cookie re-setting issue

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

cookie re-setting issue

Post by m3rajk »

i have an in issue with my login script. what's happening is that the way it's working, it's causing the user to be logged out immediately after a successful login. i don't know how to fix this.for some reason the nav bar, which changes based on if you're logged in or out, is showing that one is logged out when loading the login success page. the next page shows the logged in nav bar, and the pageload after one is back to being logged out (showing in the nav bar)


i don't understand what's causing the logout to occur so fast since it's not time dependant. i've added (and since removed) a number of debugging lines thinking it was the expiration time on the cookies, but it's not. that's being done right. for some reason it's getting reset.

since the functions that are involved are varoius and mant, i'm showing the one i think is the most likly culprit below, with a link to a page with just the full functions used and the login script below that.

Code: Select all

if($_COOKIE['login']){ # we're logged in
    $db=mysql_connect($host, $login2, $pass2) or die("cannot access mysql"); # get the sql connection
    $fyd=mysql_select_db('findyourdesire', $db) or die("cannot connect to db"); # select the db
    $un=$_COOKIE['un']; $pw=$_COOKIE['pw']; # what we wont change on-the-fly
    $fprefs=mysql_query("SELECT gmt_offset, tds, login_duration, msgs FROM users WHERE username='$un' AND password='$pw'", $db); # get the prefs
    if(mysql_num_rows($fprefs)>0){ # we can update the cookies
      $prefs=mysql_fetch_array($fprefs); $gmto=$prefs['gmt_offset']; $utds=$tds[$prefs['tds']]; 
      $duration=$durr[$prefs['login_duration']]; $accepts=$prefs['msgs'];
      $expire=(time()+($duration*60));
      setcookie(un, $un, $expire); # set username
      setcookie(pw, $pass, $expire); # set password
      setcookie(login, TRUE, $expire); # set login
      setcookie(gmto, $gmto, $expire); # set the gmt offset
      setcookie(utds, $rtds, $expire); # set the time display style
      $active=gmdate("Y-m-d H:i:s", time());
      $update=mysql_query("UPDATE users SET last_activity='$active' WHERE username='$un'", $db); # try to update users (we don't really care if it fails)
      if($accepts){ # person accepts ims
	if($accepts>5){ # the user wants them ALL
	  $fims=mysql_query("SELECT msg_id FROM msgs WHERE to_id='$un' AND viewed='0'", $db);
	  $amtims=mysql_num_rows($fims);
	  if($amtims){ # we have ims
	    for($i=0;$i<$amtims;$i++){ # for each im
	      $gimid=mysql_fetch_array($fims); $ims=$gimid['msg_id']; # record the msg_id
	    }
	  }
	}else{ # user wants $accepts amount
	  $fims=mysql_query("SELECT msg_id FROM msgs WHERE to_id='$un' AND viewed='0' ORDER BY msg_id ASC LIMIT '$accepts'", $db);
	  $amtims=mysql_num_rows($fims);
	  if($amtims){ # we have ims
	    for($i=0;$i<$amtims;$i++){ # for each im
	      $gimid=mysql_fetch_array($fims); $ims=$gimid['msg_id']; # record the msg_id
	    }
	  }
	}
      }
    }else{ cookies('logout'); } # there was an error for some reason
i think else, which is there to make sure those cookies get cleared out incase you have cookies with those names from other sites, is being called no matter what, but i'm not sure.
http://24.91.157.113/findyourdesire/login.issue
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

A few things, you should quote the names of the cookies
ie
setcookie("un",$un,$expire);
you might want to quite "TRUE" as well asn explicitly test for that. I'm not certain how cookies/php will interact with collapsing truth values.
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

that would explain it... even with the else commented out, which i just did, it didn't help. if it's taking TRUE as a string and not the TRUE value, then it woulnd't necessarily be equivalent to the true value.

an aside, last ngiht i added quoes around the cookie names since JAM pointed out that it makes the parser parse the files more efficiently.

this is the copy i have in the day old backup. i made the file to show ppl pasting from that. i often do that since i have a backup on my machine and it's faster to copy and paste then upload and convert to unix from dos than to go to the server (different place in my house) since i'm testing in on my pc instead of my server so that it'll be a little more like the real thing
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

i'll update the txt file to show the code on the server. but i just tested it. it's not working. the cookoies seem to set right upon joining, but only then.

i can't debug the rest of the site if i can't sign in. any and all help would be greatly appreciated
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Still at work (sigh) but if it's not to much rewriting needed, I'll copy/paste your code and test it locally at home, and at the dev-server to see if that gives some more information. (If wanted)

I feel like I'd like to get the answer to this problem also so...
Msg me a reminder (and additional info if so) so I wont forget the thread.
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

ok. not only did i update it, i made a new change, instead of using TRUE/FALSE, since 1/0 are respectively equivalent, i switched to using a number... so now the testing of login is testing to see if it's non-zero (i know any positive number can be used in place of 1 for true.)
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

that was slightly better... two pageloads
btw: if anyone would like to signup, logout, and try the login themselves, just point your browser to http://24.91.157.113/findyourdesire/join.php

beware: the emailed confirmation code doesn't seem to go through to yahoo (after i get a real host i plan on contacting yahoo and letting them know what the automated address is and asking them to specifically let that through)

hotmail seems to have a 3 to 5 minute delay


the cookie with the code is good for one hour, so ...
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Still waiting for an email confirmation.
Meanwhile, I'm wondering along...

What happens if you mix all the fields together using a delimiter to separate them, serialize() that and store that string in a cookie.
Later, during the checkings of the different cookie values, you get the string, unserialize() it, explode and continue from there. (Change serialize to personal favourite ciper method)

Just thinking if there is a limit on how many cookies a cookie file can contain before it starts to generate errors. A single row cookie might be more effective.
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

not sure about mozilla netscape 6+, but 4.xx and lower uses a txt file that each cookie is it's own line.... there isn't a limit on the filesize.. if there is it's huge. on my old computer i have a 500 kb cookie file for netscape 4.xx

i think the limit is the size you said, and after a cookie expires it'll overwrite if needed, but otherwise it leaves the lines in tact

ie stores each cookie as its own file, so i'm not sure that's likely

since almost everything uses the username and password to verify you, i can get rid of the gmt offset and time display style without much of an issue. it'll be annoying to have to edit all the files, but nothing big.
i need to have the username and password to veryify who you are... it's change testing to see if you're loggeed in, but not by much.. i'd just test if both are set, if so does yourr username and pw pull something valid from the db.btw: you can do the login any time you'd like.
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Never got the email verification, so I could not test fully. Also, I got the following errors., if you are interested.
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

yeah. i changed some things and right now it's only one fo the three lines with join. i realized that the two added catagories weren't in the insert statement.

edit (reason for change in the post):
and on top of that, the errors were when someone didn't fill out a catagory. i found a way around that.
Last edited by m3rajk on Thu Sep 04, 2003 3:25 pm, edited 1 time in total.
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

btw: my sister got the e-mail when she tried, using her lycos account. it seems yahoo doesn't let it through... not sure why some systems do and others don't

might be that the from address has nothing to do witht eh address that it's probbably registering as being sent from by comcast since it's not on my dad's account...

"debug: user:
0

query: UPDATE users SET approved='$nuv', site_access='$reg' WHERE uid=''
note: first two things kept as code incase someone other than me signs up "
was what she got, so the signup also has the cookie issue, so i did something to fix that.

she had the same cookie issue i did
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

i realized that the way i had the login set up where i find the correct page seperately fromt he db stuff was confusing some people, so i chaged the login script so that it doesn't use that, and added a function specifically for the login when it's successful to do the navigation bar (it would be a pain in the *** to add something to nav() and go back through about 30 pages and add it to them all.

i hope the change makes things more clear. it's been reflected in the login.issues page
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

i realized something... there's no debugging things in bgnpg();


well... i added some debugging stuff and think i know what the problem is... the functions doesn't have one of two include files it needs.... so....while everything else was perfectly fine and executing properly....

this is the debug stuff from the bgnpg function
$_COOKIE['login']: 1
db: Resource id #1
fyd: 1
cookies (un -> pw): neo -> 9cc9e1f6a22e05307d6831087ef5d1e6
fprefs: Resource id #2
error num: 0
error:
fprefs rows: 1
gmto: -5.00
utds:
duration:
ims accepted: 1
uid: 1
now -> expire: 1062790733 -> expire 1062790733
active -> exp: 2003-09-05 19:38:53 -> 2003-09-05 19:38:53
update 1
affected rows -> error number: 1 -> 0
error:
ending of pgbgndebug crap
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

ahh!
that didn't fix it.
first page after login:
this is the debug stuff from the bgnpg function
$_COOKIE['login']: 1
db: Resource id #1
fyd: 1
cookies (un -> pw): neo -> 9cc9e1f6a22e05307d6831087ef5d1e6
fprefs: Resource id #2
error num: 0
error:
fprefs rows: 1
gmto: -5.00
utds: m/d/Y H:i:s
duration: 60
ims accepted: 1
uid: 1
now -> expire: 1062791587 -> expire 1062795187
active -> exp: 2003-09-05 19:53:07 -> 2003-09-05 20:53:07
update 1
affected rows -> error number: 1 -> 0
error:
ending of pgbgndebug crap
so it should be lasting an hour for me, right? (all times gmt)
yet... next pageload:
this is the debug stuff from the bgnpg function
$_COOKIE['login']: 0
ending of pgbgndebug crap
now i'm really stumped.
Post Reply