[SOLVED] Cookies Help

[Ne.OnZ]

Hello, I seem to be having a problem with cookies. After I enter my login information, nothing happens. Here's the code before the <html> tag:

 

<?php

include("includes/Connect.php");
include("includes/functions.php");
mysql_select_db("divnxn5_web");

$user = $_POST['username'];
$pass = md5($_POST['password']);

//MYSQL Injection
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);

session_start();

if($_POST['login']) {

     $sql = "SELECT * FROM users WHERE username = '$user' AND password = '$pass' AND rank > '1'";
     $res= mysql_query($sql) OR die(mysql_error());

    while($arrayid=mysql_fetch_array($res)) {
$id = $arrayid['rank'];
     }

     if(mysql_num_rows($res) == 1 && isset($_POST['cookie'])) {
setcookie("user", $user, time()+(60*60*24*365));
setcookie("rank", $id, time()+(60*60*24*365));
     }
     else if(mysql_num_rows($res) == 1 && !isset($_POST['cookie'])) {
$_SESSION['username'] = $user;
        $_SESSION['id'] = $id;
     }
     else {
        $msg = "Invalid Username Or Password! <a href='index.php?page=Help'>Forgot Pass?</a>";
        $err = "1";
     }
}

?>

 

It doesn't say Invalid username or password, so I'm guessing there is nothing wrong there. Also if I don't hit remember me to start the cookie, the session works just fine. Here's the Login Form:

 

	<?php
if($_SESSION['username'] || $_COOKIE["user"]) {
	logged();
}

if(!$_SESSION['username'] || !$_COOKIE['user']) {
	echo "<form action='#' method='post'>
	         <fieldset id='log'>";

	if($err=="1") {
		echo "<legend style='color: #00C5CD'>$msg</legend>";
	} else {
		echo "<legend>  Welcome Guest! Please Login or <a href='index.php?page=Register'>Register!	

	         </a></legend>";
	}

	echo "<label for='username' class='login'>Username:</label>
    		<input type='text' name='username' id='username' tabindex='1' style='width: 70px' />
              	<br />
    		<label for='password' class='login'>Password: </label>
    		<input type='password' name='password' id='password' tabindex='2' style='width: 69px' /> 
	<p />
	<div class='login'><input type='checkbox' id='cookie' name='cookie' tabindex='3' />Remember Me</div>
    		<input type='submit' value='Login' name='login' id='login' tabindex='4' class='user' />
    		<input type='reset' value='Clear' tabindex='5' class='user' />

	</fieldset>
	</form>";
}
?>

 

As I said before, session works just fine, only cookie is giving me problems. Any help would be appreciated. Thank You!

[Fadion]

Try placing the session_start() at this line:

 

else if(mysql_num_rows($res) == 1 && !isset($_POST['cookie'])) {
    session_start(); //<<here
    $_SESSION['username'] = $user;
    $_SESSION['id'] = $id;
}

 

Tried this myself and the cookie was only set when session_start() was called after it. Dont have an explanation as it doesnt seem a "headers already sent" problem. Try it and see if it works.

[Ne.OnZ]

Thank You! That worked beautifully! But I just have two more problems with page updating and deleting the cookie now. If I was to login with sessions, the page would update right away and show you a Welcome Message. With Cookies, I have to navigate to a different page for the Welcome Message to show. And for the deleting the cookie, I have this:

 

<?php
$user = $_COOKIE['user'];
$id = $_COOKIE['rank'];

session_destroy();
setcookie("user", $user, time()-(60*60*24*365));
setcookie("rank", $id, time()-(60*60*24*365));
?>

<script type="text/javascript">
document.location.href = "index.php";
</script>

 

It doesn't delete the cookie when I click logout. Am I missing something here with these 2 issues? Thank You Again! 

 

EDIT: I also tried putting session_destroy() after setcookie() and still no luck.

[redarrow]

unset($varable)

session_destroy()

[gamefreak13]

Also.. remove the javascript and add this above the closing bracket. If your visitor has javascript disabled they will just see a blank page.. plus that is invalid HTML because the html, head, and body tags are missing.

 

header("location: index.php");

[Ne.OnZ]

I changed the javascript to header and I get this error:

 

Warning: Cannot modify header information - headers already sent by (output started at /home/divnxn5/public_html/index.php:54) in /home/divnxn5/public_html/includes/logout.php on line 12.

 

Just for some information, your always on the index page on my page. I have a lot of includes. You can check here:

 

http://divnx.net/

 

Also, (output started at /home/divnxn5/public_html/index.php:54) = does that 54 mean line 54?

 

Thank You Again!

[gamefreak13]

According to your code I do not see any other headers being sent or any data before it. Headers must be sent before ANY content is shown, but after everything thats needs to be run is done.

 

This would work :

 

<?php

$user = $_COOKIE['user'];
$id = $_COOKIE['rank'];

session_destroy();
setcookie("user", $user, time()-(60*60*24*365));
setcookie("rank", $id, time()-(60*60*24*365));
header("location: index.php");

?>

 

But these examples below would not..

 

<?php

$user = $_COOKIE['user'];
$id = $_COOKIE['rank'];

session_destroy();
setcookie("user", $user, time()-(60*60*24*365));
setcookie("rank", $id, time()-(60*60*24*365));
echo "Hello world";
header("location: index.php");

?>

 

<?php

include("header.php");

$user = $_COOKIE['user'];
$id = $_COOKIE['rank'];

session_destroy();
setcookie("user", $user, time()-(60*60*24*365));
setcookie("rank", $id, time()-(60*60*24*365));
header("location: index.php");

?>

 

<html>

<body>

<?php

$user = $_COOKIE['user'];
$id = $_COOKIE['rank'];

session_destroy();
setcookie("user", $user, time()-(60*60*24*365));
setcookie("rank", $id, time()-(60*60*24*365));
header("location: index.php");

?>

</body>

</html>

[gamefreak13]

Also.. I assume that code is it's own page like logout.php. Otherwise, do something like index.php?do=logout. The log out page should not contain anything else except the code I quoted. Your members do not see the page as it happens in a split second, so there is no need to do a layout or anything since you're redirecting them to your homepage again anyway.

 

So if your on index.php, click index.php?do=logout, it will execute the code and then instantaneously redirect you to index.php.

 

This would work in index.php :

 

if($_GET['do'] == "logout") {

$user = $_COOKIE['user'];
$id = $_COOKIE['rank'];

session_destroy();
setcookie("user", $user, time()-(60*60*24*365));
setcookie("rank", $id, time()-(60*60*24*365));
header("location: index.php");
exit();

}

[Ne.OnZ]

Thank You gamefreak13!!  :) Deleting and destroying the session work now! Any idea on the other issue of it not displaying the welcome message until you navigate to a new page? Would I have to redirect them?

 

Thank You Again!  :)

[gamefreak13]

I don't really understand the problem? Can you re-explain it? And without knowing how the functions are setup, it's pretty hard to understand it.

 

Also, you can simplify the following code alot.

 

<?php

include("includes/Connect.php");
include("includes/functions.php");
mysql_select_db("divnxn5_web");

$user = $_POST['username'];
$pass = md5($_POST['password']);

//MYSQL Injection
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);

 

Put mysql_select_db("divnxn5_web"); in includes/Connect.php under mysql_connect. Make sure to remove it from any files that include the Connect.php file, because otherwise it will select it twice.

 

<?php

include("includes/Connect.php");
include("includes/functions.php");

$user = mysql_real_escape_string(stripslashes($_POST['username']));
$pass = md5(mysql_real_escape_string(stripslashes($_POST['password'])));

[Ne.OnZ]

Thank You again gamefreak13! Don't worry about the problem anymore, I fixed it. Also, thanks for the info on simplifying the code.

 

Cheers!  :)