working with cookies in php

[DaveLinger]

Hokay. Here's the deal. I own and operate www.PCritics.com , a PC software/hardware/game review site, which is dynamically created with php and mysql for each page. I want to add a users' rating to each review, so that registered users can rate a game how they like it, and it submits it to a spot in that review's row which are all averaged together to show average user ratings. The problem is that the site is not very popular, so I want people to register before they can vote, so that no one can get a bunch of their forum pals to vote a game a 10/10 or 0/10 without everyone registering. I can handle the registration system, but I've never worked with cookies before. I dont want the user to have to log in each time they go to rate a game. How would I set a cookie when someone logs in and have the php script recognize it?

thanks

[poirot]

It's a long way to go, but just for a start:

[a href=\"http://www.php.net/setcookie\" target=\"_blank\"]http://www.php.net/setcookie[/a]
[a href=\"http://www.php.net/manual/en/reserved.variables.php#reserved.variables.cookies\" target=\"_blank\"]http://www.php.net/manual/en/reserved.vari...riables.cookies[/a]

[ober]

This is how I set my cookies:
[code]$userid = setcookie ("uid", $row['uid'], time()+315360000, "/Durb/", $_SERVER['HTTP_HOST']);
            $userlevel = setcookie ("level", $row['ulevel'], time()+315360000, "/Durb/", $_SERVER['HTTP_HOST']);
            $userval = setcookie ("user", $username, time()+315360000, "/Durb/", $_SERVER['HTTP_HOST']);
            $passval = setcookie ("pass", $password, time()+315360000, "/Durb/", $_SERVER['HTTP_HOST']);
            if(!$userval && !$passval && !$userlevel)
               exit('Your browser has cookies disabled.<br/>You need to have cookies enabled to view this site.<br/>');[/code]

This is how I check them on my login page:
[code]
if(!isset($_REQUEST['login']) && !isset($_REQUEST['logout']) && !isset($_REQUEST['signup']) && !isset($_REQUEST['forgotpass']))
    session_start();
if(!isset($_COOKIE['user']) && !isset($_REQUEST['logout']) && !isset($_REQUEST['signup']) && !isset($_REQUEST['approve']) && !isset($_REQUEST['forgotpass']))
{
    header("Location: login.php?redir=1");
    exit();
}
elseif(!isset($_REQUEST['logout']) && !isset($_REQUEST['signup']) && !isset($_REQUEST['forgotpass']))
{
    if(!isset($_COOKIE['user']))
    {
        header("Location: login.php?redir=1");
        exit();
    }
    else
    {
        $_SESSION['user'] = $_COOKIE['user'];
        $_SESSION['pass'] = $_COOKIE['pass'];
        $_SESSION['level'] = $_COOKIE['level'];
        if(isset($_COOKIE['uid']))
            $_SESSION['uid'] = $_COOKIE['uid'];
        else
        {
            require_once("../libs/err_handler.php");
            require_once("conn.php");
            $ehandle = new sql_handler(1, "", "top.php");
            $query = "SELECT uid FROM Users WHERE uname = '" . $_SESSION['user'] . "'";
            $result = $ehandle->update_query($query);
            $row = mssql_fetch_array($result);
            extract($row);
            $_SESSION['uid'] = $uid;
            $userid = setcookie ("uid", $uid, time()+315360000, "/Durb/", $_SERVER['HTTP_HOST']);
        }
        
        if(isset($_COOKIE['engineID']))
            $_SESSION['engid'] = $_COOKIE['engineID'];
        if(isset($_REQUEST['engid']))
        {
            $engid = setcookie ("engineID", $_REQUEST['engid'], time()+315360000, "/Durb/", $_SERVER['HTTP_HOST']);
            $_SESSION['engid'] = $_REQUEST['engid'];
        }
    }
}
[/code]

Obviously there's more to the login than that, but you basically transfer the cookie userid to the session and verify the username/password against the database values.

And that second code piece is at the top of ALL my pages within that application.