Page 1 of 1
check cookie to login
Posted: Sat Nov 08, 2003 5:32 pm
by glennn3
i have a basic login script to get into "index.php" that sets a cookie when the user/pwd matches that in a db like so:
Code: Select all
...
if($row=mysql_fetch_object($Result))
{
setcookie('username', $username, time()+(60*60*24*30), '/', '', 0);
print("<script language="javascript">
top.location="index.php";
</script>");
}
but i've discovered that something is missing from "index.php" that would check for said cookie to prevent access, thereby allowing access regardless... could someone show me what code would do such a thing (check for this cookie before allowing access...) ?
i thank you much,
glenn
Posted: Sat Nov 08, 2003 5:39 pm
by SBukoski
You can usually check your COOKIE variable to see if it is set. For example:
Code: Select all
if (isset($HTTP_COOKIE_VARSї'username'])) {
// Do something
}
That will check the cookies to see if the username cookie is already present on the users machine.
Posted: Sat Nov 08, 2003 5:53 pm
by glennn3
thanks much.
Posted: Sat Nov 08, 2003 6:09 pm
by glennn3
yeah, i just did this :
if ( ! isset($HTTP_COOKIE_VARS['username'])) {
print("<script language=\"javascript\">
top.location=\"login.php\";
</script>");
}
cookie stays set until the browser is closed or a logout function, right?
thanks
Posted: Sat Nov 08, 2003 6:16 pm
by SBukoski
Cookies stay set until the specified time expires. You're thinking of Sessions which expire when the browser window closes. But yes, in your logout function you can delete the cookie by setting its expirey time to something in the past.
cookies
Posted: Sun Nov 09, 2003 1:10 pm
by shadow_blade47
there a way of setting a cookie so it deletes itself when the browser is closed? cheers...
and also, I'm trying to put the following code at the top of each page to check to make sure a cookie has been set, if it hasn't i want it to send the user to my access denied page.
if ( ! isset($HTTP_COOKIE_VARS['user_name'])) {
print("<script language=\"javascript\">
top.location=\"accessdenied.php\";
</script>");
}
Is that right? or am i checking that the cookie isn't set there?
Posted: Sun Nov 09, 2003 1:42 pm
by d3ad1ysp0rk
if you want something to store the variables until the user closes the window, use sessions
cookies are for long term things, like if the user wants to stay logged in even when they return to the site next week
right -
Posted: Sun Nov 09, 2003 1:47 pm
by glennn3
right - this >>
" if (!isset( ..."
is checking that the cookie is not set... vice " if (isset( ..."
this >>
" setcookie('username', $username, time()+(60*60*24*30), '/', '', 0); "
seems to set a cookie that dies when i close my browser, because when i reopen it i have to login back in. someone in here who knows more than me can confirm or deny this...
Posted: Mon Nov 10, 2003 5:02 am
by JAM
It should not, as you pass on the lifetime value.
Lookup session_start() and go from there. Sessions works as cookies, but will surely be destroyed upon browser closedown.
Posted: Mon Nov 10, 2003 7:56 am
by glennn3
one of the things i love most about these things (computers) is the distinct and established segregated relationship between the words "should" (or "should not") and "do" (or "do not")...
what should not be happening in fact often does. for whatever reason, when i close and reopen my browser i am indeed forced to relogin here, whether i should have to or not.
also, i find that when this is the case ("should" being bested by "is") it is INVARIABLY something i've overlooked - these things simply do what they're told, don't they?
don't they...?
HAL?
HAL...........?
Posted: Mon Nov 10, 2003 10:43 am
by JAM
Then note the fun thing about being a programmer, trying to help others with issues...;
You cannot everytime test the code the user has an issue with.
You can have 14 settings in the php.ini file that I have differently. Then there is the way you setup Apache (if using Apache at all?), then the issue of extensions thats being loaded etc. etc. aso.
Hence the "should"-word often mentioned. In this case "should" is a very correct statement, as there are ways to kill the cookie on browser closing time (just as sessions), altho that is settings configuration.
What does HAL mean?
Posted: Mon Nov 10, 2003 10:55 am
by glennn3
HAL (note one letter offset of IBM...) was the name of the computer in the 1960's very famous film "2001: A Space Oddity" (written by Arthur C Clark, i think) that maintained its own intellect and decision making processes, whereby it ended up manipulating a few of the men on board the space-craft. It had some very philosphical discussions with some of the men; very good film, written in the 60's, remember, when computers were the size of small space-craft.
I know little about php, enough to cut and paste, and all i know is when i close my browser i have to log back in - that's why i qualified my comments with the fact that invariably it is user config because these machines only do what we tell them to.
except for HAL...
i have a post about my problems getting
http://localhost to give me anything after installing apache on winxp i wonder if you'd help me with... it's quite frustrating because it says my services are running fine...
thanks
Posted: Tue Nov 11, 2003 2:43 am
by twigletmac
2001: A Space Oddity
Apologies for going completely OT, but it's '2001: A Space Odyssey'

(great book by the way).
Mac