Redirect loop on login script PHP

Question

I have a login system that whenever the user logs succesfully creates some cookies with his username password and some other variables that are put in the url for configuration of the session:

setcookie("username", $myusername); //Sets a cookie storing the username
setcookie("password", $mypassword); //Sets a cookie storing the encrypted value of the password
setcookie("typeOfUser",$type); //example variable

and the variables are passed through the URL:

header("location:http://www.example.com/logged.php?type=".$type);

inside the logged.php page I have a file called protect.php which checks whether the cookies exist and what kind of user is it.

if(isset($_COOKIE["username"])&&isset($_COOKIE["password"])){
    //check if this user's cookies exist on the DB
    $user = $_COOKIE["username"];
    $pass = $_COOKIE["password"];

    $sql="SELECT * FROM USERS WHERE Usr='".$user."' and Pass='".$pass."';";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);

    if($count==1){
        $type = $_COOKIE["type"];
        header("location:logged.php?type=".$type);
        exit();
    }
    else{
         header("location:http://www.example.com/login.php");
    }
}

so if the user just types www.example.com/logged.php he/she will get the variables associated with his user, but whenever I do this I get a redirect loop on the site. (It seems to me a little bit obvious that it redirects cause each time it goes to the header("location... it restarts and at the top it checks the protect.php... but I can't figure out a way to solve this).

Note logged.php just has at the top an:

include("protect.php");

Thanks in advance!

Answer 1

The reason that this script loops infinitely is based in the logic:

if($count==1){
    header("location:logged.php?type=".$type);
}
else{
     header("location:http://www.example.com/login.php");
}

Regardless of the value of $count at this point, your script will send a location header. In other words, the browser is receiving a redirect either way, whether $count is equal to 1 or not.

if(isset($_COOKIE["username"])&&isset($_COOKIE["password"])){

In combination with this line, your loop is defined. This evaluates to true if the user has these cookies defined, which happens when they are logging in for the first time, or have already logged in. If they are logged in, their username and password must be valid, and $count will end up as 1, because they are in the database.

In short, every time the user goes to logged.php after they are logged in, this script is run because they have the appropriate cookies and they are directed, again, to "logged.php?type=."$type" (over and over again) because they are a valid user and present in the database.

To fix this, you'll want to stop header("location:logged.php?type=".$type); from running every time protect.php is run. This is the essence of your problem. You can fix this however you like, but I would do it with sessions.

Check out this tutorial to learn how to implement sessions in your logins script.

You already have three cookies: username, password, and typeOfUser. The system you have works fine, but most authentication scripts use sessions, accessible like cookies ($_COOKIE['foo']), but with the $_SESSION variable instead. The advantage to using session is that the values you store in them are not available to anyone but scripts on your server/site, to view, or to edit. In general, the less information you expose to the user, the better. If you need clarification, check out this StackOverflow post or the basic examples on the PHP website.

One more thing to point out is in your script, if(isset($_COOKIE["username"])&&isset($_COOKIE["password"])){ has no else statement. If one or both of these cookies are not defined, no code will be executed, and what I am assuming is a protected page will be displayed publicly. You may want to add an else statement, something along the lines of:

else{
     header("location:http://www.example.com/login.php");
}

Hope you're able to make this functional and awesome!