cookies won't bake :(

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Auselan
Forum Newbie
Posts: 18
Joined: Sat Dec 27, 2008 7:04 am

cookies won't bake :(

Post by Auselan »

I decided to remove this post as it potentially revealed coding i don't want in the public arena
Last edited by Auselan on Tue Dec 11, 2012 2:55 pm, edited 1 time in total.
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: cookies won't bake :(

Post by cpetercarter »

setcookie() sends the cookie with the headers, and will therefore fail if you have already output something to the browser. Have you sent any output before 'setcookie()' in your second script? (Even a single white space before <?php at the beginning of the script will send headers and cause a subsequent setcookie() to fail!).
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: cookies won't bake :(

Post by jackpf »

Turn on error reporting and you'll probably find out.
Auselan
Forum Newbie
Posts: 18
Joined: Sat Dec 27, 2008 7:04 am

Re: cookies won't bake :(

Post by Auselan »

Have you sent any output before 'setcookie()' in your second script?
I don't think it's this - I've checked over and over and there shouldn't be any output before that - the start of the script is line 1
Turn on error reporting
I think this is already on..? php.ini:

Code: Select all

error_reporting = E_ALL & ~E_NOTICE
 
display_errors = On
 
display_startup_errors = On
 
log_errors = Off
 
log_errors_max_len = 1024
 
ignore_repeated_errors = Off
 
ignore_repeated_source = Off
 
report_memleaks = On
 
track_errors = Off
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: cookies won't bake :(

Post by jackpf »

Hmm...what does

Code: Select all

print_r($_COOKIE);
display?
Auselan
Forum Newbie
Posts: 18
Joined: Sat Dec 27, 2008 7:04 am

Re: cookies won't bake :(

Post by Auselan »

Array ( [phpbb3_3m1ua_u] => 2 [phpbb3_3m1ua_k] => [phpbb3_3m1ua_sid] => 19a811f647c30bfcdfcbaf04865cb021 [style_cookie] => null [194811_wiki_mw_UserID] => 1 [194811_wiki_mw_UserName] => 194811 [1c2b65a91456432b55b672******] => *** [700633a1b0f65fa8456a18b*****] => *** )
as you can probably guess there are several cookies that have been set by my wiki and bulletin board. The other two are successful logins to the system via a different pathway (I have distinct sets of clients stored in two different tables) - I've starred out a few of the characters for security reasons but you can get the drift

I can run an isolated 'cookiecutter' with just this code:

Code: Select all

<?php
error_reporting(E_ALL ^ E_NOTICE);
$inTwoweeks = 60 * 60 * 24 * 14 + time();
setcookie(md5('******'), *******, $inTwoweeks, '/');
setcookie(md5('*****'), '***', $inTwoweeks, '/'); 
setcookie(md5('********'), ***********, $inTwoweeks, '/');
echo "cookies should be set";
?>
which successfully adds the cookies I want, I just can't get it to pass through from a form submitting variables to the cookiecutter

Tom
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: cookies won't bake :(

Post by cpetercarter »

The php manual explains
Cookies will not become visible until the next loading of a page that the cookie should be visible for. To test if a cookie was successfully set, check for the cookie on a next loading page before the cookie expires.
I think your code sets the cookies fine - it is just that you are trying to test them on the page in which they are set, not the next page.
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: cookies won't bake :(

Post by Mirge »

Off-topic, but still important...

Code: Select all

 
$whichdoc =$_POST['whichdoc'];
$typedpassword =$_POST['typedpassword'];
 
include("connect.php");
$result=mysql_query("SELECT name,password FROM doctors WHERE validated='Y' AND name='$whichdoc' AND password='$typedpassword'");
 
Your code is currently vulnerable to SQL injection. You should see http://www.php.net/mysql_real_escape_string for more information.

Currently, a user could enter a password of say... "foobar' OR 1=1" (without double quotes). Then your query becomes:

SELECT name,password FROM doctors WHERE validated='Y' AND name='$whichdoc' AND password='foobar' OR 1=1

Which obviously isn't the expected (or desired) behavior.
Auselan
Forum Newbie
Posts: 18
Joined: Sat Dec 27, 2008 7:04 am

Re: cookies won't bake :(

Post by Auselan »

right... have changed the last line within the cookie setting function to what I will ultimately want it to be -> to forward to an URL everything further within the website.

Code: Select all

if ($rowCheck > 0) {
$inTwoweeks = 60 * 60 * 24 * 14 + time();
setcookie(md5('praclogged'), $whichprac, $inTwoweeks, '/');
setcookie(md5('authenticated'), 'yes', $inTwoweeks, '/'); 
setcookie(md5('pracpassword'), $typedpassword, $inTwoweeks, '/');
print "<script language='Javascript'>document.location.href='/dbframe.html' ;</script>"; 
}
It will now happily forward me, but the cookies still won't bake - I'm looking for them using the browser to establish whether they are there or not :( "print_r($_COOKIE);" returns nothing new

Mirge, would I overcome this by coding like this? I can't say I've really got my head round it but think the idea is that you reduce the risk of the content of a form submission interfering with your query

Code: Select all

$whichdoc =$_POST['whichdoc'];
$whichdoc = stripslashes($name);
$typedpassword =$_POST['typedpassword'];
$whichdoc = stripslashes($typedpassword);
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: cookies won't bake :(

Post by Mirge »

Auselan wrote:right... have changed the last line within the cookie setting function to what I will ultimately want it to be -> to forward to an URL everything further within the website.

Code: Select all

if ($rowCheck > 0) {
$inTwoweeks = 60 * 60 * 24 * 14 + time();
setcookie(md5('praclogged'), $whichprac, $inTwoweeks, '/');
setcookie(md5('authenticated'), 'yes', $inTwoweeks, '/'); 
setcookie(md5('pracpassword'), $typedpassword, $inTwoweeks, '/');
print "<script language='Javascript'>document.location.href='/dbframe.html' ;</script>"; 
}
It will now happily forward me, but the cookies still won't bake - I'm looking for them using the browser to establish whether they are there or not :( "print_r($_COOKIE);" returns nothing new

Mirge, would I overcome this by coding like this? I can't say I've really got my head round it but think the idea is that you reduce the risk of the content of a form submission interfering with your query

Code: Select all

$whichdoc =$_POST['whichdoc'];
$whichdoc = stripslashes($name);
$typedpassword =$_POST['typedpassword'];
$whichdoc = stripslashes($typedpassword);
If you are using user input in a MySQL query, always (at minimum) use mysql_real_escape_string() on it. If you've got magic quotes enabled, either disable it to call stripslashes() on the user input before calling mysql_real_escape_string.

See http://www.php.net/mysql_real_escape_string/ for more info
Auselan
Forum Newbie
Posts: 18
Joined: Sat Dec 27, 2008 7:04 am

Re: cookies won't bake :(

Post by Auselan »

bump
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: cookies won't bake :(

Post by Mirge »

Auselan wrote:bump
What else have you tried? Any new/different problems or code?
Post Reply