How to do a q&a validation in php with cookies

Question

I would like create a script that is somewhat like a login. Before going to a certain page, they must answer a question correctly. If they get it right, then they proceed to the page. For example "What's your mom's name?" If the mom's name is Laurie, then they must enter this into a textbox and get it right to proceed.

Update
I used the script that oliver moran gave me to accomplish this. I added more questions so there is currently one question per page. After the final question has been answered, I have the page targeted to a place where they login, because I couldn't figure out how to do this simply based on the answer of the question. And I am fine with having the user login as a separate function. I have gotten the form to get them to login, and not let users that aren't logged in get to these pages. And the script works as long as they have kept the browser window open.

I have used the link that Oliver Moran gave on using sessions, and you can see in my code that I use sessions. But this does not solve the problem of keeping them logged in.

I would now like to know how to set a cookie once the user has logged in so they can leave the browser window and come back and still be logged in. I have searched this site for an answer, and couldn't find one that made sense. Here is my login code

<?php

session_start();

$username=$_POST['username'];
$password=$_POST['password'];

if ($username&&$password) {
$connect = mysql_connect("127.0.0.1","root","") or die('Couldn\'t Connect to Database');
mysql_select_db ("login") or die('Couldn\'t find database');
$query = mysql_query("SELECT * FROM members WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows !=0) {
    while($rows = mysql_fetch_assoc($query)){
        $dbusername = $rows['username'];
        $dbpassword = $rows['password'];
    }
    if ($username==$dbusername&&$password==$dbpassword) {
        echo "Login Successful. <a href='home.php'>Click here for the members area</a>";
        $_SESSION['username'] = $dbusername;
    }
    else{
        echo "Incorrect Password";
    }
}
else{
    die("Incorrect Username and Password");
}
}
else{
die("Please enter something in the boxes");
}
?>

Oliver Moran · Accepted Answer · 2012-12-27T19:42:12.163

Typically, a server-side language is used for this kind of thing. This is because, if you do password checking in JavaScript, anybody can see the correct password (since all the code is available by looking at the page's source code).

In order to do it securely, you'll need to submit the answer to a server and use a server-side language to check the answer. The server-side script then decides what response to give back to the user.

PHP is a very popular language for server side scripting. Here's the basics:

First we need a log in page (login.html) that has a HTML form in it, like this:

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"/>
    <title>Login</title>
</head>

<body>

    <form action="script.php" method="post">
        <label>Enter your mom's name: <input type="text" name="mom" /></label>
        <input type="submit" value="Submit" />
    </form>

</body>

</html>

The important part here is the form. When the form is submitted, the data is sent to a PHP script called script.php.

That script looks like this:

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"/>
    <title>Check login</title>
</head>

<body>

    <?php

    $mom = $_REQUEST['mom'];
    $correct_answer = "Barbie";

    if (!isset($mom) || $mom != $correct_answer) {
        // nothing was submited or the name was incorrect
        echo '<p>That\'s the wrong answer. <a href="login.html">Try again.</a></p>';
    } else {
        echo '<p>Welcome! That\'s the right answer.</p>';
    }

    ?>

</body>

</html>

This is a fairly simple script. It checks what was submitted for 'mom'. If nothing was submitted or it was the wrong answer then a 'try again' message is shown. Otherwise, a 'welcome' message is shown.

The PHP logic (and so the correct answer) will not be visible in a web browser. Only the 'try again' or 'welcome' message will be sent down from the server.

This is the basics of working with HTML forms on the server side. I suggest you read up on using PHP. It's an easy and fun language (if inelegant, in my opinion). You can learn the basics here:

http://www.w3schools.com/php/default.asp

To test your code, you will need a web server. You can download and install a fully-fledged web server with PHP and MySQL (a database) from here:

http://www.wampserver.com/en/

With that, you can develop at test server-side code on your own machine. To test the above example, copy the code above into two files, called login.html and script.php, and put them into the www directory of WAMP.

Good luck!

@CodyGuldner - depends what the question is. If it makes sense as a question by itself then just ask a new question. You can message me, if you want me to reply to it. — Oliver Moran, Dec 27 '12 at 21:54
I need to somehow add a cookie to the server so that the webpage can only be accessed after the questions have been answered. Do you have a link to somewhere that we could chat? — Cody Guldner, Dec 27 '12 at 23:46
You can track that sort of stuff with "sessions" in PHP. See here: http://www.w3schools.com/php/php_sessions.asp When your user logs in, set `$_SESSION['loggedin']=1`. If ever `if (!isset($_SESSION['loggedin']) {...}` then they your user did not log in. Check out this question, which is about doing what you want to do: http://stackoverflow.com/questions/10097887/using-sessions-session-variables-in-a-php-login-script — Oliver Moran, Dec 28 '12 at 00:05
I'm really new at php, and all i see is how to do login forms. But i want it to remember if I have answered the questions correctly and let me into the webpage. So it is somewhat like a login. But different. — Cody Guldner, Dec 28 '12 at 00:22
It's exactly the same, just simpler. A login form has two element: a user name and a password. Your form has only one element: a name. — Oliver Moran, Dec 30 '12 at 16:41
@OliverMoran Thank you for this script. It was a good starting point for my PHP journey — Cody Guldner, Mar 19 '13 at 20:26

score 0 · Answer 2 · answered Mar 19 '13 at 20:25

This is what I managed to come up with. At the top of the page, insert this code before the <!DOCTYPE html>

<?php
//Check for existance of cookie from right answer
  if(isset($_COOKIE['parents'])){
    header("Location:q1.html");//Move on to next question
  }
//Checks answer
  if(array_key_exists("dad", $_POST) && array_key_exists('mom', $_POST)){
    $dad = $_POST["dad"];
    $mom = $_POST["mom"];
    $dcorrect = array("Dad", "dad");
    $mcorrect = array("Mom", "mom");
    if(in_array($dad, $dcorrect) && in_array($mom, $mcorrect)){
        setcookie('parents', '1' ,time()+60*60*24);
        header("Location: index.html");
    }else{
        $wrong="<div class='error'>Wrong answer</div>";
    }
}
?>

With this HTML

<form action="index.html" method="post">
  <label>Enter your father's name:</label>
  <input required autocomplete="off" type="text" name="dad" placeholder="Bill">
  <label>Enter your mother's name:</label>
  <input required autocomplete="off" type="text" name="mom" placeholder="Billette">
  <input type="submit" value="Press me when you think you are right" />
  <?php echo $wrong; ?>

</form>

How to do a q&a validation in php with cookies

2 Answers2