Page 1 of 1

quick cookies question

Posted: Tue Sep 13, 2005 12:18 pm
by $var
can you accept more than one cookie? say i have different user access levels, and 2 of 3 can see a specific page... can I do this?

<? ob_start();?>

<? if($_COOKIE["ID1","ID2"] == "")
{
header("Location: http://www.domain.com/login.php");
exit;
}?>

Re: quick cookies question

Posted: Tue Sep 13, 2005 12:21 pm
by infolock
$var wrote:can you accept more than one cookie? say i have different user access levels, and 2 of 3 can see a specific page... can I do this?

<? ob_start();?>

<? if($_COOKIE["ID1","ID2"] == "")
{
header("Location: http://www.domain.com/login.php");
exit;
}?>
yeah, but you'd have to do it this way :

Code: Select all

<? if($_COOKIE["ID1"] == "" && $_COOKIE["ID2"] == "") {
	header("Location: http://www.domain.com/login.php");
	exit;
}
?>
although a better method would be :

Code: Select all

<?
   //didn't know if you were checking AND or OR, so here is both...
  //if(isset($_COOKIE["ID1"]) || isset($_COOKIE["ID2"])) {
  if(isset($_COOKIE["ID1"]) && isset($_COOKIE["ID2"])) {
	header("Location: http://www.domain.com/login.php");
	exit;
}

Posted: Tue Sep 13, 2005 12:32 pm
by josh
Like infolock said, yes you can accept multiple cookies like that, but remember a user can edit a cookie with the intention of granting himself access... sessions might be the way to go.

Code: Select all

if ($_SESSION['id1'] && $_SESSION['id2'])

Posted: Tue Sep 13, 2005 1:29 pm
by $var
jshpro,

that's an interesting thing that I have never thought. so, how do you pass a session id?
this is how i am getting the cookie:

Code: Select all

setcookie ("ID", $accessresults["ID"]);
I know how to set the session save path:

Code: Select all

session_save_path("");
	session_start;
However, that just sends the session info to a folder for safe keeping...
What do I do to get the session ID?

Posted: Tue Sep 13, 2005 1:46 pm
by josh
instead of setting values in the cookie, you just do this:


$_SESSION['id1'] = $id1;
$_SESSION['id2'] = $id2;


Make sure you either include session_start() on the top of every page, or turn session.auto_start to on in php.ini

Posted: Tue Sep 13, 2005 2:07 pm
by $var
can we start from the authentication page:

Code: Select all

$sql = "SELECT * FROM Members WHERE Name='".$_POST["name"]."' AND Password='".$_POST["password"]."' AND Access='1'";
		if(!$result = mysql_query($sql))
		{
			echo mysql_error();
		}
	if(!($accessresults = mysql_fetch_array($result)))
	{
		$errmsg = "Please try again.";
	}
	else
	{
		setcookie ("ID", $accessresults["ID"]);
         	header("Location: http://www.thedomain.com/admin/salesaccess.php");
		exit;
	}

Posted: Tue Sep 13, 2005 2:31 pm
by josh
yup

Code: Select all

setcookie ("ID", $accessresults["ID"]);
is the line youll need to convert