PHP Cookies

[Drezard]

I need some help with these two PHP Scripts. I dont know where to put the cookies.

I need to create a cookie once the user has logged in. In the cookie i want to just have the $user once the user has logged in. Please Help. Which Script do i put in the cookie? and how? could you please give me an example?

Login.php:

Code:

<?php

if (isset($_POST['submit'])) { // check to see if the forum has been submitted
// where is tasys 'submit', use the name of the submit button on the form
include('connect.php');


// get form input
// check to make sure it's all there
// escape input values for greater safety
$user = empty($_POST['user']) ? die ("ERROR: Enter a Username") : mysql_escape_string($_POST['user']);
$pass = empty($_POST['pass']) ? die ("ERROR: Enter a Password") : mysql_escape_string($_POST['pass']);

$sql="SELECT * FROM users WHERE user='$user' and pass='$pass'";
$result=mysql_query($sql);

// Mysql_num_row is counting table ro

$count=mysql_num_rows($result);

// If result matched $user and $pass, table row must be 1 row

if($count==1){

// Register $user, $pass and redirect to file "login_success.php" and make cookie that saves the $user variable
//will add redirect script soon.


}
else {
echo "Wrong Username or Password";
}
}

?>

<html>
<head>
</head>

<body>

<?php
if (!isset($_POST['submit'])) {
// form not submitted
?>

<form action="<?=$_SERVER['../../Documents%20and%20Settings/Drezard/My%20Documents/My%20Received%20Files/PHP_SELF']?>" method="post">
Username: <input type="text" name="user">
Password: <input type="text" name="pass">
<input type="submit" name="submit">
</form>

<?php
}
?>
</body>
</html>



login_success.php:


Code:

<?php
//create a cookie with $user from login.php
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<?php
echo " congratz you are logged in.";
if (isset($_COOKIE["user"])) {
echo "hi " $user;
}
else {
echo "You are not logged in!<br />";
}
?>

</body>
</html>



Please help cheers, Daniel

[.josh]

you will want to create the cookie upon login (in the login_success.php), as you wouldn't have the info you want to store in your cookie until after the user has been validated/logged in. now, depending on how you wish to use the cookie...

do you want them to be auto-logged in? then you will want to check for the cookie in the login script. but that will involved the password too, not just the user.

i don't really see any other point in only storing the user's name though... once they are logged in.. well, you already have their info from the login form and the query, so no point in cookie for that...

[Drezard]

I want to put a cookie in one of those two places i just dont know how. But with Login_success.php i want the variable $user from the last page. Can u show me how please.

- Cheers, Daniel

[.josh]

the how is the easy part. but you have to figure out what you want a cookie for. what do you want to use the cookie for? this will determine which page you put it on.

as far as getting $user from login to login_success, put:

session_start();

at the very top of your script, right under <?php on both of your pages. then in here, you will want to add:

[code]
$count=mysql_num_rows($result);

// If result matched $user and $pass, table row must be 1 row

if($count==1){

$_SESSION['userinfo'] = mysql_fetch_array($result);

header('Location: login_success.php'); exit;


}
[/code]

and since you have session_start(); in your login_success.php as well, you can access the user information with $_SESSION['userinfo']

[Drezard]

Now my scripts look like this:

Login.php

[code]
<?php
$count=mysql_num_rows($result);
// If result matched $user and $pass, table row must be 1 row
if($count==1){
$_SESSION['userinfo'] = mysql_fetch_array($result);
header('Location: login_success.php'); exit;

if (isset($_POST['submit'])) {  // check to see if the forum has been submitted
    //  where is tasys 'submit', use the name of the submit button on the form
   include('connect.php');


   // get form input
    // check to make sure it's all there
    // escape input values for greater safety
    $user = empty($_POST['user']) ? die ("ERROR: Enter a Username") : mysql_escape_string($_POST['user']);
    $pass = empty($_POST['pass']) ? die ("ERROR: Enter a Password") : mysql_escape_string($_POST['pass']);

   $sql="SELECT * FROM users WHERE user='$user' and pass='$pass'";
   $result=mysql_query($sql);

   // Mysql_num_row is counting table ro

   $count=mysql_num_rows($result);

   // If result matched $user and $pass, table row must be 1 row

   if($count==1){

      // Register $user, $pass and redirect to file "login_success.php" and make cookie to save user data
                echo "<meta http-equiv='refresh' content='0;url=login_sucess.php>";

   }
   else {
      echo "Wrong Username or Password";
   }
}

?>

<html>
<head>
</head>

<body>

<?php
if (!isset($_POST['submit'])) {
// form not submitted
?>

    <form action="<?=$_SERVER['PHP_SELF']?>" method="post">
    Username: <input type="text" name="user">
    Password: <input type="text" name="pass">
    <input type="submit" name="submit">
    </form>

<?php
}
?>
</body>
</html>
[/code]

It keeps giving me an error on line 62. Thats the </html> whats wrong with that?

Login_sucess.php

[code]
<?php
$count=mysql_num_rows($result);
// If result matched $user and $pass, table row must be 1 row
if($count==1){
$_SESSION['userinfo'] = mysql_fetch_array($result);
setcookie('user', $user, time()+36000*24*365);
if (isset($_GET[$user]))
{
    $user = $_GET[$user];
    }
setcookie('user', $user, time()+36000*24*365);
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<?php
echo " congratz you are logged in.";
if (isset($_COOKIE["user"])) {
echo "hi " $user;
}
if (!isset($_COOKIE["user"])) {
echo "You are not logged in!<br />";
}
?>

</body>
</html>
[/code]

R These both right?

- Thanks, Daniel

[.josh]

uh..no... reread my last post. you were supposed to put

[b]session_start();[/b]

at the beginning of each file, not that other stuff.

then you were supposed replace

[b]// Register $user, $pass and redirect to file "login_success.php" and make cookie that saves the $user variable
//will add redirect script soon.
[/b]
with this:

[b]$_SESSION['userinfo'] = mysql_fetch_array($result);
header('Location: login_success.php'); exit;
[/b]

inside your if statement.

[Drezard]

it says headers already sent on line 27. In the login.php. Please Help.

Thanks for all you help.

Cheers, daniel

[.josh]

the header(...); will only work if you do not have any html output before it. this includes blank lines about your <?php tag. also, repost both your scripts again (and please use the code tags).

[Drezard]

it gives me an error on line 19 now in login.php. Dont i need to just redirect it to login_sucess.php?

Oh well heres the script:

Login.php:
[code]
<?php
session_start();
if (isset($_POST['submit'])) {  // check to see if the forum has been submitted
    //  where is tasys 'submit', use the name of the submit button on the form
   include('connect.php');
   // get form input
    // check to make sure it's all there
    // escape input values for greater safety
    $user = empty($_POST['user']) ? die ("ERROR: Enter a Username") : mysql_escape_string($_POST['user']);
    $pass = empty($_POST['pass']) ? die ("ERROR: Enter a Password") : mysql_escape_string($_POST['pass']);
   $sql="SELECT * FROM users WHERE user='$user' and pass='$pass'";
   $result=mysql_query($sql);
   // Mysql_num_row is counting table rows
   $count=mysql_num_rows($result);
   // If result matched $user and $pass, table row must be 1 row
   if($count==1){
      // Register $user, $pass and redirect to file "login_success.php" and make cookie to save user data
$_SESSION['userinfo'] = mysql_fetch_array($result);
header('Location: login_success.php'); exit;


   }
   else {
      echo "Wrong Username or Password";
   }
}

?>

<html>
<head>
</head>

<body>

<?php
if (!isset($_POST['submit'])) {
// form not submitted
?>

    <form action="<?=$_SERVER['PHP_SELF']?>" method="post">
    Username: <input type="text" name="user">
    Password: <input type="text" name="pass">
    <input type="submit" name="submit">
    </form>

<?php
}
?>

</body>
</html>
[/code]

Login_success.php:
[code]
<?php
session_start();
setcookie('user', $user, time()+36000*24*365);
if (isset($_GET[$user]))
{
    $user = $_GET[$user];
    }
setcookie('user', $user, time()+36000*24*365);
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<?php
echo " congratz you are logged in.";
if (isset($_COOKIE["user"])) {
echo "hi";
}
if (!isset($_COOKIE["user"])) {
echo "You are not logged in!<br />";
}
?>

</body>
</html>
[/code]

- Cheers, Daniel

Please Help

[.josh]

what does the error say? since line 19 seems to be the header(..) earlier i noticed you spelled your login success file like so:

Login_sucess.php

well the header calls

login_success.php

notice the different spelling. also, are login and login_success in the same folder? if not then you will need to include the path of the login success file in the header.

<edited the wrong post. nothing was changed>

[Drezard]

The scripts are both in the same file and are called "login.php" and "login_sucess.php".

Do I have to set it as a header or can i just create a redirect file?

- Cheers, Daniel

[Drezard]

I just want it to create a cookie with the user's details once the user has logged in. Also if the user finds the cookie on his/her harddrive, they wont be able to edit who they have logged in as.

Thanks, Daniel

- Cheers, Daniel

[.josh]

[!--quoteo(post=375975:date=May 22 2006, 01:21 AM:name=Drezard)--][div class=\'quotetop\']QUOTE(Drezard @ May 22 2006, 01:21 AM) [snapback]375975[/snapback][/div][div class=\'quotemain\'][!--quotec--]
The scripts are both in the same file and are called "login.php" and "login_sucess.php".

Do I have to set it as a header or can i just create a redirect file?

- Cheers, Daniel
[/quote]
okay you said here that it's called login_su[b][!--coloro:red--][span style=\"color:red\"][!--/coloro--]c[!--colorc--][/span][!--/colorc--][/b]ess.php with one c but in your code up above the header calls login_su[b][!--coloro:red--][span style=\"color:red\"][!--/coloro--]cc[!--colorc--][/span][!--/colorc--][/b]ess.php with two c's

also here:

[code]
session_start();
setcookie('user', $user, time()+36000*24*365);
if (isset($_GET[$user]))
{
    $user = $_GET[$user];
    }
setcookie('user', $user, time()+36000*24*365);
[/code]
you are trying to set a cookie named 'user' with value $user but that variable doesn't exist on this page. i think what you meant to do was like,

[code]
session_start();
if ($_SESSION['userinfo']) {
   $userinfo = $_SESSION['userinfo'];
   setcookie('user', $userinfo['user'], time()+36000*24*365);
}
//what is the following code for???
if (isset($_GET[$user]))
{
    $user = $_GET[$user];
    }
setcookie('user', $user, time()+36000*24*365);
[/code]
also the code after [!--coloro:red--][span style=\"color:red\"][!--/coloro--]//what is the following code for???[!--colorc--][/span][!--/colorc--] :

take it all out. take this out:

[code]
if (isset($_GET[$user]))
{
    $user = $_GET[$user];
    }
setcookie('user', $user, time()+36000*24*365);
[/code]

[.josh]

(sorry for double post mods; i thought it would auto ammend previous post but too late)

continued from above:

....but that won't show your message when you check to see if the cookie is set, the first time around. your entire login_success.php (or login_sucess.php) should look like this:

[code]
session_start();
if (!$_COOKIE['user']) {
   if ($_SESSION['userinfo']) {
      $userinfo = $_SESSION['userinfo'];
      setcookie('user', $userinfo['user'], time()+36000*24*365);
      header('Location: ' . $_SERVER['PHP_SELF']);  
   } else {
     echo "you are not logged in!"; exit;
   }
} else {

echo " congratz you are logged in, " . $_COOKIE['user'];
?>
[/code]