Page 1 of 1

problem with cookies (login)

Posted: Tue Feb 10, 2009 4:14 pm
by Blondy
hi guys I'm creating a blog like cms and using a login code as shown below
I can't figure out what's the problem with the code but remember me button don't works
any suggestion will be great thanks

Code: Select all

<?php
//get the posted values
$_POST['user']=htmlspecialchars($_POST['user_name'],ENT_QUOTES);
$_POST['pass']=$_POST['password'];
// Page for log-in
include_once("config.php");
include_once("lang/lang_".$lang.".php");
include_once("connect.php");
if(isset($_SESSION['user_id'])) {
 echo "yes";
}else{
 if(isset($_COOKIE['user_id'])) {
  // Read cookie, make session
  $sql = "SELECT id,state,password,active FROM `".$db_tbl."` WHERE id='".$_COOKIE['user_id']."'";
  $query = mysql_query($sql);
  $row = mysql_fetch_object($query);
  $id = htmlspecialchars($row->id);
  $status = htmlspecialchars($row->state);
  $dbpass = htmlspecialchars($row->password);
  $actief = htmlspecialchars($row->active);
  if($dbpass == $_COOKIE['user_password'] AND $actief == 1) {
   $_SESSION['user_id'] = $id;
   $_SESSION['user_status'] = $status;
   echo "yes";
   }else{
   echo $login_cookiefalse;
   setcookie("user_id", "", time() - 3600);
   setcookie("user_password", "", time() - 3600);
  }
 }else{
   // Login
   $sql = "SELECT id,name,password,state,active,cookie_pass FROM `".$db_tbl."` WHERE name='".$_POST['user']."'";
   $query = mysql_query($sql);
   $count = mysql_num_rows($query);
   if($count == 1) {
    $row = mysql_fetch_object($query);
    $dbpass = htmlspecialchars($row->password);
    $userpass = md5($_POST['pass']);
    $cookiepass = htmlspecialchars($row->cookie_pass);
    $userid = htmlspecialchars($row->id);
    $userstatus = htmlspecialchars($row->state);
    $useractief = htmlspecialchars($row->active);
    if($dbpass == $userpass) {
     if($useractief == 1) {
      $_SESSION['user_id'] = $userid;
      $_SESSION['user_status'] = $userstatus;
      if($_POST['cookie'] == "do") {
       if($cookiepass == "") {
        $cookiecode = mt_srand((double)microtime()*100000);
        while(strlen($cookiecode) <= 10) {
         $i = chr(mt_rand (0,255));
         if(eregi("^[a-z0-9]$", $i)) {
         $cookiecode = $cookiecode.$i;
         }
        }
        $sql = "UPDATE `".$db_tbl."` SET cookie_pass = '".$cookiecode."' WHERE name = '".$_POST['user']."' LIMIT 1";
        mysql_query($sql);
        $cookiepass = $cookiecode;
       }
       setcookie("cookie_id", $userid, time() + 365 * 86400);
       setcookie("cookie_pass", $cookiepass, time() + 365 * 86400);
      }
      echo "yes";
     }else{
      echo $login_noactive;
     }
    }else{
     echo "no";
    }
   }else{
    echo "no";
   }
 
  }
  }
?>
 
it uses an ajax script so the file just responds with yes or no

Re: problem with cookies (login)

Posted: Tue Feb 10, 2009 4:19 pm
by mbdigital
Does it set a cookie when you press the "remember me" button? i.e. is there a problem setting the cookie, or recognising the cookie when returning to the site?

Re: problem with cookies (login)

Posted: Wed Feb 11, 2009 8:57 am
by Blondy
yes I have found some cookies on browser

Re: problem with cookies (login)

Posted: Wed Feb 11, 2009 10:31 am
by mintedjo
Were they tastey? :-D

Re: problem with cookies (login)

Posted: Wed Feb 11, 2009 11:38 am
by mbdigital
Sorry I mean can you confirm that the php is setting the cookie, and also does the php see the cookie when the page is opened?

Re: problem with cookies (login)

Posted: Tue Mar 03, 2009 6:01 am
by Blondy
here is my test page try it yourself
adama.ir
admin
lovely