Page 1 of 1

php cookie problem

Posted: Mon Oct 31, 2005 6:03 pm
by ice_downloads
Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


Hi everybody,

I have this script (welcome.php):

Code: Select all

<? 
session_start();
if(isset($_REQUEST['Submit'])) {
	if(isset($_REQUEST['checkbox'])) {
		setcookie('login', $_REQUEST['login'], mktime()+(86400*30));
		setcookie('pass', $_REQUEST['pass'], mktime()+(86400*30));
		setcookie('remember', "checked", mktime()+(86400*30));	
	} else {
    	setcookie("login", NULL, mktime() - 3600);
		setcookie("pass", NULL, mktime() - 3600);
		setcookie('remember', NULL, mktime()+(86400*30));	
	}
}?>
<html>
<head></head>
blah blah
Log in </u></h2>
<form action="welcome.php" method="post">
<p><strong>E-mail</strong>: &nbsp; &nbsp;
<input type="text" name="login" value="<? echo $_COOKIE["login"]?>" >
<br><strong>Password</strong>:
<input type="password" size=21 name="pass" value="<? echo $_COOKIE["pass"]?>">
<br>
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <span class="style3">Remember values</span>   
<input name="checkbox" type="checkbox" value="checkbox" <? echo $_COOKIE["remember"]?>>
</p>
<p>
<input name="Submit" type="Submit" value="Log in">
<span style="" lang="EN-US">&nbsp; &nbsp; &nbsp; &nbsp; <a href="forgot.php">Forgot</a> my password </span></p>
		    </form>
<?
include("../include/constants.php");
// only validate form when form is submitted
if(isset($_REQUEST['Submit'])){		  		
	$login=$_REQUEST['login'];
 	$pass=$_REQUEST['pass'];
 	$error_msg='';
	$empty="";
 	if(trim($login)=='') {
		$error_msg.="Write your e-mail address<br>";
	} else {
		// check if email is a valid address in this format username@domain.com
		if(!ereg("[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]", $login)) $error_msg.="Write your e-mail address in format login@domain.com<br>";
	}
	if(ereg("[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]", $login)) {
		mysql_connect(DB_SERVER,DB_USER,DB_PASS);
 		@mysql_select_db(DB_NAME) or die( "Unable to select database"); 
 		$q = "SELECT id FROM users WHERE email = '$login'";
		$result = mysql_query($q);	
		if(mysql_numrows($result) < 1) {
			$error_msg.="$login does not exist in the users database, please enter a registered e-mail address, or register one.";
		}
	}
	if($error_msg==''){
		  mysql_connect(DB_SERVER,DB_USER,DB_PASS);
       	             @mysql_select_db(DB_NAME) or die( "Unable to select database"); 
		  $q = "SELECT pass FROM users WHERE email = '$login'";
		  mysql_query($q);
		  $result = mysql_query($q);
		  if (md5($pass) == mysql_result($result,0,"pass")) {
		  		$_SESSION['login'] = $login;
		  		?> <META HTTP-EQUIV="Refresh" CONTENT="0; URL=login.php"> <? 
				
		  } else {
		  		?> <strong> <? echo "<font color=red>Wrong password!</font>"; ?> </strong> <?
		  } 
     } else {
			  	?> <strong> <? echo "<font color=red>$error_msg</font>"; ?> </strong> <?
	 }
}?>&nbsp;</p>
      </div>
      <div align="right"><br>
      </div>
</div>
</body>
</html>
Sorry for pasting all this code, but it's been driving me crazy for a few days.
Everything works fine, the way i want it. If you select remember values, a cookie is created and every visit, values are filled automatically. When deselected, cookie is deleted and next time values must be entered manually. Also its fine that if by any chance refresh is pressed, or another page is visited and then going back to welcome page, values are preserved and entered if cookie exists.
The only problem is, that when cookie is created, on next visit,values are filled, but if user wants to change them, it will still login with old values. Even if i clear the login box, no mistake is detected, and login is made with original values from cookie.
Can anyone suggest me what am I doing wrong and how to fix it without loosing any of the features i described above?

Thanks in advance, and compliments to phpBB group by the newest member.
Icy.


Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Posted: Mon Oct 31, 2005 6:10 pm
by John Cartwright
If you are setting/modifying a cookie it will take a page reload before the effects take place, not on the current page load where the cookies are set.

Edit | Sorry I think I misunderstood, are you saying that you are unable to modify the cookies? I may still be out of the ballpark, please clarify.

Posted: Mon Oct 31, 2005 6:20 pm
by ice_downloads
Sorry for inappropriate pasting of the code.

I am not sure where the problem is. If I login succesfully, with the remember me option, a cookie is set. Next time the page is visited, values are filled auto..When i try to change these values, and press the login button, login is still done succesfully with the values from the cookie, even though i changed them to some new ones.

Actually a cookie is set either way, even if login data were wrong, i just found out :-(