Page 1 of 2

so confused.

Posted: Thu Jul 31, 2003 7:08 pm
by nick2
alright I am trying to make amessaging system for users.

I am gonna be using mysql to hold the messages for each user.

Now when you send a message I need it to somehow know who sent it.. so I tried adding set $_POST[ID] - (cookies, after you login) but it made errors.. I was gonna call that so it would know who sent the message... :(

I could use help!

cookies:


Please i'm not even sure if mysql idea is good... :/ :cry:

Code: Select all

<?php
#cookies#
if ($num != 0) {
$cookie_name = "auth";
$cookie_id = "'$_POST[ID]'";
$cookie_value = "ok";
$cookie_expire = "0";
$cookie_domain = "slices.net";
setcookie($cookie_name, $cookie_value, $cookie_expire, "/" ,
$cookie_domain, $cookie_id 0);
#
?>

Posted: Thu Jul 31, 2003 11:06 pm
by jmarcv
Dude! You don't know if mysql is a good idea?

Get a life. Mysql is a GREAT idea!

Now for your problem. (Sorry guys!) RTFM

http://www.php.net/manual/en/function.setcookie.php

You named the cookie auth. So, you access it by reading $auth. In your case you set the value to 'ok', so mind telling us why it doesn't work?
My first suspicion is you are passing $ID to a parameter that is used for secure channels. Why? Look at the link above.

You really don't even need ID (By the way, you might want to consider that the correct syntax is $_POST['ID'])
You are already there. echo your $auth variable, and you will see it says 'ok', just like you set it. (Standard debugging practice. Whats in a variable?)
my guess is you are NOT doing

Code: Select all

<?php
if ($auth='ok')
?>
which is what you need to be doing. And all that extra garbage at the end of setcookie? GETRID OF IT!
All you need is

Code: Select all

<?php
setcookie($cookie_name, $cookie_value,time()+60*60*24); 
?>
which will set it for day. You set to expire on 0? Well, that means you are DESTROYING the cookie! because zero is in the past.

Now I don't mind helping out, but geez! There is documentation on line, and you guys don't bother reading it?

In my day, I had to spend $30 an hour for online stuff through compuserve. You can damn well bet I read the stuff!

Any other questions?

Posted: Thu Jul 31, 2003 11:16 pm
by nick2
LIKE WOW.

lol

anyway my problem is.. let me explain myself better.

When you login it adds those cookies, so I wanted to add 1 that stores the ID (the ID is the Username field.)

so now say I logged in.. it sets the cookies,and now I go and send someone a private message. It will need to know who the message was sent from, so thats basicly why I wanted to store the Username.. so the other user knows who its from!

get it? :-P

PS: 0 actually means when you close your browser it destroys the cookies. - What my book said.

so maybe you could explain based on that.

Posted: Thu Jul 31, 2003 11:52 pm
by jmarcv
OK, well the last word is php.net. But in any case, an expire time of 0 is in the past! So, as in your past problems I've looked at, you have 2-3 problems, not just one, including not typing a friggin space between 2 words. Hence my 'seemingly' (I don't care what they say, I'm a nice guy! Don't believe it? F&^%$&K off!) aggresive overtone. Hell, I'll help you any day. But you get lazy on me, and... well,,... I ain't yo mama!

So, instead of 'ok' for your lame (pardon) attempt of passing the ID to the secure parameter, why not do:

Code: Select all

<?php
$cookie_name = "auth"; 
$cookie_value =  "$_POST['ID']"; 
setcookie($cookie_name, $cookie_value, $cookie_expire 0); 
?>
Then you can check by

Code: Select all

<?php
if ($auth){
   ~~$somedamnsql="SELECT SOMEDAMNNAME FROM SOMEDAMNFILE WHERE id= '$auth'";

}
?>
and if it is, well great! get the name. id is in $auth. Capiche?
I'm here for ya, ..... dude.....



P.S. Wow? wuzzat?

Posted: Fri Aug 01, 2003 12:05 am
by nick2
you're scary, how do I get the cookie value?

echo "$cookie_value";

^-- wrong but close?

Posted: Fri Aug 01, 2003 12:21 am
by nick2
btw its

'$_POST[ID]'

and,

Your concept is bogus..

if I make my value $_POST[ID] how am I gonna protect pages?

like grrr.. i wish i could make 2 cookie files or 2 values.

Posted: Fri Aug 01, 2003 8:41 am
by jmarcv
No, my concept is NOT bogus, your understanding is.

First, here is a quote from the link I graciously researched for you.
name: The name of the cookie. 'cookiename' is called as $_COOKIE['cookiename']


So, in your case it is $_COOKIE['auth']
-- or --
$auth
on systems that allow globals.

#2,
while you are able to say $_POST[ID], php says to say $_POST['ID']
Array do's and don'ts
Why is $foo[bar] wrong?
You should always use quotes around an associative array index. For example, use $foo['bar'] and not $foo[bar]. But why is $foo[bar] wrong? You might have seen the following syntax in old scripts:


<?php
$foo[bar] = 'enemy';
echo $foo[bar];
// etc
?>

This is wrong, but it works. Then, why is it wrong? The reason is that this code has an undefined constant (bar) rather than a string ('bar' - notice the quotes), and PHP may in future define constants which, unfortunately for your code, have the same name. It works, because the undefined constant gets converted to a string of the same name automatically for backward compatibility reasons.
http://www.php.net/manual/en/language.types.array.php

So you see, it is $_POST['ID'] like I said the first time.

Now, lets move on:
if I make my value $_POST[ID] how am I gonna protect pages?
What ever do you mean? Why don't you give us a clue what you are using ID for? I am assuming ID is the persons ID #, so you can use it to look up their record. YOU are scary. It sounds like you are using it to protect pages? How? The way you had it before, you had it in the parameter that specifies you are using a secure channel. Since I don't have a CLUE what you intend to do with ID, then I assume you don't understand what the 'secure' parameter does, or how to use it, so don't.

When I say forget all those other parameters, its because they will only confuse you. Stick with understanding how cookies send data, and THEN worry about the bells and whistles.
like grrr.. i wish i could make 2 cookie files or 2 values.
There you go again. Instead of reading, or thinking about it, you just get frustrated.
Again, from the site:
Cookies names can be set as array names and will be available to your PHP scripts as arrays but seperate cookies are stored on the users system. Consider explode() or serialize() to set one cookie with multiple names and values.
..and what makes you think you can't set 2 cookies? Did you try?

Additionally, if you set a cookie to a comma delim string, you could always 'split' it out to use one cookie for many values.

So, why don't you just calm down, read the link page I sent, simplify, and test with test scripts instead of dropping your test code into your production, where it may be difficult to figure out what is going on?

Posted: Fri Aug 01, 2003 9:20 am
by nielsene
Just one note:

Setting 0 for the expire time works as nick2 thought. Its create an ephemeral cookie that lasts until the browser is closed. It is not a cookie "in the past". Delete a cookie is done by setting the value of the cookie variables to the empty string.

Otherwise, yes I agree with jmarcv -- I've had a very hard time decyphering what nick2 is asking and a very hard time beleiving that he is reading and thinking about people's responses and the manual.

Posted: Fri Aug 01, 2003 9:24 am
by jmarcv
I stand corrected on the expire issue. ... and I thank you both for teaching me something new.

Posted: Fri Aug 01, 2003 5:07 pm
by nick2
BASICLY, i need the system to know whos logged in.. so if i send a message to somenone it should know whos ID to put in the text place Sender:

:(


I am a noobie at this stuff thats why its hard for me to suck up what everyone is saying. & before you say read about it.. er I have in my book but it doesn't really explain what I wanna do.

EDIT: also if i store $_POST['ID'] as $cookie_value

when I check on a page to see if your logged in:

it checks $cookie_value == ok but if i changed to $_POST['ID'] and then try and see if value matches it makes an error.

-Nick

Posted: Fri Aug 01, 2003 7:43 pm
by nielsene
Let me try to translate what I think your asking:

You've created a login script, which works. The login script uses a cookie to track the user, anonymously (value="ok").

You now what to create something like the Private Messaging system of this forum/ "private meail". Your problem is that you aren't able to get an identifier to label who sent the message.

Is this a correct statement of your problem?

If yes,
1. How do uses create an account? Are user accounts created in the database, what is the table structure of the table used to track accounts?
Does this table have a primary key?

2. Is there a reason why you don't set the value of the cookie to the value of the primary key of the user's account instead of 'ok'? In that case the absence of the cookie=not logged in and if the user is logged in the value of the cookie is the FROM you need....

Posted: Fri Aug 01, 2003 7:46 pm
by nick2
nie... value "ok" is so I can tell if ppl are logged in or not... ya know protecting pages?

and yes I store user data in database..

Posted: Fri Aug 01, 2003 7:50 pm
by nielsene
nick2 wrote:nie... value "ok" is so I can tell if ppl are logged in or not... ya know protecting pages?
.
Yes. I know. Read my point 2.

One more try, and then I'm probably giving up on this thread.

If a user logs in sucessfully you do something like

Code: Select all

setcookie("logged_in",$userid,0);
To protect a page you do:

Code: Select all

if (isset($_COOKIE["logged_in"]))
{
  // allow access
}
else
{
//disallow.
}
If they haven't logged in, they won't have a cookie. So why store "ok" at all. You would never have a non-ok cookie value with your correct setup. So you might as well use a payload that carries some amount of information.

Posted: Fri Aug 01, 2003 7:52 pm
by nick2
wow its that easy? lol i been havin head aches for 2 days for nothing. :P

Posted: Fri Aug 01, 2003 7:57 pm
by nielsene
Well this is not a secure way of doing it. But you need to start somewhere. All the more secure options are much more complicated and probably overkill while learning. Once you "finish" your site, come back and ask about security if you really want to hurt your brain.