Page 1 of 1

not so sweet Cookies!!!

Posted: Thu Dec 24, 2009 6:17 am
by indian98476
is cookies stored based on ip address or some other value?

Re: not so sweet Cookies!!!

Posted: Thu Dec 24, 2009 6:33 am
by Darhazer
Cookie is stored by the browser, for a given hostname. The IP have nothing to do with the cookie itself. Why you are asking this?

Re: not so sweet Cookies!!!

Posted: Thu Dec 24, 2009 7:04 am
by indian98476
i got my code working....it takes users based on his names from the form field in the index page....if names differ u get a msg welcome user's name to our website else he gets welcome back user's name...

so this is my doubt now....
so if multiple users login from the same computer to the same website how does it take as different users?

Re: not so sweet Cookies!!!

Posted: Thu Dec 24, 2009 9:19 am
by daedalus__
they don't. one log-in per client.

well they could use two different browsers on the clients machine.

Re: not so sweet Cookies!!!

Posted: Mon Dec 28, 2009 12:38 am
by indian98476
my code is gone messy again...

it logins a particular user, then when he logs in back again it says welcome back...but if he again tries to login it says welcome to our site instead of telling welcome back user's name

Re: not so sweet Cookies!!!

Posted: Mon Dec 28, 2009 12:42 am
by indian98476
here is my code

Code: Select all

<?php
if($_POST['sub']){
 
$name=$_REQUEST['name'];//take users name in a name variable
 
if (!isset($_COOKIE["user"]))//check if cookie is set or not
{
setcookie("user",$name, time() + 60*60*24*7);//set the cookie if not set, important to not here is that cookie is set based on name
echo "Welcome to our site";
}
else//if cookie has been set already
{
echo "Welcome Back ".$_REQUEST['name'].".";
setcookie("user",$name, time() - 60*60*24*7);//unset the cookie so new users dont get a welcome back message
}
//echo $cookie["user"];
}
else{
echo "<form method='post' action='login.php'>
  Name: <input name='name' type='text' /><br />
  Username: <input name='uname' type='text' /><br />
  Password: <input name='pword' type='password' /><br />
  <input type='submit' name='sub' value='login' />
  </form>";
echo "<br />";
}
?>
i think error lies with line 16

Re: not so sweet Cookies!!!

Posted: Mon Dec 28, 2009 12:44 am
by indian98476
sorry i mean to say line 14.....

Re: not so sweet Cookies!!!

Posted: Mon Dec 28, 2009 5:58 am
by indian98476
i have rewritten the code like this obviously with some changes...

Code: Select all

<?php
if($_POST['sub']){
 
$name=$_REQUEST['name'];//take users name in a name variable
 
 
if (!isset($_COOKIE["user"]))//check if cookie is set or not
{
setcookie("user",$name, time() + 60*60*24*7);//set the cookie if not set, important to not here is that cookie is set based on name
echo "Welcome to our site";
}
else//if cookie has been set already
{
$name1=$_COOKIE("user");// get the value of user and store in a variable $name1
if($name==$name1)//compare the values for a match
{
//setcookie("user",$name, time() - 60*60*24*7);//unset the cookie so new users dont get a welcome back message
echo "Welcome Back ".$_REQUEST['name'].".";
}
else
{
echo "Welcome to our site";
}
}
echo $_COOKIE["user"];
}
else{
echo "<form method='post' action='login.php'>
  Name: <input name='name' type='text' /><br />
  Username: <input name='uname' type='text' /><br />
  Password: <input name='pword' type='password' /><br />
  <input type='submit' name='sub' value='login' />
  </form>";
echo "<br />";
}
?>

Re: not so sweet Cookies!!!

Posted: Mon Dec 28, 2009 7:30 am
by Apollo
First people gotta login with a password, but then later on, you check if they are logged in by getting the 'user' cookie variable?

What keeps anyone from creating/changing a cookie themselves with username 'administrator' or something?

Rule nr.1: Don't trust user input. And cookies are 100% user input.

Re: not so sweet Cookies!!!

Posted: Mon Dec 28, 2009 11:06 pm
by indian98476
i understand what you mean...but this is just the starting...so i thought first clear cookies issues first and then move on....

Re: not so sweet Cookies!!!

Posted: Tue Dec 29, 2009 3:36 am
by indian98476
an easy 2 read code...so if 2 different users login to the same page from a same browser this code fails to welcome them back....but instead show a welcome to our site msg....plz help....smthng wrong with my logic or code?

Code: Select all

<?php
if($_POST['sub']){
 
if (!isset($_COOKIE["user"]))//check if cookie is set or not
{
$name=$_REQUEST["name"];//take users name in a name variable
setcookie("user",$name, time() + 60*60*24*7);//set the cookie if not set, important to note here is that cookie is set based on name
echo "Welcome to our site";
}
else//if cookie has been set already
{
$name2=$_REQUEST["name"];//take users name in a name variable
$name1=$_COOKIE["user"];//take cookies value in another name variable
if($name1==$name2){//check for a match of users variable and cookie variable
echo "Welcome Back ".$name2.". <br />";
}
else
{
$name3=$_REQUEST["name"];//take users name in a name variable
setcookie("user",$name3, time() + 60*60*24*7);
echo "Welcome to our site. <br />";
setcookie("user",$name3, time() + 60*60*24*7);//unset the created cookie
}
}
//echo $_COOKIE["user"];
}
else{
 
echo "<form method='post' action='login.php'>
  Name: <input name='name' type='text' /><br />
  Username: <input name='uname' type='text' /><br />
  Password: <input name='pword' type='password' /><br />
  <input type='submit' name='sub' value='login' />
  </form>";
echo "<br />";
}
 
?>

Re: not so sweet Cookies!!!

Posted: Tue Dec 29, 2009 4:30 am
by indian98476
i see that i am not storing those cookie values anywhere..how do i go about it?