cookies won't bake :(
Moderator: General Moderators
cookies won't bake :(
I decided to remove this post as it potentially revealed coding i don't want in the public arena
Last edited by Auselan on Tue Dec 11, 2012 2:55 pm, edited 1 time in total.
-
cpetercarter
- Forum Contributor
- Posts: 474
- Joined: Sat Jul 25, 2009 2:00 am
Re: cookies won't bake :(
setcookie() sends the cookie with the headers, and will therefore fail if you have already output something to the browser. Have you sent any output before 'setcookie()' in your second script? (Even a single white space before <?php at the beginning of the script will send headers and cause a subsequent setcookie() to fail!).
Re: cookies won't bake :(
Turn on error reporting and you'll probably find out.
Re: cookies won't bake :(
I don't think it's this - I've checked over and over and there shouldn't be any output before that - the start of the script is line 1Have you sent any output before 'setcookie()' in your second script?
I think this is already on..? php.ini:Turn on error reporting
Code: Select all
error_reporting = E_ALL & ~E_NOTICE
display_errors = On
display_startup_errors = On
log_errors = Off
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = OffRe: cookies won't bake :(
Hmm...what does
display?
Code: Select all
print_r($_COOKIE);Re: cookies won't bake :(
as you can probably guess there are several cookies that have been set by my wiki and bulletin board. The other two are successful logins to the system via a different pathway (I have distinct sets of clients stored in two different tables) - I've starred out a few of the characters for security reasons but you can get the driftArray ( [phpbb3_3m1ua_u] => 2 [phpbb3_3m1ua_k] => [phpbb3_3m1ua_sid] => 19a811f647c30bfcdfcbaf04865cb021 [style_cookie] => null [194811_wiki_mw_UserID] => 1 [194811_wiki_mw_UserName] => 194811 [1c2b65a91456432b55b672******] => *** [700633a1b0f65fa8456a18b*****] => *** )
I can run an isolated 'cookiecutter' with just this code:
Code: Select all
<?php
error_reporting(E_ALL ^ E_NOTICE);
$inTwoweeks = 60 * 60 * 24 * 14 + time();
setcookie(md5('******'), *******, $inTwoweeks, '/');
setcookie(md5('*****'), '***', $inTwoweeks, '/');
setcookie(md5('********'), ***********, $inTwoweeks, '/');
echo "cookies should be set";
?>Tom
-
cpetercarter
- Forum Contributor
- Posts: 474
- Joined: Sat Jul 25, 2009 2:00 am
Re: cookies won't bake :(
The php manual explains
I think your code sets the cookies fine - it is just that you are trying to test them on the page in which they are set, not the next page.Cookies will not become visible until the next loading of a page that the cookie should be visible for. To test if a cookie was successfully set, check for the cookie on a next loading page before the cookie expires.
Re: cookies won't bake :(
Off-topic, but still important...
Your code is currently vulnerable to SQL injection. You should see http://www.php.net/mysql_real_escape_string for more information.
Currently, a user could enter a password of say... "foobar' OR 1=1" (without double quotes). Then your query becomes:
SELECT name,password FROM doctors WHERE validated='Y' AND name='$whichdoc' AND password='foobar' OR 1=1
Which obviously isn't the expected (or desired) behavior.
Code: Select all
$whichdoc =$_POST['whichdoc'];
$typedpassword =$_POST['typedpassword'];
include("connect.php");
$result=mysql_query("SELECT name,password FROM doctors WHERE validated='Y' AND name='$whichdoc' AND password='$typedpassword'");
Currently, a user could enter a password of say... "foobar' OR 1=1" (without double quotes). Then your query becomes:
SELECT name,password FROM doctors WHERE validated='Y' AND name='$whichdoc' AND password='foobar' OR 1=1
Which obviously isn't the expected (or desired) behavior.
Re: cookies won't bake :(
right... have changed the last line within the cookie setting function to what I will ultimately want it to be -> to forward to an URL everything further within the website.
It will now happily forward me, but the cookies still won't bake - I'm looking for them using the browser to establish whether they are there or not
"print_r($_COOKIE);" returns nothing new
Mirge, would I overcome this by coding like this? I can't say I've really got my head round it but think the idea is that you reduce the risk of the content of a form submission interfering with your query
Code: Select all
if ($rowCheck > 0) {
$inTwoweeks = 60 * 60 * 24 * 14 + time();
setcookie(md5('praclogged'), $whichprac, $inTwoweeks, '/');
setcookie(md5('authenticated'), 'yes', $inTwoweeks, '/');
setcookie(md5('pracpassword'), $typedpassword, $inTwoweeks, '/');
print "<script language='Javascript'>document.location.href='/dbframe.html' ;</script>";
}Mirge, would I overcome this by coding like this? I can't say I've really got my head round it but think the idea is that you reduce the risk of the content of a form submission interfering with your query
Code: Select all
$whichdoc =$_POST['whichdoc'];
$whichdoc = stripslashes($name);
$typedpassword =$_POST['typedpassword'];
$whichdoc = stripslashes($typedpassword);Re: cookies won't bake :(
If you are using user input in a MySQL query, always (at minimum) use mysql_real_escape_string() on it. If you've got magic quotes enabled, either disable it to call stripslashes() on the user input before calling mysql_real_escape_string.Auselan wrote:right... have changed the last line within the cookie setting function to what I will ultimately want it to be -> to forward to an URL everything further within the website.It will now happily forward me, but the cookies still won't bake - I'm looking for them using the browser to establish whether they are there or notCode: Select all
if ($rowCheck > 0) { $inTwoweeks = 60 * 60 * 24 * 14 + time(); setcookie(md5('praclogged'), $whichprac, $inTwoweeks, '/'); setcookie(md5('authenticated'), 'yes', $inTwoweeks, '/'); setcookie(md5('pracpassword'), $typedpassword, $inTwoweeks, '/'); print "<script language='Javascript'>document.location.href='/dbframe.html' ;</script>"; }"print_r($_COOKIE);" returns nothing new
Mirge, would I overcome this by coding like this? I can't say I've really got my head round it but think the idea is that you reduce the risk of the content of a form submission interfering with your queryCode: Select all
$whichdoc =$_POST['whichdoc']; $whichdoc = stripslashes($name); $typedpassword =$_POST['typedpassword']; $whichdoc = stripslashes($typedpassword);
See http://www.php.net/mysql_real_escape_string/ for more info
Re: cookies won't bake :(
What else have you tried? Any new/different problems or code?Auselan wrote:bump