_array&#40;$Result&#41;&#41; &#123;
   //We have a successful match! Grab some information about the user and then stick some cookies into the Temp files. ^^
   while&#40;$info = mysql_fetch_array&#40;$Result&#41;&#41; &#123;
      $UserID = $info['ID'&#93;;
  $Name = $info['name'&#93;;
   &#125;
   
   //COOKIES! I wanna cookie!
   setcookie&#40;'ValeniaAdmin_UserID', $UserID, time&#40;&#41;+3600*24*30, '/'&#41;;
   setcookie&#40;'ValeniaAdmin_User', $Username, time&#40;&#41;+3600*24*30, '/'&#41;;
   setcookie&#40;'ValeniaAdmin_Name', $Name, time&#40;&#41;+3600*24*30, '/'&#41;;
   setcookie&#40;'ValeniaAdmin_Logged', true, time&#40;&#41;+3600*24*30, '/'&#41;;
   
   //Redirect to the index page.
   header&#40;'Location&#58; http&#58;//xxxxxxxx/success/'&#41;;
&#125; else &#123;
   //Otherwise, since the log in was unsuccessful, we redirect to an error stating the problem.
   header&#40;'Location&#58; http&#58;//xxxxxxxx/loginerror/'&#41;;
&#125;

?>

I filtered some stuff for secrecy, so that's why you see random 'x's.

The strange thing with this is, the header redirect (the first one redirecting to the success page) works whenever I try to log in, but I keep on checking my cookies and I never see anything from this location.

Also, if you find anything that I could improve that isn't just about the cookies, I'd appreciate it if you told me. ^^ Thanks!

[Blackstone]

Oy... I think I've lowered the problem down to something with my time functions. So... yeah, any help on that is still appreciated, as well as any suggestions with making the log-in more secure.

[Vangs]

I doubt this will make much of a difference, but try setting the cookies with double quotes instead of single quotes. Also to make the script more secure, you'll need to set a cookie with your password hash in it. Then on every page in the admin section check the username and password in the cookies matches those in the database, and deny access if they don't. With your current setup it seems anyone can create a false cookie and get access.

[Blackstone]

Okay, thanks. I shall try both of those suggestions. ^^