PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I have created a login feature on my site. I have another page that needs to use information that my login has stored in cookies. For some reason it is not working.
I am using the following to set cookies. It is part of a larger if.
<?php
if ($encryptedpassword == $passwordfromdb) {
//set our cookies for our future security checks
setcookie ("ck_username", "$username", time() 3600)
or die ("there are cookie issues");
setcookie ("ck_password", "$password", time() 3600)
or die ("there are cookie issues2");
setcookie ("ck_user_id", "$user_id", time() 3600)
or die ("there are cookie issues3");
?>
This is the code that i am using to get the variables from the cookies:
As far as i can tell the cookies are not getting set. I don't get any errors, i can't access the variables and i can't find the actual cookie file on my drive.
Anyone have any ideas on wher to go from here??
Are you calling the cookie ($_COOKIE['vb_username']) from the same page that you're sending the cookie, or another script? you have to refresh the browser in order to read the $_COOKIE subscript you need.
If I take the setcookie part out and put it in its own file it sets the cookie. So the setcookie part works for some reason it doesn't work in the page.
I have a login page that sets the cookie(which it doens't seem to be doing)and another page that looks for that cookie. I think my problem it in the page that sets the cookie.
<?php
switch ($action) {
case login:
process_login();
case logout:
//null out cookies at start of login routine
setcookie ("ck_username", "");
setcookie("ck_password", "");
setcookie("ck_user_id", "");
die();
}
function process_login() {
global $dbhost;
global $dbuser;
global $dbpassword;
global $db;
// define homepage and text variables
global $homepage;
global $homedir;
global $sysadminemail;
global $userstable;
//form vars
global $username;
global $password;
// Connecting, selecting database
$link = mysql_connect("$dbhost", "$dbuser", "$dbpassword")
or die("Could not connect");
mysql_select_db("$db")
or die("Could not select database");
//Check that the user exists in the db and if not, create an
// error page
$query = "SELECT user_id FROM users WHERE username='$username'";
$result = mysql_query($query)
or die("Query failed at userid retrieval stage.");
//test to see if the user has entered the username
// correctly
$num_rows = mysql_num_rows($result);
$row = mysql_fetch_array($result);
$user_id = $rowї0];
// first test -- did the username exist
if ($user_id != "") {
//this means that there was 1 result from the query so that
// username exists in the database
//now have to verify password. Basically same code.
$query = "SELECT password "
. " FROM users "
. " WHERE username='$username'";
$result = mysql_query($query)
or die("Query failed at userid retrieval stage.");
//Encrypt the password the user entered since our
// database stores it in encrypted fashion and we need to
// compare it this way
$encryptedpassword = md5($password);
$row = mysql_fetch_array($result);
//grab the password from the row array, 0th element
// since only 1 column selected
// have to use a variable $passwordfromdb so we don't
// overwrite our $password variable from the form var
$passwordfromdb = $rowї0];
if ($encryptedpassword == $passwordfromdb) {
//set our cookies for our future security checks
setcookie ("ck_username", $username, time() 3600)
or die ("there are cookie issues");
setcookie ("ck_password", $password, time() 3600)
or die ("there are cookie issues2");
setcookie ("ck_user_id", $user_id, time() 3600)
or die ("there are cookie issues3");
// Create our results page showing them they are logged in
print "<HTML>";
print "<HEAD>";
print "<TITLE>";
print "You're Logged In!";
print "</TITLE>";
print "<BODY>";
print "You're Logged In";
//This needs to have a link added of course
//If you wanted to automatically take them to the main screen
// then use the header function to redirect them
print "<a href='/login/upload/upload_form.php' target='_self'>Click Here to Continue</a>";
print "</BODY>";
print "</HTML>";
//close the database
// Closing connection
mysql_close($link);
}
else {
//passwords didn't match so make an error page
print "<HTML>";
print "<HEAD>";
print "<TITLE>";
print "Incorrect password";
print "</TITLE>";
print "<BODY>";
print "<CENTER>";
print "<B><CENTER>We're sorry but the password that you entered";
print "doesn't match with the one in our database.<BR>";
print "Press the back button to try again.";
print "</CENTER>";
print "</BODY>";
print "</HTML>";
// Closing connection
mysql_close($link);
}
}
else {
print "<HTML>";
print "<HEAD>";
print "<TITLE>";
print "Incorrect username";
print "</TITLE>";
print "<BODY>";
print "<CENTER>";
print "<B><CENTER>We're sorry but the username that you";
print "entered doesn't seem to exist in our database.<BR>";
print "Perhaps you entered it in error. Press the back button ";
print "to try again.";
}
}
?>
I don't know why the 's don't show up on here for the setcookie time() but they are in the code.
switch ($action) {
case login:
process_login();
case logout:
//null out cookies at start of login routine
setcookie ("ck_username", "");
setcookie("ck_password", "");
setcookie("ck_user_id", "");
die();
}
if (!empty($_POSTї'action'])) {
switch ($_POSTї'action']) {
case 'login':
process_login();
break;
case 'logout':
setcookie ('ck_username', '');
setcookie('ck_password', '');
setcookie('ck_user_id', '');
die();
default:
die('not a valid action');
}
} else {
die('no action defined');
}
You needed a break between the first and second case in the switch as otherwise the cookies would've been destroyed because the logout would have been performed immediately after the login. http://www.php.net/manual/en/control-st ... switch.php