Error with cookie
Posted: Wed Apr 19, 2006 1:24 am
There seems to be an issue with my cookie when a user has closed out of a browser windows instead of logging out before hand. Basically, here is my login script to set the cookie:
About 3/4 of the way down is where the cookie is set. Now, it works all fine througout the system while the user is still on the website. At the top of the page, it displays "Welcome, tristanlee85. [ logout ]" If I close out of the browser completely, open it, and go back to the site, it then says "Welcome, . [ logout ]"
Here is the script to check whether the user is logged in or not, and if so, display the "Welcome" text.
And here is my script to expire the cookie (log the user out):
What do I need to change to fix my issue?
Code: Select all
<?php
// expire cookie
setcookie ("loggedin", "", time() - 3600);
include("include.php");
// connect to the mysql server
$link = mysql_connect($server, $username, $password)
or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());
switch($_GET['action'])
{
case "newpass":
$user = $_POST['user'];
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("fedex_username", "$user");
include("cookie.php");
$pass = $_POST['password'];//get password from form
$pass2 = $_POST['password2'];//get password2 from form
//USER AND PASSWORD LENGTH CHECK
$min_length = 6; //this value is the minimal length that we desire our passwords
//to be if the username or the password is shorter than 6 chars the user is sent
//to a previously prepared custom error page
echo "<div align=\"center\">";
if(strlen($pass) < $min_length)
{
echo "Sorry, but your password is less than $min_length characters.<br>";
echo "<a href=\"javascript: history.go(-1);\">Try again</a>";
die();
}
if (($pass)!=($pass2)) //if the values stored in the 2 variables are
//different we redirect the users to a previously created error page
{
echo "Sorry, but your passwords do not match.<br>";
echo "<a href=\"javascript: history.go(-1);\">Try again</a>";
die();
}
$query = "UPDATE members SET password = '".md5($_POST['password'])."' WHERE user = '$fedex_username'";
mysql_query($query);
echo "<meta http-equiv=\"refresh\" content=\"3;URL=/fedex1/\"><base target=\"_parent\">Thank you for updating your password. You will be redirected to the main page.";
echo "</div>";
die();
break;
}
$pass = md5($_POST['password']);
$temp_pass = md5("fedexeval1");
$match = "select id from members where user = '".$_POST['user']."'
and password = '".md5($_POST['password'])."';";
$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows <= 0) {
echo "<div align=\"center\">";
echo "Sorry, there is no username \"$user\" with the specified password. Please check your information.<br>";
echo "<a href=\"javascript: history.go(-1);\">Try again</a>";
echo "</div>";
exit;
} else {
//**********************************************************************
//Set the cookie
//**********************************************************************
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("fedex_username", "$user");
if ($pass == $temp_pass)
{
echo "<div align=\"center\">";
echo "You are now logged in, <b>$user</b>, but you are required to change your password.<br><form action=\"user_login.php?action=newpass\" method=\"POST\"><table align=\"center\" width=\"30%\"><tr>
<td>Password<br>(6 - 12 characters):</td>
<td><input type=\"hidden\" name=\"user\" value=\"$user\"><input type=\"password\" name=\"password\" size=\"20\"></td>
</tr>
<tr>
<td>Re-enter password:</td>
<td><input type=\"password\" name=\"password2\" size=\"20\"></td>
</tr>
<tr align=\"center\">
<td colspan=\"2\"><input type=\"submit\" value=\"Update\"></td>
</tr></table></form><br>";
echo "</div/>";
}
else
{
echo "<div align=\"center\">";
echo "<meta http-equiv=\"refresh\" content=\"2;URL=javascript:window.open('/fedex1/','_parent');\">Thank you for logging in, $user! Please wait...<br>";
echo "</div>";
}
}
//echo "</div>";
?>Here is the script to check whether the user is logged in or not, and if so, display the "Welcome" text.
Code: Select all
<?php
$fedex_username = $HTTP_COOKIE_VARS["fedex_username"];
if (!isset($_COOKIE['loggedin']))
{
echo "";
}
else
{
echo "<td align=\"center\"><font color=\"00cc00\">[</font><a href=\"roster.php\" target=\"main\">Manage Employee Roster</a><font color=\"00cc00\">]</font> | <font color=\"00cc00\">[</font><a href=\"add_eval.php\" target=\"main\">Submit Evaluations</a><font color=\"00cc00\">]</font> | <font color=\"00cc00\">[</font><a href=\"view_eval.php\" target=\"_new\">View Evaluations</a><font color=\"00cc00\">]</font> | <font color=\"00cc00\">[</font><a href=\"tools.php\" target=\"main\">Database Tools</a><font color=\"00cc00\">]</font></td></tr><tr><td colspan=\"2\" align=\"left\">Welcome, $fedex_username. [ <a href=\"logout.php\" target=\"_parent\">logout</a> ]";
}
?>Code: Select all
<?php
// expire cookie
setcookie ("loggedin", "", time() - 3600);
$user = $_POST['user'];
echo "<meta http-equiv=\"refresh\" content=\"2;URL=javascript:window.open('/fedex1/','_parent');\">Logging <b>$user</b> out of the system...";
?>