Error with cookie

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tristanlee85
Forum Contributor
Posts: 172
Joined: Fri Dec 19, 2003 7:28 am

Error with cookie

Post by tristanlee85 »

There seems to be an issue with my cookie when a user has closed out of a browser windows instead of logging out before hand. Basically, here is my login script to set the cookie:

Code: Select all

<?php
// expire cookie
setcookie ("loggedin", "", time() - 3600);

include("include.php"); 

// connect to the mysql server
$link = mysql_connect($server, $username, $password)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

switch($_GET['action'])
{
   case "newpass":
   $user = $_POST['user'];
   setcookie("loggedin", "TRUE", time()+(3600 * 24));
   setcookie("fedex_username", "$user");
   
   include("cookie.php");
   $pass = $_POST['password'];//get password from form
   $pass2 = $_POST['password2'];//get password2 from form
   
   //USER AND PASSWORD LENGTH CHECK
   $min_length = 6; //this value is the minimal length that we desire our passwords 
   //to be if the username or the password is shorter than 6 chars the user is sent 
   //to a previously prepared custom error page
echo "<div align=\"center\">";
if(strlen($pass) < $min_length)
{
    echo "Sorry, but your password is less than $min_length characters.<br>";
    echo "<a href=\"javascript: history.go(-1);\">Try again</a>";
    die();
}
   if (($pass)!=($pass2)) //if the values stored in the 2 variables are 
//different we redirect the users to a previously created error page
{
    echo "Sorry, but your passwords do not match.<br>";
    echo "<a href=\"javascript: history.go(-1);\">Try again</a>";
    die();
}
   $query = "UPDATE members SET password = '".md5($_POST['password'])."' WHERE user = '$fedex_username'";
   mysql_query($query);
   echo "<meta http-equiv=\"refresh\" content=\"3;URL=/fedex1/\"><base target=\"_parent\">Thank you for updating your password. You will be redirected to the main page.";
   echo "</div>";
   die();
   break;
}

$pass = md5($_POST['password']);
$temp_pass = md5("fedexeval1");

$match = "select id from members where user = '".$_POST['user']."'
and password = '".md5($_POST['password'])."';"; 

$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry); 

if ($num_rows <= 0) { 
echo "<div align=\"center\">";
echo "Sorry, there is no username \"$user\" with the specified password. Please check your information.<br>";
echo "<a href=\"javascript: history.go(-1);\">Try again</a>";
echo "</div>";
exit; 
} else {

//**********************************************************************
//Set the cookie
//**********************************************************************
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("fedex_username", "$user");
if ($pass == $temp_pass)
{
	echo "<div align=\"center\">";
	echo "You are now logged in, <b>$user</b>, but you are required to change your password.<br><form action=\"user_login.php?action=newpass\" method=\"POST\"><table align=\"center\" width=\"30%\"><tr>
<td>Password<br>(6 - 12 characters):</td>
<td><input type=\"hidden\" name=\"user\" value=\"$user\"><input type=\"password\" name=\"password\" size=\"20\"></td>
</tr>
<tr>
<td>Re-enter password:</td>
<td><input type=\"password\" name=\"password2\" size=\"20\"></td>
</tr>
<tr align=\"center\">
<td colspan=\"2\"><input type=\"submit\" value=\"Update\"></td>
</tr></table></form><br>";
echo "</div/>";
}

else
{
echo "<div align=\"center\">";
echo "<meta http-equiv=\"refresh\" content=\"2;URL=javascript:window.open('/fedex1/','_parent');\">Thank you for logging in, $user! Please wait...<br>";
echo "</div>";
}
}
//echo "</div>";
?>
About 3/4 of the way down is where the cookie is set. Now, it works all fine througout the system while the user is still on the website. At the top of the page, it displays "Welcome, tristanlee85. [ logout ]" If I close out of the browser completely, open it, and go back to the site, it then says "Welcome, . [ logout ]"

Here is the script to check whether the user is logged in or not, and if so, display the "Welcome" text.

Code: Select all

<?php
$fedex_username = $HTTP_COOKIE_VARS["fedex_username"];
if (!isset($_COOKIE['loggedin']))
	{
	echo "";
	}
	else
	{
	echo "<td align=\"center\"><font color=\"00cc00\">[</font><a href=\"roster.php\" target=\"main\">Manage Employee Roster</a><font color=\"00cc00\">]</font> | <font color=\"00cc00\">[</font><a href=\"add_eval.php\" target=\"main\">Submit Evaluations</a><font color=\"00cc00\">]</font> | <font color=\"00cc00\">[</font><a href=\"view_eval.php\" target=\"_new\">View Evaluations</a><font color=\"00cc00\">]</font> | <font color=\"00cc00\">[</font><a href=\"tools.php\" target=\"main\">Database Tools</a><font color=\"00cc00\">]</font></td></tr><tr><td colspan=\"2\" align=\"left\">Welcome, $fedex_username. [ <a href=\"logout.php\" target=\"_parent\">logout</a> ]";
	}
?>
And here is my script to expire the cookie (log the user out):

Code: Select all

<?php

// expire cookie
setcookie ("loggedin", "", time() - 3600);
$user = $_POST['user'];

echo "<meta http-equiv=\"refresh\" content=\"2;URL=javascript:window.open('/fedex1/','_parent');\">Logging <b>$user</b> out of the system...";

?>
What do I need to change to fix my issue?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I would suggest storing all that cookie data in a session. If the user closes the browser, they log out as the session data is destroyed on closing (unless you alter the expiration timestamp.)
tristanlee85
Forum Contributor
Posts: 172
Joined: Fri Dec 19, 2003 7:28 am

Post by tristanlee85 »

So would I need to remove my cookiecode all together and just use a session ID? I've never done session before, and I searched http://www.hotscripts.com for a few examples but I didn't find anything that would match my probem.
tristanlee85
Forum Contributor
Posts: 172
Joined: Fri Dec 19, 2003 7:28 am

Post by tristanlee85 »

Anyone? What I'm wanting to do is still use my cookie, but also a session so whenever the browser is closed, the cookie is expired.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

A cookie that dies when the browser is closed is a session (cookie.)
tristanlee85
Forum Contributor
Posts: 172
Joined: Fri Dec 19, 2003 7:28 am

Post by tristanlee85 »

Alright...so here is what I have right now.

When a user successfully logs in, this is executed:

Code: Select all

session_start();
$_SESSION['fedex_username'] = $user;
$user is the value of the username that the person used when logging in.

In all of my pages that require a login, I have an

Code: Select all

include'cookie.php';
and that file consists of this:

Code: Select all

session_start();
$fedex_username = $_SESSION['fedex_username'];
Now, it's signing me into my pages, but I get errors like this on every page with the include:

Code: Select all

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /opt/lampp/htdocs/fedex1/main.php:13) in /opt/lampp/htdocs/fedex1/cookie.php on line 3

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /opt/lampp/htdocs/fedex1/main.php:13) in /opt/lampp/htdocs/fedex1/cookie.php on line 3
I don't get it...
tristanlee85
Forum Contributor
Posts: 172
Joined: Fri Dec 19, 2003 7:28 am

Post by tristanlee85 »

Well appearantly session start as to be at the very very top. That was my problem. It seems to be working fine. I'm just wondering though, why do I see some website that have "?id=v5n4985v79n757n97n98v54" (<-- example) after them? I don't see mine with that.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

It's explained in http://www.php.net/session
Post Reply