Page 1 of 1
quick cookies question
Posted: Tue Sep 13, 2005 12:18 pm
by $var
can you accept more than one cookie? say i have different user access levels, and 2 of 3 can see a specific page... can I do this?
<? ob_start();?>
<? if($_COOKIE["ID1","ID2"] == "")
{
header("Location:
http://www.domain.com/login.php");
exit;
}?>
Re: quick cookies question
Posted: Tue Sep 13, 2005 12:21 pm
by infolock
$var wrote:can you accept more than one cookie? say i have different user access levels, and 2 of 3 can see a specific page... can I do this?
<? ob_start();?>
<? if($_COOKIE["ID1","ID2"] == "")
{
header("Location:
http://www.domain.com/login.php");
exit;
}?>
yeah, but you'd have to do it this way :
Code: Select all
<? if($_COOKIE["ID1"] == "" && $_COOKIE["ID2"] == "") {
header("Location: http://www.domain.com/login.php");
exit;
}
?>
although a better method would be :
Code: Select all
<?
//didn't know if you were checking AND or OR, so here is both...
//if(isset($_COOKIE["ID1"]) || isset($_COOKIE["ID2"])) {
if(isset($_COOKIE["ID1"]) && isset($_COOKIE["ID2"])) {
header("Location: http://www.domain.com/login.php");
exit;
}
Posted: Tue Sep 13, 2005 12:32 pm
by josh
Like infolock said, yes you can accept multiple cookies like that, but remember a user can edit a cookie with the intention of granting himself access... sessions might be the way to go.
Code: Select all
if ($_SESSION['id1'] && $_SESSION['id2'])
Posted: Tue Sep 13, 2005 1:29 pm
by $var
jshpro,
that's an interesting thing that I have never thought. so, how do you pass a session id?
this is how i am getting the cookie:
Code: Select all
setcookie ("ID", $accessresults["ID"]);
I know how to set the session save path:
Code: Select all
session_save_path("");
session_start;
However, that just sends the session info to a folder for safe keeping...
What do I do to get the session ID?
Posted: Tue Sep 13, 2005 1:46 pm
by josh
instead of setting values in the cookie, you just do this:
$_SESSION['id1'] = $id1;
$_SESSION['id2'] = $id2;
Make sure you either include session_start() on the top of every page, or turn session.auto_start to on in php.ini
Posted: Tue Sep 13, 2005 2:07 pm
by $var
can we start from the authentication page:
Code: Select all
$sql = "SELECT * FROM Members WHERE Name='".$_POST["name"]."' AND Password='".$_POST["password"]."' AND Access='1'";
if(!$result = mysql_query($sql))
{
echo mysql_error();
}
if(!($accessresults = mysql_fetch_array($result)))
{
$errmsg = "Please try again.";
}
else
{
setcookie ("ID", $accessresults["ID"]);
header("Location: http://www.thedomain.com/admin/salesaccess.php");
exit;
}
Posted: Tue Sep 13, 2005 2:31 pm
by josh
yup
Code: Select all
setcookie ("ID", $accessresults["ID"]);
is the line youll need to convert