Page 1 of 1

cookies for all OSs

Posted: Thu Jun 12, 2003 12:06 pm
by oldtimer
I have cookies working great in IE. But for Netscape, Opera and several browsers in Linux it are not working.

Here is a simple one I have for auto login.

First we set the cookie when they first login

Code: Select all

<?php
setcookie("valid_user","$valid_user",604800,"/","www.mydomain.com");
setcookie("email","$email",604800,"/","www.mydomain.com");
setcookie("check","valid_user",604800,"/","www.mydomain.com");

?>
Then I have a check to see if they have a cookie when they come back.

Code: Select all

<?php
if (empty($_SESSION['valid_user'])) 
{ 
	if (isset($_COOKIE["check"])) 
 {
 mysql_connect($DBhost,$DBuser,$DBpass) or
 die("Unable to connect to database");
 @mysql_select_db("$DBname") or die("Unable to select
 database");
  $sqlquery = "SELECT * From $table where user='".$_COOKIE["valid_user"]."' and email='".$_COOKIE["email"]."'";
 $result=mysql_query($sqlquery);
 $num=mysql_num_rows($result);
 $i=0;
 while ($i < $num) { 
  $valid_user=mysql_result($result,$i,'user');
 $valid_user=htmlspecialchars($valid_user);
 $email=mysql_result($result,$i,'email'); 
		 ++$i;
	 }
    session_register("valid_user", "email");
	// update cookie for time expiration
ob_start();
setcookie("valid_user","$valid_user",604800,"/","www.mydomain.com");
setcookie("email","$email",604800,"/","www.mydomain.com");
setcookie("check","valid_user",604800,"/","www.mydomain.com");
ob_end_flush();

?><meta http-equiv="refresh" content="0"><?
 } 
else
 {
// TestCookie does NOT exist  do nothing
 }
 }

?>
Now I know there are other ways of doing certain routines but this is how I use it. And it works great on IE but not the others.

Posted: Thu Jun 12, 2003 12:45 pm
by cactus
Firstly:
Cookies and the browser implementation of cookies was made standard by this RFC (2109):

http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html

The setcookie() method complies with to RFC 2965:

http://www.faqs.org/rfcs/rfc2965

Secondly:

Remove the quotes from around the variables and give it another try:

Code: Select all

setcookie("valid_user", $valid_user, 604800, "/", "www.mydomain.com"); 
setcookie("email", $email, 604800, "/", "www.mydomain.com"); 
setcookie("check", "valid_user", 604800, "/", "www.mydomain.com");
Regards,

Posted: Thu Jun 12, 2003 12:53 pm
by oldtimer
Nope. Same thing. Once logged in I can open new browser and have it still work. But as soon as I close netscape I have to log back in.

Posted: Thu Jun 12, 2003 1:03 pm
by cactus
How are you passing the data to the setcookie() methods ?

Regards,

Posted: Thu Jun 12, 2003 1:18 pm
by oldtimer
Date is coming from a database. I then populate a session and a cookie for the auto login when they return. It works great on IE.

Posted: Thu Jun 12, 2003 1:33 pm
by cactus
Erm, why are you using Output Buffering around the setcookie() methods ?

Remove them and try again.

Regards,

Posted: Thu Jun 12, 2003 1:46 pm
by oldtimer
If i do not then you get a header already sent due to the session_start()

Posted: Thu Jun 12, 2003 1:55 pm
by oldtimer
Took it out same thing. Will not save cookie. Going to purge all cookies in machine and see where Netscape is trying to store them.

Posted: Thu Jun 12, 2003 2:13 pm
by oldtimer
I thought I would point out that the 2nd code of my first post is in a file called cookie.php. I then include it into any page I want to have the auto login take effect.

Posted: Thu Jun 12, 2003 3:55 pm
by cactus
:) So to ask my previous question again:
cactus wrote:How are you passing the data to the setcookie() methods ?
This is in the first bit of code you posted.

Regards,

Posted: Thu Jun 12, 2003 4:10 pm
by oldtimer
Close to the 2nd field. When It is first set it is after they have authenticated via a username and password.

So they login, I then grab all information I want and the start the session then populate cookie.

PS If this did not answer your question then I may not know what you mean by passing the data to the cookie.

Posted: Thu Jun 12, 2003 4:20 pm
by cactus
Are you passing the vars via GET/POST/PHP_AUTH_USER/PHP_AUTH_PW (the latter 2 are for HTTP authentication via the Apache mod) ?

As we go along I get the impression you arn't passing your vars correctly, forgive me if I'm incorrect.

Regards,

Posted: Thu Jun 12, 2003 4:40 pm
by oldtimer
I have tried Get and Post. Here is what I currently have. Now please remember I am in the middle of simplifying it and making it to work with globals off. I learned with them on. This paste below is the entire page they login to.

---------------------------------------------------------------------------------
<? ob_start();
session_start();
include ("config.php");
include ("config.inc.php");
include ("uonline.php");

if ($_POST[login] && $_POST[password])
{
// if the user has just tried to log in make sure the username is there.
$db_conn = mysql_connect("localhost", "$DBuser", "$DBpass");
mysql_select_db("$DBname");
$query = "select * from users "
."where user='$_POST[login]' ";
$result = mysql_query($query, $db_conn);
if (mysql_num_rows($result) ==0 ) { echo "Sorry but no such username<BR>Please go back and try again.<BR>"; exit; } else {
$query = "select * from users "
."where user='$_POST[login]' "
." and password=password('$_POST[password]')";
$result = mysql_query($query, $db_conn);
if (mysql_num_rows($result) ==0 ) { echo "Sorry but that password does not match the username.<BR>";
exit; } else { // continue
}
// if they are in the database register the user id
// fetch the results from the database.
$sqlquery = "SELECT * From users where user='$_POST[login]'";
$result=mysql_query($sqlquery);
$num=mysql_num_rows($result);
$i=0;
while ($i < $num) {
$realname=mysql_result($result,$i,'realname');
$realname=htmlspecialchars($realname);
$valid_user=mysql_result($result,$i,'user');
$valid_user=htmlspecialchars($valid_user);
$email=mysql_result($result,$i,'email');
$fast=mysql_result($result,$i,'approved');
$uid=mysql_result($result,$i,'uid');
$level=mysql_result($result,$i,'level');
$adminsignature=mysql_result($result,$i,'admin_signature');
++$i;
}

session_register("valid_user", "email", "fast", "uid", "level" , "adminsignature");
if ($_REQUEST[addcookie]==YES) {

setcookie("valid_user",$valid_user,604800,"/","www.closedgamesystems.com");
setcookie("email",$email,604800,"/","www.closedgamesystems.com");
setcookie("check",valid_user,604800,"/","www.closedgamesystems.com");

} else { // dont add a cookie
}ob_end_flush();
$lastip=($REMOTE_ADDR);
$sql=("UPDATE users SET lastip='$lastip' WHERE user='$valid_user'");
$result=mysql_query($sql);

// check for dupes
$sqlquery = "SELECT * From users where lastip='$lastip' and user<>'$login'";
$result2=mysql_query($sqlquery);
$num2=mysql_num_rows($result2);
if ($num2==0) { // do nothing
} else {
// Shared Mod
// see if the user is in the shared table.
$sqlquery = "SELECT * From shared where trader='$valid_user'";
$result5=mysql_query($sqlquery);
$num3=mysql_num_rows($result5);
if ($num3==0) {
//email to me
$recipient2 = $email2;
$subject2 = "Possible Dupe";
$message2 = "This is a note to tell you that $valid_user with email address of $email has logged on with the ip address of $REMOTE_ADDR and it matches at least one other.";
$extra2 = "From: possibledupe@coastgames.com";
mail ($recipient2,$subject2,$message2,$extra2);
} else {
//they are valid.. do nothing
}
// End of Shared Mod
}
}
}
if (empty($_SESSION['valid_user']))
{
include("cookie.php"); } else { // nothing
}
?>
<?
if (session_is_registered("valid_user"))
{ // Start of main page.


?>
<html>
<head>
<title><? echo $yourheading; ?></title>
<link rel="stylesheet" href="<? echo $path; ?>/themes/<? echo $theme; ?>/style.css" type="text/css" />
</head>
<body>
<? include ("$path/themes/$theme/top.php"); ?>
<table width="95%" border="0" cellspacing="1" cellpadding="1">
<tr>
<td width="180" valign="top">
<table width="180" border="0" cellspacing="1" cellpadding="1">
<tr>
<td><? include ("$path/main_menu.php"); ?></td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
<tr>
<td><? include ("$path/menu2.php"); ?></td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
<tr>
<td><? include ("$path/menu_games.php"); ?></td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
<tr>
<td><? if ($_SESSION[level] >=5) { include ("$path/admin/menu_admin.php"); } else {// nothing
echo "&nbsp"; } ?>
</td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>

</table>
</td>
<td width="74%" valign="top"><? include ("$path/closed_games.php"); ?></td>
</tr>
</table>

<?
}
else
{ echo "Sorry. Either you are not logged in your or your username or password was not correct. Please hit the back button and try it again."; }
?>
</div>
</body>
</html>
----------------------------------------------------------------------------

Below here is my cookie.php

<?
if (empty($_SESSION['valid_user']))
{
if (isset($_COOKIE["check"]))
{
mysql_connect($DBhost,$DBuser,$DBpass) or
die("Unable to connect to database");
@mysql_select_db("$DBname") or die("Unable to select
database");
$sqlquery = "SELECT * From users where user='".$_COOKIE["valid_user"]."' and email='".$_COOKIE["email"]."'";
$result=mysql_query($sqlquery);
$num=mysql_num_rows($result);
$i=0;
while ($i < $num) {
$realname=mysql_result($result,$i,'realname');
$realname=htmlspecialchars($realname);
$valid_user=mysql_result($result,$i,'user');
$valid_user=htmlspecialchars($valid_user);
$email=mysql_result($result,$i,'email');
$fast=mysql_result($result,$i,'approved');
$uid=mysql_result($result,$i,'uid');
$trusted=mysql_result($result,$i,'password');
$receivenews=mysql_result($result,$i,'receivenews');
$level=mysql_result($result,$i,'level');
$adminsignature=mysql_result($result,$i,'admin_signature');
++$i;
}
session_register("valid_user", "email", "fast", "uid", "level" , "adminsignature");
// update cookie for time expiration
//ob_start();
setcookie("valid_user",$valid_user,604800,"/","www.closedgamesystems.com");
setcookie("email",$email,604800,"/","www.closedgamesystems.com");
setcookie("check",valid_user,604800,"/","www.closedgamesystems.com");
//ob_end_flush();

?><meta http-equiv="refresh" content="0"><?
}
else
{
// TestCookie does NOT exist do nothing
}
}

?>

-----------------------

I am also in the middle of making everything all straight php.