Page 1 of 1

setting PHP cookies

Posted: Wed Dec 24, 2003 11:39 pm
by brycesteinhoff
Alright. So I've been developing this site and the authentication code sets a cookie. Easy enough. Anyway, the cookie works perfectly fine on my development server, but when transfered to another, separately-owned server, the cookie just doesn't set. The script is getting to the if statement that has the setcookie() function in it. Identical scripts on both servers. Here is the code:

function admin_login($db)
{
//attempt to login. returns false if invalid and true if correct.

$query = "SELECT * FROM users WHERE username = '".$_POST['username']."'";
$result = mysql_query($query, $db);
$row = mysql_fetch_array($result);

if ($row['password'] == (encrypt($_POST['password']))) {
setcookie( "auth", "1", time()-24*60, "/");
list_admin($db,'');
} else {
setcookie( "auth", "NULL", time()-24*60, "/");
login_check($db);
}
}

Remember that this code works fine on one server and not the other. I really doubt that it's a code problem. Is there something that has to be configured on the server in order to set cookies via PHP? Any advice would be very much appreciated.

Thanks. Bryce.

Posted: Thu Dec 25, 2003 12:41 am
by volka
this second server runs at a different domain?

Posted: Thu Dec 25, 2003 2:44 am
by m3mn0n
It's a good idea to trim the data being sent, before you compare it with a result in a database.

What if someone inserts "mike " instead of "mike"? Problems can occur without [php_man]trim[/php_man]().

domain

Posted: Thu Dec 25, 2003 12:18 pm
by brycesteinhoff
Yes, the server runs on a different domain, but I didn't include the domain at all in the set cookie function, so it shouldn't matter. As far as trim() is concerned, it really doesn't bother me. The group that will be logging in using this auth code is small and I can communicate with them easily. I know that I am typing things in right during trials.

It's wierd... it sets on my server, but not the other. THe other wierd thing is that I am using an identical setcookie line on another site on the same server. Is there anything that has to be setup with the virtual host on Apache? Something that can be disabled? I'm clueless.

Posted: Thu Dec 25, 2003 3:15 pm
by volka
nevertheless the browser does not send all cookies to any server.
With the domain parameter of setcookie you can only ease restrictions within the domain-check but not disable it completely. E.g. a cookie set here can send the domain-mask devnetwork.net but not php.net or <every server>. If the domain-mask is not send the domain-name of the source of the cookie is set as mask.
As mentioned in the setcookie manual this mechanism is described in rfc 2965

Posted: Thu Dec 25, 2003 11:59 pm
by brycesteinhoff
I tried putting the domain into the set cookie function. Why would it set (without the domain parameter) on one server and not on another? It is supposed to set with the domain of the server from which it orginates, which it does on one server, but doesn't work at all on the other.

Posted: Fri Dec 26, 2003 5:12 am
by volka
oops, I misunderstood the problem... sorry.

what happens if you change your function admin_login to

Code: Select all

function admin_login($db)
{
	error_reporting(E_ALL);  // ony for
	ini_set('display_errors', TRUE);  // debugging
 ...
}
?

Posted: Fri Dec 26, 2003 11:22 pm
by brycesteinhoff
I already have error reporting on the whole file. No errors whatsoever. It's weird.