Problems with cookie info

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
sublevel4
Forum Commoner
Posts: 33
Joined: Wed May 29, 2002 2:14 pm
Contact:

Problems with cookie info

Post by sublevel4 »

I have created a login feature on my site. I have another page that needs to use information that my login has stored in cookies. For some reason it is not working.
I am using the following to set cookies. It is part of a larger if.

Code: Select all

<?php
if ($encryptedpassword == $passwordfromdb) { 
                //set our cookies for our future security checks 
                 setcookie ("ck_username", "$username", time() 3600)
				 	or die ("there are cookie issues"); 
                 setcookie	("ck_password", "$password", time() 3600)
				 	or die ("there are cookie issues2"); 
                 setcookie	("ck_user_id", "$user_id", time() 3600)
				 	or die ("there are cookie issues3");
?>

This is the code that i am using to get the variables from the cookies:

Code: Select all

<?php
echo $_COOKIEї'ck_username'];
echo $_COOKIEї'username'];
?>
As far as i can tell the cookies are not getting set. I don't get any errors, i can't access the variables and i can't find the actual cookie file on my drive.
Anyone have any ideas on wher to go from here??
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

time() 3600
typo here on the board or parse error in script?
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

yea

time("3600");

...i think would be better...

8)
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

no, it's a board-error
time() 3600
and I certainly didn't forget to type the plus between time() and 3600
:?
User avatar
sam
Forum Contributor
Posts: 217
Joined: Thu Apr 18, 2002 11:11 pm
Location: Northern California
Contact:

Post by sam »

First some background:

Are you calling the cookie ($_COOKIE['vb_username']) from the same page that you're sending the cookie, or another script? you have to refresh the browser in order to read the $_COOKIE subscript you need.
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

Try using $HTTP_COOKIE_VARS
sublevel4
Forum Commoner
Posts: 33
Joined: Wed May 29, 2002 2:14 pm
Contact:

Post by sublevel4 »

If I take the setcookie part out and put it in its own file it sets the cookie. So the setcookie part works for some reason it doesn't work in the page.
I have a login page that sets the cookie(which it doens't seem to be doing)and another page that looks for that cookie. I think my problem it in the page that sets the cookie.

Code: Select all

<?php
switch ($action) { 
        case login: 
            process_login(); 
            
        case logout: 
            //null out cookies at start of login routine 
            setcookie ("ck_username", ""); 
            setcookie("ck_password", ""); 
            setcookie("ck_user_id", ""); 
            die(); 
    } 

    function process_login() { 
        global $dbhost; 
        global $dbuser; 
        global $dbpassword; 
        global $db; 

        // define homepage and text variables 
        global $homepage; 
        global $homedir; 
        global $sysadminemail; 
        global $userstable; 

        //form vars 
        global $username; 
        global $password; 

        // Connecting, selecting database 
        $link = mysql_connect("$dbhost", "$dbuser", "$dbpassword") 
            or die("Could not connect"); 

        mysql_select_db("$db") 
            or die("Could not select database"); 

        //Check that the user exists in the db and if not, create an 
        // error page 
		
        $query = "SELECT user_id FROM users WHERE username='$username'"; 
        $result = mysql_query($query)
			or die("Query failed at userid retrieval stage."); 

        //test to see if the user has entered the username 
        // correctly 
        $num_rows = mysql_num_rows($result); 
        $row = mysql_fetch_array($result); 
        $user_id = $rowї0]; 

        // first test -- did the username exist 
        if ($user_id != "") { 
            //this means that there was 1 result from the query so that 
            // username exists in the database 

            //now have to verify password. Basically same code. 

            $query = "SELECT password " 
            . " FROM users " 
            . " WHERE username='$username'"; 

            $result = mysql_query($query) 
                or die("Query failed at userid retrieval stage."); 

            //Encrypt the password the user entered since our 
            // database stores it in encrypted fashion and we need to 
            // compare it this way 
             $encryptedpassword = md5($password); 

             $row = mysql_fetch_array($result); 

            //grab the password from the row array, 0th element 
            // since only 1 column selected 
            // have to use a variable $passwordfromdb so we don't 
            // overwrite our $password variable from the form var 
            $passwordfromdb = $rowї0]; 

            if ($encryptedpassword == $passwordfromdb) { 
                //set our cookies for our future security checks 
                 setcookie ("ck_username", $username, time() 3600)
				 	or die ("there are cookie issues"); 
                 setcookie	("ck_password", $password, time() 3600)
				 	or die ("there are cookie issues2"); 
                 setcookie	("ck_user_id", $user_id, time() 3600)
				 	or die ("there are cookie issues3"); 

                // Create our results page showing them they are logged in 
                 print "<HTML>"; 
                 print "<HEAD>"; 
                 print "<TITLE>"; 
                 print "You're Logged In!";
				 print "</TITLE>"; 
                 print "<BODY>"; 
                 print "You're Logged In"; 
				//This needs to have a link added of course 
                //If you wanted to automatically take them to the main screen 
                // then use the header function to redirect them 
                 print "<a href='/login/upload/upload_form.php' target='_self'>Click Here to Continue</a>"; 
                 print "</BODY>"; 
                 print "</HTML>"; 

                //close the database 
                // Closing connection 
                mysql_close($link); 
            } 
            else { 
                //passwords didn't match so make an error page 
                print "<HTML>"; 
                print "<HEAD>"; 
                print "<TITLE>"; 
                print "Incorrect password"; 
                print "</TITLE>"; 
                print "<BODY>"; 
                print "<CENTER>"; 
                print "<B><CENTER>We're sorry but the password that you entered"; 
                print "doesn't match with the one in our database.<BR>"; 
                print "Press the back button to try again."; 
                print "</CENTER>"; 
                print "</BODY>"; 
                print "</HTML>"; 

                // Closing connection 
                 mysql_close($link); 
            } 
        } 
        else {
			print "<HTML>"; 
            print "<HEAD>"; 
            print "<TITLE>"; 
            print "Incorrect username"; 
            print "</TITLE>"; 
            print "<BODY>"; 
            print "<CENTER>"; 
            print "<B><CENTER>We're sorry but the username that you"; 
            print "entered doesn't seem to exist in our database.<BR>"; 
            print "Perhaps you entered it in error. Press the back button "; 
            print "to try again."; 
            
        } 
    } 

?>
I don't know why the 's don't show up on here for the setcookie time() but they are in the code.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Where does $action come from? Assuming that it is set by the form you should probably change your switch statement from:

Code: Select all

switch ($action) {  
        case login:  
            process_login();  
             
        case logout:  
            //null out cookies at start of login routine 
            setcookie ("ck_username", "");  
            setcookie("ck_password", "");  
            setcookie("ck_user_id", "");  
            die();  
    }
to something like:

Code: Select all

if (!empty($_POSTї'action'])) {
    switch ($_POSTї'action']) {
        case 'login':
            process_login();
            break;
        case 'logout':
            setcookie ('ck_username', '');
            setcookie('ck_password', '');
            setcookie('ck_user_id', '');
            die();
        default:
            die('not a valid action');
     }
} else {
    die('no action defined');
}
You needed a break between the first and second case in the switch as otherwise the cookies would've been destroyed because the logout would have been performed immediately after the login.
http://www.php.net/manual/en/control-st ... switch.php

Also have a read of this sticky -> viewtopic.php?t=511

Mac
sublevel4
Forum Commoner
Posts: 33
Joined: Wed May 29, 2002 2:14 pm
Contact:

Thank you

Post by sublevel4 »

twigletmac thank you. It was the break; that i was missing. I had everything referanced right and now it all works.
Post Reply