Cookie emergency.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Cookie emergency.

Post by Mightywayne »

Hello, everyone. As some of you know, I run a game. Recently I've gotten complaints that peoples' cookies have been expiring much earlier than they should be, and some people can't log in at all. My cookies are like this: (ps... where's the php tags? :()

Code: Select all

 
$randomcookiethinger = rand(1, 999999999999999);
setcookie(user, $randomcookiethinger, time()+1600, "", "");
 
The $randomcookiethinger is used to make sure they aren't editing cookie information.

My check to see if the cookie expired is:

Code: Select all

 
if (!isset($_COOKIE["user"]))
  die('<font color="red"><b><big>Error:</big></b></font><font color="black"><br><br>You must log in first!');
Do you have ANY idea what could be wrong?
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Re: Cookie emergency.

Post by s.dot »

User needs to go in quotation marks setcookie('user')

You're only storing an integer in the cookie?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Re: Cookie emergency.

Post by Mightywayne »

Oi... a little after posting, I did try the quotation marks. (keep in mind I've been running the game fine, and 10-20 people have been logging in fine, for a while) A girl experiencing the problem said it still persisted. =/

And yes, I am, but that's when I was a noob. I didn't know about md5 and stuff, I suppose I should for security's sake, go back and super-encrypt that. Got a good suggestion for that?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: Cookie emergency.

Post by Chris Corbyn »

Mightywayne, the PHP tags are here... just type

Code: Select all

 to start code, then end with [/ php] ;)
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Re: Cookie emergency.

Post by Mightywayne »

Erm, alright, thanks.

Anyone have any other possible solutions? =/
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Re: Cookie emergency.

Post by Mightywayne »

Okay, I think it might have to do with the fact that I've .httaccess'd my website to remove the www.

No matter what, you simply can't "get" to www. domain. I removed that due to complications in the forums and it's ugly anyway, is there a way to get around that when setting a cookie?
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Re: Cookie emergency.

Post by JAM »

Mightywayne wrote:Okay, I think it might have to do with the fact that I've .httaccess'd my website to remove the www.

No matter what, you simply can't "get" to www. domain. I removed that due to complications in the forums and it's ugly anyway, is there a way to get around that when setting a cookie?

Code: Select all

 
setcookie(user, $randomcookiethinger, time()+1600, "", ".youdomain.com");
 
Be sure to use the 2 dots in the domainname. That should work for both http://www.youdomain.com/exemplepage.php and http://youdomain.com/exemplepage.php.
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Re: Cookie emergency.

Post by Mightywayne »

This is getting a bit ridiculous. I'm seriously trying everything, I've tried putting user in quotes, taking it out, doing those both with no domain or path, vice versa...

Is there an alternative to the cookie system? I know there's sessions, but would they even apply to what I want to do?
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Re: Cookie emergency.

Post by JAM »

Yah, $_COOKIE = 'foo'; instead of setcookie()... But still same result.
Btw, it's not as simple as you missing a $ before user? Just making sure...

Code: Select all

 
// bad
setcookie(user, $randomcookiethinger, time()+1600, "", "");
// better
setcookie($user, $randomcookiethinger, time()+1600, "", "");
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Re: Cookie emergency.

Post by Mightywayne »

Positive, man. I'm seriously trying everything. As before, MOST people could log in. And most people STILL can, but now the girl that originally reported it to me can't get in at *all*, and there was another case of this happening to another guy, too.

Maybe if I post every damn thing to you, you will notice a flaw...

Code: Select all

 
$randomcookiethinger = rand(1, 999999999999999);
 
mysql_query("UPDATE user SET securecookie = '$randomcookiethinger' WHERE username = '$username'");
 
mysql_query("UPDATE user SET inactivedays = 0 WHERE username = '$username'");
 
setcookie("newuser", $randomcookiethinger, time()+1600);
 
See that? It's the login script for when people FIRST log in. She see's the FIRST page, and then after navigating it, my included security.php file stops her, as if that first page she see's ever is the only one to have a good cookie.

Code: Select all

 
$userz = $_COOKIE['newuser'];
 
if (empty($userz))
{
 
  die('(message for not having a cookie)');
}
 
It's as if it's deleted or something. Any help would be appreciated... =/

Edit: And I just tried to keep it from making a new cookie with the refresh script (so every 25 minutes the user is not logged out) and still it didn't go. It has to be something with setting the actual cookie, but I'm stumped and I'm <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> because I've been working on this for 2.5 hours now, when I could've spent time coding something important. :( Are sessions okay for what I want to do?
Last edited by Mightywayne on Sat Jan 26, 2008 11:01 am, edited 1 time in total.
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Re: Cookie emergency.

Post by JAM »

Sorry for the lack of support. Just shooting out ideas...

Whats the securecookie datafield for type in the database? As youre using rand() aswell as an unsigned INT can only be as large as 4294967295 you might get problems as described...
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Re: Cookie emergency.

Post by Mightywayne »

It's alright, man, I'm glad someone's trying their best to help me.

It's an INT, with 30 slots for numbers in it. Is 4294967295 really the most it can be? I should probably note that whenever I do the rand(111111, 999999999) thing, the number always comes out negative. Could that be it?
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Re: Cookie emergency.

Post by JAM »

I'd change the INT to a BIGINT. An unsigned BIGINT can be as big as 18446744073709551615 (ie. mt_rand(1, 18446744073709551615)). I bet thats the issue. Because occasionally the rand() script will strike a number within the INT's range, sometimes not...

If you create a table with an unsigned INT() and run the following on it you'll understand the error;

Code: Select all

insert into table values(1);
insert into table values(4294967295);
insert into table values(4294967296);
Result:

Code: Select all

1
4294967295
[color=#BF0000]4294967295[/color]
See the last value being bad...

And the rand() shouldn't come out negative. And also, Id use mt_rand().
Mightywayne
Forum Contributor
Posts: 237
Joined: Sat Dec 09, 2006 6:46 am

Re: Cookie emergency.

Post by Mightywayne »

Unfortunately, it didn't make them positive. :( But I do have sorta good news. It appears it's just an IE thing, and FireFox works much better for the game in general. Normally I'd care more, but 90% of my users use FireFox, and the problem was minute to begin with. I've also put cookies to simply never expire, and an option to turn it off.

Thanks a lot, you (and everyone else too) have been a great help.
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Re: Cookie emergency.

Post by JAM »

Well, hope it helped some.

Still interested if you changed the INT to BIGINT or if it was BIGINT from the start. Did you check it out? Just asking as followup for upcomming readers. :D
Post Reply