Page 1 of 1

cookies won't bake :(

Posted: Sun Aug 02, 2009 5:27 am
by Auselan
I decided to remove this post as it potentially revealed coding i don't want in the public arena

Re: cookies won't bake :(

Posted: Sun Aug 02, 2009 12:14 pm
by cpetercarter
setcookie() sends the cookie with the headers, and will therefore fail if you have already output something to the browser. Have you sent any output before 'setcookie()' in your second script? (Even a single white space before <?php at the beginning of the script will send headers and cause a subsequent setcookie() to fail!).

Re: cookies won't bake :(

Posted: Sun Aug 02, 2009 12:29 pm
by jackpf
Turn on error reporting and you'll probably find out.

Re: cookies won't bake :(

Posted: Sat Aug 15, 2009 1:09 pm
by Auselan
Have you sent any output before 'setcookie()' in your second script?
I don't think it's this - I've checked over and over and there shouldn't be any output before that - the start of the script is line 1
Turn on error reporting
I think this is already on..? php.ini:

Code: Select all

error_reporting = E_ALL & ~E_NOTICE
 
display_errors = On
 
display_startup_errors = On
 
log_errors = Off
 
log_errors_max_len = 1024
 
ignore_repeated_errors = Off
 
ignore_repeated_source = Off
 
report_memleaks = On
 
track_errors = Off

Re: cookies won't bake :(

Posted: Sat Aug 15, 2009 3:20 pm
by jackpf
Hmm...what does

Code: Select all

print_r($_COOKIE);
display?

Re: cookies won't bake :(

Posted: Wed Oct 28, 2009 3:47 am
by Auselan
Array ( [phpbb3_3m1ua_u] => 2 [phpbb3_3m1ua_k] => [phpbb3_3m1ua_sid] => 19a811f647c30bfcdfcbaf04865cb021 [style_cookie] => null [194811_wiki_mw_UserID] => 1 [194811_wiki_mw_UserName] => 194811 [1c2b65a91456432b55b672******] => *** [700633a1b0f65fa8456a18b*****] => *** )
as you can probably guess there are several cookies that have been set by my wiki and bulletin board. The other two are successful logins to the system via a different pathway (I have distinct sets of clients stored in two different tables) - I've starred out a few of the characters for security reasons but you can get the drift

I can run an isolated 'cookiecutter' with just this code:

Code: Select all

<?php
error_reporting(E_ALL ^ E_NOTICE);
$inTwoweeks = 60 * 60 * 24 * 14 + time();
setcookie(md5('******'), *******, $inTwoweeks, '/');
setcookie(md5('*****'), '***', $inTwoweeks, '/'); 
setcookie(md5('********'), ***********, $inTwoweeks, '/');
echo "cookies should be set";
?>
which successfully adds the cookies I want, I just can't get it to pass through from a form submitting variables to the cookiecutter

Tom

Re: cookies won't bake :(

Posted: Thu Oct 29, 2009 2:53 am
by cpetercarter
The php manual explains
Cookies will not become visible until the next loading of a page that the cookie should be visible for. To test if a cookie was successfully set, check for the cookie on a next loading page before the cookie expires.
I think your code sets the cookies fine - it is just that you are trying to test them on the page in which they are set, not the next page.

Re: cookies won't bake :(

Posted: Thu Oct 29, 2009 3:45 am
by Mirge
Off-topic, but still important...

Code: Select all

 
$whichdoc =$_POST['whichdoc'];
$typedpassword =$_POST['typedpassword'];
 
include("connect.php");
$result=mysql_query("SELECT name,password FROM doctors WHERE validated='Y' AND name='$whichdoc' AND password='$typedpassword'");
 
Your code is currently vulnerable to SQL injection. You should see http://www.php.net/mysql_real_escape_string for more information.

Currently, a user could enter a password of say... "foobar' OR 1=1" (without double quotes). Then your query becomes:

SELECT name,password FROM doctors WHERE validated='Y' AND name='$whichdoc' AND password='foobar' OR 1=1

Which obviously isn't the expected (or desired) behavior.

Re: cookies won't bake :(

Posted: Sun Nov 01, 2009 2:49 pm
by Auselan
right... have changed the last line within the cookie setting function to what I will ultimately want it to be -> to forward to an URL everything further within the website.

Code: Select all

if ($rowCheck > 0) {
$inTwoweeks = 60 * 60 * 24 * 14 + time();
setcookie(md5('praclogged'), $whichprac, $inTwoweeks, '/');
setcookie(md5('authenticated'), 'yes', $inTwoweeks, '/'); 
setcookie(md5('pracpassword'), $typedpassword, $inTwoweeks, '/');
print "<script language='Javascript'>document.location.href='/dbframe.html' ;</script>"; 
}
It will now happily forward me, but the cookies still won't bake - I'm looking for them using the browser to establish whether they are there or not :( "print_r($_COOKIE);" returns nothing new

Mirge, would I overcome this by coding like this? I can't say I've really got my head round it but think the idea is that you reduce the risk of the content of a form submission interfering with your query

Code: Select all

$whichdoc =$_POST['whichdoc'];
$whichdoc = stripslashes($name);
$typedpassword =$_POST['typedpassword'];
$whichdoc = stripslashes($typedpassword);

Re: cookies won't bake :(

Posted: Sun Nov 01, 2009 3:00 pm
by Mirge
Auselan wrote:right... have changed the last line within the cookie setting function to what I will ultimately want it to be -> to forward to an URL everything further within the website.

Code: Select all

if ($rowCheck > 0) {
$inTwoweeks = 60 * 60 * 24 * 14 + time();
setcookie(md5('praclogged'), $whichprac, $inTwoweeks, '/');
setcookie(md5('authenticated'), 'yes', $inTwoweeks, '/'); 
setcookie(md5('pracpassword'), $typedpassword, $inTwoweeks, '/');
print "<script language='Javascript'>document.location.href='/dbframe.html' ;</script>"; 
}
It will now happily forward me, but the cookies still won't bake - I'm looking for them using the browser to establish whether they are there or not :( "print_r($_COOKIE);" returns nothing new

Mirge, would I overcome this by coding like this? I can't say I've really got my head round it but think the idea is that you reduce the risk of the content of a form submission interfering with your query

Code: Select all

$whichdoc =$_POST['whichdoc'];
$whichdoc = stripslashes($name);
$typedpassword =$_POST['typedpassword'];
$whichdoc = stripslashes($typedpassword);
If you are using user input in a MySQL query, always (at minimum) use mysql_real_escape_string() on it. If you've got magic quotes enabled, either disable it to call stripslashes() on the user input before calling mysql_real_escape_string.

See http://www.php.net/mysql_real_escape_string/ for more info

Re: cookies won't bake :(

Posted: Sat Nov 07, 2009 12:31 pm
by Auselan
bump

Re: cookies won't bake :(

Posted: Sat Nov 07, 2009 1:24 pm
by Mirge
Auselan wrote:bump
What else have you tried? Any new/different problems or code?