Page 1 of 1

b0rked cookies :x

Posted: Thu Jul 03, 2003 6:19 pm
by Drachlen
Ehh.. I'm trying to make sure the person logging in and viewing logged in features keeps cookies on the entire time. To check, im making a random generated cookie and cookie value each page load. The problem is its not picking up the previous page's randomly generated variables. I know they are matching and passing through the page because i echoed the variables and all came out as they were on the previous page. this is the code i am using:

Code: Select all

<?php
session_start();
$chars="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";

mt_srand((double)microtime()*1000000);
for ($i=0;$i<10;$i++){
$cookname .= $chars[mt_rand(0, strlen($chars)-1)];
}
for ($i=0;$i<10;$i++){
$cookver .= $chars[mt_rand(0, strlen($chars)-1)];
}
$prevnm = $_GET['prevnm'];
$prevve = $_GET['prevve'];
setcookie("$cookname","$cookver");
if ($_COOKIE['$prevnm'] == "$prevve") {
echo "cookie was stored";
}else{
echo "Cookies must be enabled to login";
die();
}
?>
also: prevnm and prevve are passed through the URL, and picks up the previous random variables.

Posted: Fri Jul 04, 2003 2:36 am
by cactus
Pass the setcookie() method all the params it needs (except the secure param, unless you need it), some browsers are very picky about how cookies are set.

Ref : http://uk2.php.net/setcookie

Posted: Fri Jul 04, 2003 6:44 am
by Drachlen
Although it's probably best to insert all of the information the cookie needs, its not needed.. I just tested using basic values "1" and "2" and it worked..

Code: Select all

<?php
setcookie("1","2");
if ($_COOKIE['1'] == "2") { 
echo "cookie was stored"; 
}else{ 
echo "Cookies must be enabled to login"; 
die(); 
} 

?>
I dont think thats the problem...

I even tested using " print_r($_COOKIE); " again after copying some of the generated variables, and they did match on the array... Everything seems to be fine, i dunno =/

Posted: Fri Jul 04, 2003 7:31 am
by cactus
Instead of:

Code: Select all

if ($_COOKIE['$prevnm'] == "$prevve") { 
echo "cookie was stored"; 
}else{ 
echo "Cookies must be enabled to login"; 
die(); 
}
Try:

Code: Select all

if ($_COOKIE[$prevnm] == $prevve) { 
echo "cookie was stored"; 
}else{ 
echo "Cookies must be enabled to login"; 
die(); 
}
Regards,

Posted: Fri Jul 04, 2003 8:00 am
by Drachlen
Could it have been because of the double =? because it isnt equal to, its value is... I removed one equal sign and it worked, but is that what was wrong?

Posted: Fri Jul 04, 2003 9:05 am
by cactus
If I understand you correctly, in that scenario you will be setting "$_COOKIE[$prevnm]" to the value of " $prevve".

You are also creating a var called $chars containing a string, then later on, you are creating an array with the same var name and trying to use the string as one of the elements in the array:

Code: Select all

$cookname .= $chars[mt_rand(0, strlen($chars)-1)]
Echo the values of $chars, $cookname and $cookver, this will make it easier to understand :)

Regards,

Posted: Fri Jul 04, 2003 9:15 am
by Drachlen
Well, i already know the value of $chars is "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" because i identify it at the beginning, but ill test anyways. Okay, thats what i got "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"... The other 2 variables, $cookname and $cookvar are randomly generated variables that are always something different... They are carried over to the next page as the new variables "prevnm" and "prevve"..These are checked in the if statement and if they match the previous setcookie then it works, and if they dont, it doesnt... Im pretty sure i got it working though, i removed a = from the if statement: if ($_COOKIE[$prevnm] = $prevve) { and now it gives me the proper messages..

Posted: Fri Jul 04, 2003 9:45 am
by twigletmac
Removing an equal sign means that you set $_COOKIE[$prevnm] to be equal to $prevve and didn't compare the two values. It will now work no matter what $_COOKIE[$prevnm] is equal to. To test whether one value is the same as another you have to use the equality operator (==).

When you do:

Code: Select all

echo '<pre>';
print_r($_COOKIE);
echo '</pre>';
does it all look as it should?

Mac

Posted: Fri Jul 04, 2003 11:05 am
by Drachlen
Ohh.. I wasn't aware that using a single equal sign in an if statement would actually give it that value, anyways, after using the print_r i noticed the array was giving a '0' on some of the values, i dont know what i changed, but it works with the double equal sign so it must be... Also, sometimes i see stuff like "PHPSESSID=945bfa09980940902781479afd74c416" in the url, and i dont understand why. Its only sometimes, not always. I have cookies enabled... Anyways heres the working code, im pretty sure its doing everything right :D

Code: Select all

<?php
session_start();
$chars="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";

mt_srand((double)microtime()*1000000);
for ($i=0;$i<10;$i++){
$cookname .= $chars[mt_rand(0, strlen($chars)-1)];
}
for ($i2=0;$i2<10;$i2++){
$cookver .= $chars[mt_rand(0, strlen($chars)-1)];
}
$prevnm = $_GET['prevnm'];
$prevve = $_GET['prevve'];
setcookie("$cookname","$cookver");
if ($_COOKIE[$prevnm] == $prevve) { 
echo "Cookie accepted.";
}else{
echo "Cookies must be enabled.";
}

?>

Posted: Fri Jul 04, 2003 2:50 pm
by cactus
Although it should work, you still have an ambiguos $chars[] array, below should produce the same result negating the array:

Code: Select all

<?php
session_start();
$chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";

mt_srand((double)microtime()*1000000);

for ($i=0; $i<10; $i++) {
    $cookname .= mt_rand(0, strlen($chars)-1);
}

for ($i2=0; $i2<10; $i2++) {
    $cookver .= mt_rand(0, strlen($chars)-1);
}

$prevnm = $_GET['prevnm'];
$prevve = $_GET['prevve'];
setcookie($cookname, $cookver);

if ($_COOKIE[$prevnm] == $prevve) {
    echo "Cookie accepted.";
} else {
    echo "Cookies must be enabled.";
}
?>
Regards,

Posted: Fri Jul 04, 2003 3:18 pm
by Drachlen
I cant tell what you changed?