Page 1 of 1

Problems with cookie info

Posted: Mon Oct 28, 2002 2:46 pm
by sublevel4
I have created a login feature on my site. I have another page that needs to use information that my login has stored in cookies. For some reason it is not working.
I am using the following to set cookies. It is part of a larger if.

Code: Select all

<?php
if ($encryptedpassword == $passwordfromdb) { 
                //set our cookies for our future security checks 
                 setcookie ("ck_username", "$username", time() 3600)
				 	or die ("there are cookie issues"); 
                 setcookie	("ck_password", "$password", time() 3600)
				 	or die ("there are cookie issues2"); 
                 setcookie	("ck_user_id", "$user_id", time() 3600)
				 	or die ("there are cookie issues3");
?>

This is the code that i am using to get the variables from the cookies:

Code: Select all

<?php
echo $_COOKIEї'ck_username'];
echo $_COOKIEї'username'];
?>
As far as i can tell the cookies are not getting set. I don't get any errors, i can't access the variables and i can't find the actual cookie file on my drive.
Anyone have any ideas on wher to go from here??

Posted: Mon Oct 28, 2002 4:51 pm
by volka
time() 3600
typo here on the board or parse error in script?

Posted: Mon Oct 28, 2002 5:10 pm
by m3mn0n
yea

time("3600");

...i think would be better...

8)

Posted: Mon Oct 28, 2002 6:39 pm
by volka
no, it's a board-error
time() 3600
and I certainly didn't forget to type the plus between time() and 3600
:?

Posted: Mon Oct 28, 2002 11:51 pm
by sam
First some background:

Are you calling the cookie ($_COOKIE['vb_username']) from the same page that you're sending the cookie, or another script? you have to refresh the browser in order to read the $_COOKIE subscript you need.

Posted: Tue Oct 29, 2002 1:33 am
by Takuma
Try using $HTTP_COOKIE_VARS

Posted: Tue Oct 29, 2002 7:45 am
by sublevel4
If I take the setcookie part out and put it in its own file it sets the cookie. So the setcookie part works for some reason it doesn't work in the page.
I have a login page that sets the cookie(which it doens't seem to be doing)and another page that looks for that cookie. I think my problem it in the page that sets the cookie.

Code: Select all

<?php
switch ($action) { 
        case login: 
            process_login(); 
            
        case logout: 
            //null out cookies at start of login routine 
            setcookie ("ck_username", ""); 
            setcookie("ck_password", ""); 
            setcookie("ck_user_id", ""); 
            die(); 
    } 

    function process_login() { 
        global $dbhost; 
        global $dbuser; 
        global $dbpassword; 
        global $db; 

        // define homepage and text variables 
        global $homepage; 
        global $homedir; 
        global $sysadminemail; 
        global $userstable; 

        //form vars 
        global $username; 
        global $password; 

        // Connecting, selecting database 
        $link = mysql_connect("$dbhost", "$dbuser", "$dbpassword") 
            or die("Could not connect"); 

        mysql_select_db("$db") 
            or die("Could not select database"); 

        //Check that the user exists in the db and if not, create an 
        // error page 
		
        $query = "SELECT user_id FROM users WHERE username='$username'"; 
        $result = mysql_query($query)
			or die("Query failed at userid retrieval stage."); 

        //test to see if the user has entered the username 
        // correctly 
        $num_rows = mysql_num_rows($result); 
        $row = mysql_fetch_array($result); 
        $user_id = $rowї0]; 

        // first test -- did the username exist 
        if ($user_id != "") { 
            //this means that there was 1 result from the query so that 
            // username exists in the database 

            //now have to verify password. Basically same code. 

            $query = "SELECT password " 
            . " FROM users " 
            . " WHERE username='$username'"; 

            $result = mysql_query($query) 
                or die("Query failed at userid retrieval stage."); 

            //Encrypt the password the user entered since our 
            // database stores it in encrypted fashion and we need to 
            // compare it this way 
             $encryptedpassword = md5($password); 

             $row = mysql_fetch_array($result); 

            //grab the password from the row array, 0th element 
            // since only 1 column selected 
            // have to use a variable $passwordfromdb so we don't 
            // overwrite our $password variable from the form var 
            $passwordfromdb = $rowї0]; 

            if ($encryptedpassword == $passwordfromdb) { 
                //set our cookies for our future security checks 
                 setcookie ("ck_username", $username, time() 3600)
				 	or die ("there are cookie issues"); 
                 setcookie	("ck_password", $password, time() 3600)
				 	or die ("there are cookie issues2"); 
                 setcookie	("ck_user_id", $user_id, time() 3600)
				 	or die ("there are cookie issues3"); 

                // Create our results page showing them they are logged in 
                 print "<HTML>"; 
                 print "<HEAD>"; 
                 print "<TITLE>"; 
                 print "You're Logged In!";
				 print "</TITLE>"; 
                 print "<BODY>"; 
                 print "You're Logged In"; 
				//This needs to have a link added of course 
                //If you wanted to automatically take them to the main screen 
                // then use the header function to redirect them 
                 print "<a href='/login/upload/upload_form.php' target='_self'>Click Here to Continue</a>"; 
                 print "</BODY>"; 
                 print "</HTML>"; 

                //close the database 
                // Closing connection 
                mysql_close($link); 
            } 
            else { 
                //passwords didn't match so make an error page 
                print "<HTML>"; 
                print "<HEAD>"; 
                print "<TITLE>"; 
                print "Incorrect password"; 
                print "</TITLE>"; 
                print "<BODY>"; 
                print "<CENTER>"; 
                print "<B><CENTER>We're sorry but the password that you entered"; 
                print "doesn't match with the one in our database.<BR>"; 
                print "Press the back button to try again."; 
                print "</CENTER>"; 
                print "</BODY>"; 
                print "</HTML>"; 

                // Closing connection 
                 mysql_close($link); 
            } 
        } 
        else {
			print "<HTML>"; 
            print "<HEAD>"; 
            print "<TITLE>"; 
            print "Incorrect username"; 
            print "</TITLE>"; 
            print "<BODY>"; 
            print "<CENTER>"; 
            print "<B><CENTER>We're sorry but the username that you"; 
            print "entered doesn't seem to exist in our database.<BR>"; 
            print "Perhaps you entered it in error. Press the back button "; 
            print "to try again."; 
            
        } 
    } 

?>
I don't know why the 's don't show up on here for the setcookie time() but they are in the code.

Posted: Tue Oct 29, 2002 7:59 am
by twigletmac
Where does $action come from? Assuming that it is set by the form you should probably change your switch statement from:

Code: Select all

switch ($action) {  
        case login:  
            process_login();  
             
        case logout:  
            //null out cookies at start of login routine 
            setcookie ("ck_username", "");  
            setcookie("ck_password", "");  
            setcookie("ck_user_id", "");  
            die();  
    }
to something like:

Code: Select all

if (!empty($_POSTї'action'])) {
    switch ($_POSTї'action']) {
        case 'login':
            process_login();
            break;
        case 'logout':
            setcookie ('ck_username', '');
            setcookie('ck_password', '');
            setcookie('ck_user_id', '');
            die();
        default:
            die('not a valid action');
     }
} else {
    die('no action defined');
}
You needed a break between the first and second case in the switch as otherwise the cookies would've been destroyed because the logout would have been performed immediately after the login.
http://www.php.net/manual/en/control-st ... switch.php

Also have a read of this sticky -> viewtopic.php?t=511

Mac

Thank you

Posted: Tue Oct 29, 2002 8:40 am
by sublevel4
twigletmac thank you. It was the break; that i was missing. I had everything referanced right and now it all works.