setting PHP cookies

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
brycesteinhoff
Forum Newbie
Posts: 4
Joined: Wed Dec 24, 2003 11:39 pm

setting PHP cookies

Post by brycesteinhoff »

Alright. So I've been developing this site and the authentication code sets a cookie. Easy enough. Anyway, the cookie works perfectly fine on my development server, but when transfered to another, separately-owned server, the cookie just doesn't set. The script is getting to the if statement that has the setcookie() function in it. Identical scripts on both servers. Here is the code:

function admin_login($db)
{
//attempt to login. returns false if invalid and true if correct.

$query = "SELECT * FROM users WHERE username = '".$_POST['username']."'";
$result = mysql_query($query, $db);
$row = mysql_fetch_array($result);

if ($row['password'] == (encrypt($_POST['password']))) {
setcookie( "auth", "1", time()-24*60, "/");
list_admin($db,'');
} else {
setcookie( "auth", "NULL", time()-24*60, "/");
login_check($db);
}
}

Remember that this code works fine on one server and not the other. I really doubt that it's a code problem. Is there something that has to be configured on the server in order to set cookies via PHP? Any advice would be very much appreciated.

Thanks. Bryce.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

this second server runs at a different domain?
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

It's a good idea to trim the data being sent, before you compare it with a result in a database.

What if someone inserts "mike " instead of "mike"? Problems can occur without [php_man]trim[/php_man]().
brycesteinhoff
Forum Newbie
Posts: 4
Joined: Wed Dec 24, 2003 11:39 pm

domain

Post by brycesteinhoff »

Yes, the server runs on a different domain, but I didn't include the domain at all in the set cookie function, so it shouldn't matter. As far as trim() is concerned, it really doesn't bother me. The group that will be logging in using this auth code is small and I can communicate with them easily. I know that I am typing things in right during trials.

It's wierd... it sets on my server, but not the other. THe other wierd thing is that I am using an identical setcookie line on another site on the same server. Is there anything that has to be setup with the virtual host on Apache? Something that can be disabled? I'm clueless.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

nevertheless the browser does not send all cookies to any server.
With the domain parameter of setcookie you can only ease restrictions within the domain-check but not disable it completely. E.g. a cookie set here can send the domain-mask devnetwork.net but not php.net or <every server>. If the domain-mask is not send the domain-name of the source of the cookie is set as mask.
As mentioned in the setcookie manual this mechanism is described in rfc 2965
brycesteinhoff
Forum Newbie
Posts: 4
Joined: Wed Dec 24, 2003 11:39 pm

Post by brycesteinhoff »

I tried putting the domain into the set cookie function. Why would it set (without the domain parameter) on one server and not on another? It is supposed to set with the domain of the server from which it orginates, which it does on one server, but doesn't work at all on the other.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

oops, I misunderstood the problem... sorry.

what happens if you change your function admin_login to

Code: Select all

function admin_login($db)
{
	error_reporting(E_ALL);  // ony for
	ini_set('display_errors', TRUE);  // debugging
 ...
}
?
brycesteinhoff
Forum Newbie
Posts: 4
Joined: Wed Dec 24, 2003 11:39 pm

Post by brycesteinhoff »

I already have error reporting on the whole file. No errors whatsoever. It's weird.
Post Reply