DeanWhitehouse Posted April 20, 2008 Share Posted April 20, 2008 If i am right cookies are used for remeber me functions, but i think sites now use sessions to keep people logged in as the remeber me function, and cookies to remeber there username and/or password. Is this right? Quote Link to comment Share on other sites More sharing options...
lewis987 Posted April 20, 2008 Share Posted April 20, 2008 Cookies are to keep the user logged in if they close the browser and sessions are used to keep the user logged in until they close their session or they have been inactive for more than 15 minutes (i think) Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 O rite, i didn't think cookies would work that way, i thought they just store the data i didn't no you can keep users logged in with it. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted April 20, 2008 Share Posted April 20, 2008 By default, sessions also use cookies. A session ID is stored in a cookie, so the server can keep track of which request relates to which session. It is possible to pass the session ID around in the URL. By default, sessions last till the browser is closed. This can be changed, however. And yes, you'll need to use cookies for a remember me feature. Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 Another import difference is that all data in sessions is stored on your server and is fairly secure, where data stored in cookies is stored on the users computer and is therefore subject to user tampering. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 So to not take up room on the forum, i will post my question here. I have a login page, when the user has logged in the page redirects to the create cookie page then this page redirects to the "next page", my problem is that there is a gap when redirecting where you can see the login page once logged in, how can i make it so that when you log in you go straight to the "next page" and the cookie is created. Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 You should be able to create the cookie in the same page that receives the POSTed login form data. Then you can redirect to the 'next page' Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 Erm, i kinda understand, can i show you what happens, http://deanwhitehouse.awardspace.co.uk/login.php the admin username is: Blade280891 and password: Natasha the non-admin username is: Bob and password: BOB How would i create the cookies in the same page, do i put my create cookie code into the if, instead of the redirection code?? Quote Link to comment Share on other sites More sharing options...
blackcell Posted April 20, 2008 Share Posted April 20, 2008 There is no limit on how long a session lasts if you use the bare minimum to create a session. The programmer can create a check that will reset a session if inactive for x amount of minutes. Otherwise I think sessions last until the browser is closed. Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 What do you mean by 'put my create code into the if'? What is 'the if'? You can send the cookie headers and then send the redirection headers in the same page. Are you using JavaScript for redirects? Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 erm, i can do, but at the moment i am using <meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'> Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 Sorry, that is what I meant by a 'Javascript' redirect. Why not just send a header('Location: http://yourdomain.com/where/ever/you_want_to.go'); redirect? That way the browser only gets the redirect header and doesn't display anything. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 erm because i have already sent a header on the first page, therefore won't i recieve an error. here is some of the code if this helps in the login code if ($user_level == 1) { echo "<meta http-equiv='refresh' content='2; url=../includes/setcookie.php?u=$username&p=$user_password'>"; } elseif ($user_level == 2){ echo "<meta http-equiv='refresh' content='2; url=../includes/setcookie.php?u=$username&p=$user_password'>"; } } else{ echo 'Login failed. Username and Password did not match database entries.'; } cookie code <?php $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>"; ?> Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 You can send multiple headers out. It's just the that you can't send headers after the data. There shouldn't be any need to output data(HTML) while you are processing the HTTP POST request. If you outputing HTML data while processing the login form, move the code that processes the login for to a seperate page or someting. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 ok, when i tried this code, i get a cannot modify header error for a split second then it works. if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../index.php'>"; } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>"; } } Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 Why are you using serialize() on the password before putting it in the cookie? Are the only headers you are sending out is the cookies ( via setcookie )? Have you checked to make sure that you are not sending out any data before setting the cookies Header errors: http://www.phpfreaks.com/forums/index.php/topic,37442.0.html Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 I didn't write the cookie code so i do not no what to change in it etc. this is the whole login code, without the form <?php require_once '../includes/main.inc.php'; require_once '../includes/db_connect.php'; require_once '../includes/config_table.inc.php'; require_once '../includes/header.php'; require_once '../includes/footer.php'; require_once '../nav_bar.php'; $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; $verify_username = strlen($user_name); $verify_pass = strlen($user_password); if ($verify_pass > 0 && $verify_username > 0) { $salt = substr($user_password, 0, 2); $userPswd = crypt($user_password, $salt); $sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;"; $result = mysql_query($sql); if (mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); $user_level = $row['userlevel']; if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../index.php'>"; } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>"; } } else{ echo 'Login failed. Username and Password did not match database entries.'; } } else { echo "Form was not completed. Please go back and make sure that the form was fully completed."; } mysql_close(); ?> Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 Assuming that the header.php, footer.php and nav_bar.php files are the ones that are printing the HTML, this is what I would do. This should only print out HTML if there was an error. IF there aren't any errors, the you should be able to send headers when ever you want <?php require_once '../includes/main.inc.php'; require_once '../includes/db_connect.php'; require_once '../includes/config_table.inc.php'; $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; // Only include the header and footers if you have to print errors function print_error($err_message) { require_once '../includes/header.php'; require_once '../includes/footer.php'; require_once '../nav_bar.php'; echo $err_message; exit; } $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; $verify_username = strlen($user_name); $verify_pass = strlen($user_password); if ($verify_pass > 0 && $verify_username > 0) { $salt = substr($user_password, 0, 2); $userPswd = crypt($user_password, $salt); $sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;"; $result = mysql_query($sql); if (mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); $user_level = $row['userlevel']; if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../index.php'>"; } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>"; } } else{ print_error( 'Login failed. Username and Password did not match database entries.'); } } else { print_error( "Form was not completed. Please go back and make sure that the form was fully completed."); } mysql_close(); ?> Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 er im not sure, all my code is in PHP not html but i think i no what to change. Also is there a way of redirecting back to the page the user was on. E.g they login on home.php and they get redirected to home.php not to the a set page. Would i use $_server Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 Yes, that is the way I handle it in my scripts I have an include file ('login.php') that I include in every page I want protected. It checks if the user is logged it, and if it isn't it will print the login form and set the from 'action' to the $_SERVER['REQUEST_URI']. Then the user POSTs the login form and once again the include file ('login.php') catches it ( because the login form has a different name then all of the other form names ), then if the information is correct, it will just refresh the page ( to remove the 'Are you sure you want to submit this data again' message that some browsers display if you hit refresh on a page that was a result of POSTing a form) and the next time around the session variablse will be setup and it will let it go though back to the page that included the file ('login.php'). Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 Can u have a look at this code and see why it doesn't work <?php require_once '../includes/main.inc.php'; require_once '../includes/db_connect.php'; require_once '../includes/config_table.inc.php'; $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; // Only include the header and footers if you have to print errors function print_error($err_message) { require_once '../includes/header.php'; require_once '../includes/footer.php'; require_once '../nav_bar.php'; echo $err_message; exit; } $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; $verify_username = strlen($user_name); $verify_pass = strlen($user_password); if ($verify_pass > 0 && $verify_username > 0) { $salt = substr($user_password, 0, 2); $userPswd = crypt($user_password, $salt); $sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;"; $result = mysql_query($sql); if (mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); $user_level = $row['userlevel']; if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../index.php'>"; } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>"; } } else{ print_error( 'Login failed. Username and Password did not match database entries.'); } } else { print_error( "Form was not completed. Please go back and make sure that the form was fully completed."); } mysql_close(); ?> admin centre code <?php require_once '../includes/main.inc.php'; require_once '../includes/db_connect.php'; require_once '../includes/config_table.inc.php'; require_once '../includes/header.php'; require_once '../includes/footer.php'; require_once '../nav_bar.php'; if ($_SESSION['is_valid'] == true){ if ($_SESSION['user_level'] == 2){ echo "incorrect permissions"; } if ($_SESSION['user_level'] == 1){ echo "<table class='admin'><form method='post' action='writ_pref.php'> <tr><td> Home Page:</td><td> <input type='text' name='main_page' value='$main_page'><br></td></tr> <tr><td> Site Name:</td><td> <input type='text' name='site_title' value='$site_title'><br></td></tr> <tr><td> Disclaimer: </td><td> <input type='text' name='site_disclaimer' value='$site_disclaimer'><br></td></tr> <tr><td> Intro:</td><td> <input type='text' name='intro' value='$intro'><br></td></tr> <tr><td></td><td><input type='submit' value='Continue' name='check'> </td></tr></form> </table>"; } } else { echo "login"; } //table where user enters the sites details ?> Any ideas i have worked out that the login form doesn't work now. the form requries all the files mentioned, so when u added this function print_error($err_message) { require_once '../includes/header.php'; require_once '../includes/footer.php'; require_once '../nav_bar.php'; echo $err_message; exit; } it stopped the code working. Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 Try print_r($_SESSION); at the top of that code to make sure your $_SESSION var is setup correctly. Please post all of you PHP code between code blocks Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 could this code be a problem, <?php session_start(); echo ("<title>$site_title</title>"); echo ("<link rel='stylesheet' type='text/css' href='../Themes/style.css' />"); echo ("<table class='title'><tr><td align='center'><h1>$custom_header</h1></td></tr></table>"); ?> this is header footer <?php echo "<p class='disclaimer'>$site_disclaimer</p>"; ?> and nav bar <?php if ($_SESSION['is_valid'] == true){ if ($_SESSION['user_level'] == 2){ echo "<table class='nav_bar'><tr><td> <a class='nav_bar' href='$home_page/$main_page'>$home</a> </td></tr><tr><td>Logged In</td></tr></table>"; } if ($_SESSION['user_level'] == 1){ echo "<table class='nav_bar'><tr><td> <a class='nav_bar' href='$home_page/$main_page'>$home</a> </td></tr><tr><td> <a class='nav_bar' href='/admin/admin_centre.php'>Admin Centre</a> </td></tr></table>"; } } else { echo " <table class='nav_bar'><tr><td> <a class='nav_bar' href='$home_page/$main_page'>$home</a> </td></tr></table>"; } ?> and home.php <html> <table id="time"><tr><td><?php echo gmdate('l jS \of F Y');?><br><?php echo gmdate('h:i:s A');?></td></tr></table> </html> <?php require_once 'includes/main.inc.php'; require_once 'includes/db_connect.php'; require_once 'includes/config_table.inc.php'; require_once 'includes/header.php'; require_once 'includes/footer.php'; require_once 'nav_bar.php'; ?> <?php if (is_dir(install)) { echo "<p class='exists'><br>Please remove the install folder</p>"; } else { echo "Please go to the admin centre to cutomise the site"; } echo "$intro"; ?> is it because the session_start(); is in the header? Quote Link to comment Share on other sites More sharing options...
dptr1988 Posted April 20, 2008 Share Posted April 20, 2008 Yes, my function 'print_error()' was just a guess at based on the names of your include files. I didn't know what files were need and which ones weren't. Make sure that you use the right include files. All of those files you listed in the last reply output HTML data. Are any of the included before the login code gets a chance to run? Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted April 20, 2008 Author Share Posted April 20, 2008 erm no, but because they are only included if there is an error, they won't run. How can i get around this, without having to recode alot of it? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.