not so sweet Cookies!!!
Moderator: General Moderators
-
indian98476
- Forum Commoner
- Posts: 78
- Joined: Tue Dec 15, 2009 3:24 am
not so sweet Cookies!!!
is cookies stored based on ip address or some other value?
Re: not so sweet Cookies!!!
Cookie is stored by the browser, for a given hostname. The IP have nothing to do with the cookie itself. Why you are asking this?
-
indian98476
- Forum Commoner
- Posts: 78
- Joined: Tue Dec 15, 2009 3:24 am
Re: not so sweet Cookies!!!
i got my code working....it takes users based on his names from the form field in the index page....if names differ u get a msg welcome user's name to our website else he gets welcome back user's name...
so this is my doubt now....
so if multiple users login from the same computer to the same website how does it take as different users?
so this is my doubt now....
so if multiple users login from the same computer to the same website how does it take as different users?
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm
Re: not so sweet Cookies!!!
they don't. one log-in per client.
well they could use two different browsers on the clients machine.
well they could use two different browsers on the clients machine.
-
indian98476
- Forum Commoner
- Posts: 78
- Joined: Tue Dec 15, 2009 3:24 am
Re: not so sweet Cookies!!!
my code is gone messy again...
it logins a particular user, then when he logs in back again it says welcome back...but if he again tries to login it says welcome to our site instead of telling welcome back user's name
it logins a particular user, then when he logs in back again it says welcome back...but if he again tries to login it says welcome to our site instead of telling welcome back user's name
-
indian98476
- Forum Commoner
- Posts: 78
- Joined: Tue Dec 15, 2009 3:24 am
Re: not so sweet Cookies!!!
here is my code
i think error lies with line 16
Code: Select all
<?php
if($_POST['sub']){
$name=$_REQUEST['name'];//take users name in a name variable
if (!isset($_COOKIE["user"]))//check if cookie is set or not
{
setcookie("user",$name, time() + 60*60*24*7);//set the cookie if not set, important to not here is that cookie is set based on name
echo "Welcome to our site";
}
else//if cookie has been set already
{
echo "Welcome Back ".$_REQUEST['name'].".";
setcookie("user",$name, time() - 60*60*24*7);//unset the cookie so new users dont get a welcome back message
}
//echo $cookie["user"];
}
else{
echo "<form method='post' action='login.php'>
Name: <input name='name' type='text' /><br />
Username: <input name='uname' type='text' /><br />
Password: <input name='pword' type='password' /><br />
<input type='submit' name='sub' value='login' />
</form>";
echo "<br />";
}
?>-
indian98476
- Forum Commoner
- Posts: 78
- Joined: Tue Dec 15, 2009 3:24 am
Re: not so sweet Cookies!!!
sorry i mean to say line 14.....
-
indian98476
- Forum Commoner
- Posts: 78
- Joined: Tue Dec 15, 2009 3:24 am
Re: not so sweet Cookies!!!
i have rewritten the code like this obviously with some changes...
Code: Select all
<?php
if($_POST['sub']){
$name=$_REQUEST['name'];//take users name in a name variable
if (!isset($_COOKIE["user"]))//check if cookie is set or not
{
setcookie("user",$name, time() + 60*60*24*7);//set the cookie if not set, important to not here is that cookie is set based on name
echo "Welcome to our site";
}
else//if cookie has been set already
{
$name1=$_COOKIE("user");// get the value of user and store in a variable $name1
if($name==$name1)//compare the values for a match
{
//setcookie("user",$name, time() - 60*60*24*7);//unset the cookie so new users dont get a welcome back message
echo "Welcome Back ".$_REQUEST['name'].".";
}
else
{
echo "Welcome to our site";
}
}
echo $_COOKIE["user"];
}
else{
echo "<form method='post' action='login.php'>
Name: <input name='name' type='text' /><br />
Username: <input name='uname' type='text' /><br />
Password: <input name='pword' type='password' /><br />
<input type='submit' name='sub' value='login' />
</form>";
echo "<br />";
}
?>Re: not so sweet Cookies!!!
First people gotta login with a password, but then later on, you check if they are logged in by getting the 'user' cookie variable?
What keeps anyone from creating/changing a cookie themselves with username 'administrator' or something?
Rule nr.1: Don't trust user input. And cookies are 100% user input.
What keeps anyone from creating/changing a cookie themselves with username 'administrator' or something?
Rule nr.1: Don't trust user input. And cookies are 100% user input.
-
indian98476
- Forum Commoner
- Posts: 78
- Joined: Tue Dec 15, 2009 3:24 am
Re: not so sweet Cookies!!!
i understand what you mean...but this is just the starting...so i thought first clear cookies issues first and then move on....
-
indian98476
- Forum Commoner
- Posts: 78
- Joined: Tue Dec 15, 2009 3:24 am
Re: not so sweet Cookies!!!
an easy 2 read code...so if 2 different users login to the same page from a same browser this code fails to welcome them back....but instead show a welcome to our site msg....plz help....smthng wrong with my logic or code?
Code: Select all
<?php
if($_POST['sub']){
if (!isset($_COOKIE["user"]))//check if cookie is set or not
{
$name=$_REQUEST["name"];//take users name in a name variable
setcookie("user",$name, time() + 60*60*24*7);//set the cookie if not set, important to note here is that cookie is set based on name
echo "Welcome to our site";
}
else//if cookie has been set already
{
$name2=$_REQUEST["name"];//take users name in a name variable
$name1=$_COOKIE["user"];//take cookies value in another name variable
if($name1==$name2){//check for a match of users variable and cookie variable
echo "Welcome Back ".$name2.". <br />";
}
else
{
$name3=$_REQUEST["name"];//take users name in a name variable
setcookie("user",$name3, time() + 60*60*24*7);
echo "Welcome to our site. <br />";
setcookie("user",$name3, time() + 60*60*24*7);//unset the created cookie
}
}
//echo $_COOKIE["user"];
}
else{
echo "<form method='post' action='login.php'>
Name: <input name='name' type='text' /><br />
Username: <input name='uname' type='text' /><br />
Password: <input name='pword' type='password' /><br />
<input type='submit' name='sub' value='login' />
</form>";
echo "<br />";
}
?>-
indian98476
- Forum Commoner
- Posts: 78
- Joined: Tue Dec 15, 2009 3:24 am
Re: not so sweet Cookies!!!
i see that i am not storing those cookie values anywhere..how do i go about it?