[RESOLVED] Setting cookies

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

LuiePL
Forum Commoner
Posts: 40
Joined: Fri Aug 04, 2006 11:38 pm

[RESOLVED] Setting cookies

Post by LuiePL »

I've been trying to figure out how to use cookies, but nothing out there tells me the setup for putting everything in order in the code. This is what I have so far, but it doesn't work

Code: Select all

<?php
if ($_SERVER['REQUEST_METHOD'] == "POST") //If it was posted to set the cookie
	{
		$check = $_POST['set']; //The 'set' is if the user wants to be remembered
		if($check=='ON')
			{
				$name = $_POST['name'];
				$pass = md5($_POST['pass']);
				$cookie_data = $name.'-'.$pass;
				setcookie("user", $cookie_data); //No expiration
			}
		else
			{
				$name = $_POST['name'];
				$pass = md5($_POST['pass']);
				$cookie_data = $name.'-'.$pass;
				setcookie ("user", $cookie_data, time() + 3600); //Expire after 1 hour
			}
	}
echo "<HTML>";
echo "<HEAD>";
echo "<link rel='stylesheet' type='text/css' href='Style.css'>";
echo "<TITLE>Members Only</TITLE>";
require "header.php"; //Page with all the html code for the head and some body
require "body.php"; //Page with all the html code for the body up until:

----- All my login code (Enter name & password, authenticate etc) -----

require "footer.php"; //The rest of the HTML code
?>
Last edited by LuiePL on Wed Aug 09, 2006 1:10 am, edited 1 time in total.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I would seriously reconsider sending the password hash via cookie.

Code: Select all

<?php
if ($_SERVER['REQUEST_METHOD'] == "POST") //If it was posted to set the cookie
{
    $check = $_POST['set']; //The 'set' is if the user wants to be remembered
    $name = $_POST['name'];
    $pass = md5($_POST['pass']);
    $cookie_data = $name.'-'.$pass;
    $expiry = 0;

    if ( !$check )
    {
        $expiry = time() + 3600; //Expire after 1 hour
    }

    setcookie ("user", $cookie_data, $expiry);
} 
?>
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Put error_reporting(E_ALL) on the top of your script and tell us if any error messages pop up.

Also, consider Everah's suggestion, you may not have asked for help on security, but while you're here, we might as well.
LuiePL
Forum Commoner
Posts: 40
Joined: Fri Aug 04, 2006 11:38 pm

Post by LuiePL »

I threw that in and I tried to have it display what the cookie was, and right before it this popped up:

"Notice: Undefined index: user in /index.php on line 96"

Line 96:

Code: Select all

echo "<BR>Cookie: ".$_COOKIE['user'];
'user' is supposed to be the name of the cookie

I don't plan on keeping the password there forever, but this project isn't security conscious right now. I won't go live with this until all bugs are worked out, and I switch the password over. I plan on eventually changing it to some sort of SID and hashing that. But if it isn't setting the cookie to begin with there really isnt much of a risk.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Hmm... that makes sense, I suppose (all it means is that the cookie doesn't exist). You should put an isset() check there, but...

Let's make sure the actual code is getting executed: put "echo 'Cookie set!'" right after all your setcookie calls and the post the login information again.

Also, after looking at your code again, having no expiration value does not mean no expiration: it means that the cookie will only last for the session (and disappear when the browser closes.) Just set it to a big number.
LuiePL
Forum Commoner
Posts: 40
Joined: Fri Aug 04, 2006 11:38 pm

Post by LuiePL »

OK, this is at the top now:

Code: Select all

if ($_SERVER['REQUEST_METHOD'] == "POST") {
		$check = $_POST['set'];
		if($check=='ON')
			{
				$name = $_POST['name'];
				$pass = md5($_POST['pass']);
				$cookie_data = $name.'-'.$pass;
				setcookie("user", $cookie_data, time() + 24*365*3600); //Have it expire after 1 year
				echo "Cookie Set!";
			}
		else
			{
				$name = $_POST['name'];
				$pass = md5($_POST['pass']);
				$cookie_data = $name.'-'.$pass;
				setcookie ("user", $cookie_data, time() + 3600);
				echo "Cookie Set!";
			}
	}
In the body:

Code: Select all

if (isset($_COOKIE['user']))
	{
		echo "<BR>Cookie: ".$_COOKIE['user'];
	}
else
	{
		echo "<BR>Cookie Not Set";
	}
Now it's saying "Cookie Set!" at the top, but when it gets down to the bottom, it says "Cookie not set". Do I need to set the cookie outside of the If statements at the top?
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Do a soft reload (select the Address bar and then press enter). Now is the cookie set?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Yeah, I'm not sure you can set a cookie and retrieve it in the same trip to the server. I could be wrong though.

PS, you may want to compare the code you posted and the code I posted in response to it above. Yours has a bit of redundancy that could be cleaned up a bit.
LuiePL
Forum Commoner
Posts: 40
Joined: Fri Aug 04, 2006 11:38 pm

Post by LuiePL »

No, still not set. I have it set to check how the page was loaded with "$_SERVER['REQUEST_METHOD']" if it's "GET" then I have some code to see if the cookie is loaded. If it is it's supposed to skip down to the "logged in" portion of the code. If not it has the Username/Password stuff to login. When you login, the authenticate code works, and it shows the login stuff properly, but doesnt set the cookie. I hope that makes sense.

Code: Select all

if ($_SERVER['REQUEST_METHOD'] == 'GET') //Normal page load
	{
		echo $_SERVER['REQUEST_METHOD'];
		//Check if cookie is set
		if (!isset($_COOKIE['user'])) //See if there's a cookie already set
			{
				echo "<BR>Cookie Not Set";
				//No cookie, it asks for your login information
			}
		else
			{
				echo "<BR>Cookie: ".$_COOKIE['user'];
				//Cookie, it displays members options, "logged in" part
				//Can't get to this point from noraml loading
			}
	}
else
	{
		//POST method runs the name and password and authenticates the user
	}
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Before the part of the code where you check $_SERVER['REQUEST_METHOD'], echo it...

Code: Select all

<?php
echo '<h1>Request Method is ' . $_SERVER['REQUEST_METHOD'] . '</h1>';
?>
What does it tell you?
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

No, the code setcookie() is being called because he was getting "Cookie set".

Hmm... is your system clock correct?
LuiePL
Forum Commoner
Posts: 40
Joined: Fri Aug 04, 2006 11:38 pm

Post by LuiePL »

Everah wrote:Before the part of the code where you check $_SERVER['REQUEST_METHOD'], echo it...

Code: Select all

<?php
echo '<h1>Request Method is ' . $_SERVER['REQUEST_METHOD'] . '</h1>';
?>
What does it tell you?
Right above "Cookie set/not set" I have

Code: Select all

echo $_SERVER['REQUEST_METHOD'];
And it tells me the right thing (POST/GET) depending on how I load the page.

I just synced my clock with time.ms.com, and still no luck.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Good call AC. Maybe replace

Code: Select all

echo "Cookie Set!";
with

Code: Select all

echo 'Cookie "User" Set with an expiry time of ' . date("m/d/Y g:i:s A", time() + 3600);
LuiePL
Forum Commoner
Posts: 40
Joined: Fri Aug 04, 2006 11:38 pm

Post by LuiePL »

Everah wrote:

Code: Select all

echo 'Cookie "User" Set with an expiry time of ' . date("m/d/Y g:i:s A", time() + 3600);
I switched some stuff around to this:

Code: Select all

$expiry = 3600; //Expire in 1 hour
	
		if ( $check ) //if the check box is selected
		{
			$expiry = time() + 24*365*3600; //Expire after 1 year
		}
	
		setcookie ("user", $cookie_data, $expiry);
		echo "Cookie Set. Expires: " . date("m/d/Y g:i:s A", $expiry);
		echo "<BR>Time now: " . date("m/d/Y g:i:s A", time());
Now it shows:

Cookie Set. Expires: 08/06/2007 8:37:54 PM
Time now: 08/06/2006 8:37:54 PM

But I noticed when I don't select the "Remeber Me" box I get:

Notice: Undefined index: set in /index.php on line 5

Warning: Cannot modify header information - headers already sent by (output started at /index.php:5) in /index.php on line 16
Cookie Set. Expires: 12/31/1969 8:00:00 PM
Time now: 08/06/2006 8:38:50 PM

And in the body I get:

Notice: Undefined index: set in /index.php on line 123

Lines 5, and 123 are both:

Code: Select all

$check = $_POST['set'];
Last edited by LuiePL on Sun Aug 06, 2006 7:43 pm, edited 1 time in total.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

That means that the post var 'set' is not set to anything. Try this ...

Code: Select all

$check = ( isset($_POST['set']) ) ? $_POST['set'] : '';
Post Reply