Reading cookies with php?

[wizjr101]

I guess i just dont understand how cookies work.  I've been tinkering with this for 2 days now.

 

Here is my final script after tinkering with it. It never reads or finds the cookie at all and just redirects to the kraft.com page. I can see the cookie and read it from the browser in FF or IE so I know its there, the script just cant find it. If anyone can put me in the right direction as to how to do this I would be grateful.

<?php
	if (!isset($_COOKIE["rchjr"])){
		header("location:http://www.kraft.com");
		exit();
	}else{
		exit(); 
	}	
?>

 

What the whole thing needs to do is this

1. User logs in and is verified. "DONE this works"

2. cookie is then placed. "DONE this works"

3. sent to home.php "DONE this works

4. home.php need to verify that an active cookie is there. if not send that person to the login page else do nothing/exit script.  "This is the script above and does not work"

5. all other pages need to verify that an active cookie is there. if not send that person to the login page else do nothing/exit script.  "This is the script above and does not work".

 

Can this work this way or do I need to do something completely different?

Thank you so far for everyone's help.

[jonsjava]

do you have session_start(); at the top of home.php?

[kenrbnsn]

session_start() has nothing to do with cookies.

 

Ken

[jonsjava]

wrong response to wrong post. need to close some tabs out so I don't make that mistake again.

[kenrbnsn]

Ok.

 

To the OP --- how are you setting the cookie?

 

Ken

[siddscool19]

I think something is wrong with if function it should be like this

 

<?php
      if (!isset($_COOKIE["rchjr"])){
         exit();
      }else{
         header("location:http://www.kraft.com");
         exit();
      }   
?>

[PFMaBiSmAd]

 

 

You should not use just the existence of a cookie or a cookie with a specific "logged in" value to determine if someone is logged in. A lot of the early "name brand" php scripts were broken into because they used cookies like "admin" with a value of "1" for someone to be logged in as an administrator.

 

Your cookie should hold a unique identifier (see uniqid for how you might generate a unique id) that is also stored in the row for that visitor in your user table. You then identify that visitor by finding his row in the user table by matching the unique id from the cookie. The simplest and most secure way of determining if a user is logged in or not is to store that state in the row for that visitor in the user table. You can then retrieve that state when you want to determine if a user is logged in or not. By doing it this way you have a single point of control (one piece of data) that determines the logged in/out status in case you need an administrative function to disable an account of someone who is abusing your site or if you need to have a cron job automatically log out accounts after a period of inactivity.

[wizjr101]

I've move everything over to a closed server with all error reporting on. This is a testing server and not open to the world so Im not worried about security at this point.

 

index.php - login page

loginprocess.php - verifies login then sets cookie. login failure goes back to index.php else it goes to readcookie.php

readcookie.php - this is the script that verifies there is a cookie. if not send back to index.php else exit script and display html.

Here is the loginprocess script. It works fine.

# <?php
#         $username = $_POST['username'];
#         $password = $_POST['password'];
#         if($username=="james" && $password=="bond"){
#         setcookie("rchjr","true",time()+3600);
#         header("location:http://example.com/readcookie.php");
#         }else{
#         header("location:http://example.com/index.php");
#         }
# ?>

 

 

 

This is readcookie.php nothing else is on the page.

Its the reading of the cookie that wont function. per the last posted suggestion I changed it to this. It still does not work.

# <?php
#         if (!isset($_COOKIE["rchjr"]) || $_COOKIE['rchjr']!='true'){
#             header("location:http://www.kraft.com");       
#         }
# ?>

Ive tried this on 2 different servers thinking it might be something there. no differences. I'm completely confused.

[kenrbnsn]

Why are all your lines commented out?

 

Instead of using the header() function in readcookie.php, do

<?php
echo '<pre>' . print_r($_COOKIE,true) . '</pre>';  // see whats in the $_COOKIE array
         if (!isset($_COOKIE["rchjr"]) || $_COOKIE['rchjr']!='true'){
             exit('cookie either not set or not correct');       
         }
?>

 

Ken

[wizjr101]

Forgot to uncomment before I copied them - sorry.

 

Nothing shows up just a blank page generated.  Its like it cant find the cookie.  I know the cookie is there, i check in the browser and it shows up.  I delete it and relogin and its there again.  So I know that part is working.

 

Maybe I just need to dump the cookie thing and try to figure out sessions?  Never worked with them so guess now is as any time to start.

[PFMaBiSmAd]

Your setcookie() is not setting the path or the domain, so, if you are redirecting back and forth between www.yourdomain.com and yourdomain.com or between different folders, then the cookie won't match the URL being requested and the browser won't send it to the server. What do the URL's of your various files look like?

 

By default, the session id is propagated using a cookie, so you will need to find out why your existing code using a cookie is not working in order to get sessions to work. Any chance you have set your browser to only uses cookies for certain domains?