Got that worked out.
The crypted password is stored as a variable, so I stored it in a cookie. I then included the login, logintype, and password to query the database. Since the password in the database is crypted, I didn't have to decrypt it. If the query returns null, the person is not logged in.
Changes to previous code:
reset_cookie.php
Code:
<?
// Set cookie with login name
$savelogin = "";
setcookie("LoginCookie", $savelogin, time()+3600*24*180, "/", $xcart_http_host);
$savelogintype = "";
setcookie("LoginTypeCookie", $savelogintype, time()+3600*24*180, "/", $xcart_http_host);
$saveloginpass = "";
setcookie("LoginPassCookie", $saveloginpass, time()+3600*24*180, "/", $xcart_http_host);
?>
set_cookie.php
Code:
<?
// Set cookie with login name
$savelogin = $user_data['login'];
setcookie("LoginCookie", $savelogin, time()+3600*24*180, "/", $xcart_http_host);
$savelogintype = C;
setcookie("LoginTypeCookie", $savelogintype, time()+3600*24*180, "/", $xcart_http_host);
$saveloginpass = $user_data['password'];
setcookie("LoginPassCookie", $saveloginpass, time()+3600*24*180, "/", $xcart_http_host);
?>
include/check_useraccount.php
Code:
$LoginCookie = $_COOKIE['LoginCookie'];
$LoginTypeCookie = $_COOKIE['LoginTypeCookie'];
$LoginPassCookie = $_COOKIE['LoginPassCookie'];
$user_data=func_query_first("select * from $sql_tbl[customers] where login='$LoginCookie' and usertype='$LoginTypeCookie' and status='Y' and password='$LoginPassCookie'");
if (!empty($user_data) && $LoginCookie != "" && $LoginTypeCookie == "C") {
$login = $LoginCookie;
$login_type = $LoginTypeCookie;
$logged = $login;
}