hoopplaya4 Posted February 2, 2009 Share Posted February 2, 2009 Hi All: I've been reading some tutorials on this one and have been attempting to set a cookie when a user logs in successfully and clicks the "Remember Me" checkbox. However, upon a successful login, it appears that the cookie is not being set. Here's my form (simple): <form action="scripts/process_login.php" method="POST"> <input type="text" name="username" maxlength="30" value="" placeholder="Username" /> <input type="password" name="password" maxlength="30" value="" placeholder="Password" /> <span>Remember me?</span><input type="checkbox" name="remember" value="yes" > <input type="submit" value="Login"> </form> And here's my login script: <?php session_start(); session_register('sessUsrFirstName'); session_register('sessUsrLastName'); session_register('username'); session_register('password'); session_register('sessUsrID'); session_register('sessPosition'); session_register('admin'); session_register('sessUsrEmail'); $strLOGONOK = 0; $usrName = $_POST["username"]; $usrPassword = $_POST["password"]; $sql = "SELECT usrID, usrFirst, usrLast, usrPosition, usrAdmin, usrEmail, usrLogin, usrPassword FROM tblUsers"; $sql .=" WHERE (usrPassword = '$usrPassword') AND (usrLogin = '$usrName') AND (usrActive = 1)"; //print($sql); require("../connection.php"); $rs=mysql_db_query($DBname,$sql,$link); if ($rs) { while ($row=mysql_fetch_array($rs)){ $strLOGONOK = 1; $_SESSION['sessUsrFirstName'] = $row['usrFirst']; $_SESSION['sessUsrLastName'] = $row['usrLast']; $_SESSION['sessUsrEmail'] = $row['usrEmail']; $_SESSION['sessUsrID'] = $row["usrID"]; $_SESSION['sessPosition'] = $row['usrPosition']; $_SESSION['admin'] = $row['usrAdmin']; $_SESSION['username'] = $row['usrLogin']; $_SESSION['password'] = $row['usrPassword']; } //end while } // end if else {$strLOGONOK = 0;} mysql_close($link); if ($strLOGONOK == 1){ if($_POST['remember] == "yes") { $expire = time() + 1728000; // Expire in 20 days setcookie('user', "username", $expire); setcookie('pass', "password", $expire); } if($_SESSION['admin'] == 1) { print" <script> window.location=\"../secure/admin.php\" </script> "; } } else { print" <script> window.location=\"../index.php?msg=1\" </script> "; } ?> So then, when a user is redirected to secure/admin.php, I've set at the top of the page for it to display: <?php print_r($_COOKIE); ?> And all it displays is: "Array ( [phpSESSID] => 9e3d0e30fb3c802fba846422eddb0071 )" So, it looks like it's not setting the cookie. Any ideas on how to get this working for me? Thanks! Quote Link to comment Share on other sites More sharing options...
gevans Posted February 2, 2009 Share Posted February 2, 2009 <?php if($_POST['remember] == "yes") { $expire = time() + 1728000; // Expire in 20 days setcookie('user', "username", $expire); setcookie('pass', "password", $expire); } should be <?php if($_POST['remember'] == "yes") { $expire = time() + 1728000; // Expire in 20 days setcookie('user', "username", $expire); setcookie('pass', "password", $expire); } Quote Link to comment Share on other sites More sharing options...
ialsoagree Posted February 2, 2009 Share Posted February 2, 2009 Be wary of saving the password unencrypted (if you are). Every page request to your server means that the user's password is zooming all over the internet for anyone to intercept. Even if the user is already logged in their browser still submits ALL cookies that go to that site. Quote Link to comment Share on other sites More sharing options...
gevans Posted February 2, 2009 Share Posted February 2, 2009 Be wary of saving the password unencrypted (if you are). Every page request to your server means that the user's password is zooming all over the internet for anyone to intercept. Even if the user is already logged in their browser still submits ALL cookies that go to that site. That's a very good point, I hadn't even looked at the string you were saving within setcookie(). You're not actually storing their details just the strings 'username' and 'password'. I'd recommend only using the username in the cookie and maybe a UID that will match up with a stored one in the db, that way someone can't just re-create a cookie with a username and find themself loffed in as anyone. Quote Link to comment Share on other sites More sharing options...
hoopplaya4 Posted February 2, 2009 Author Share Posted February 2, 2009 Thanks for the replies. You're right about the encryption, I actually stripped it down just to keep things simple. I'm not in front of a computer right now, but I'll try the change in a bit. Thanks. Quote Link to comment Share on other sites More sharing options...
hoopplaya4 Posted February 3, 2009 Author Share Posted February 3, 2009 Okay, so I tried making the changes as you suggested, but I am still getting the same issue. Those cookies I am trying to create are not being displayed. Any other suggestions on why this wouldn't be working? Quote Link to comment Share on other sites More sharing options...
gevans Posted February 4, 2009 Share Posted February 4, 2009 Why don't you show your code then we can see if there's any errors with your syntax Quote Link to comment Share on other sites More sharing options...
hoopplaya4 Posted February 4, 2009 Author Share Posted February 4, 2009 That's all the code I'm using in my first post above. :-\ Quote Link to comment Share on other sites More sharing options...
gevans Posted February 4, 2009 Share Posted February 4, 2009 what code are you using to call them on the next page? Quote Link to comment Share on other sites More sharing options...
hoopplaya4 Posted February 4, 2009 Author Share Posted February 4, 2009 I'm using: <?php print_r($_COOKIE); ?> Also, I know it's not a browser issue on my end, because I can manually set a cookie at the top of the admin.php page by placing <? setcookie('user', "demoa", $expire); ?> right after session start. And the cookie is being displayed fine with print_r. Do sub-directories have anything to do with it? For example, I'm setting the cookie in scripts/process_login.php and trying to view the cookie in secure/admin.php Quote Link to comment Share on other sites More sharing options...
hoopplaya4 Posted February 4, 2009 Author Share Posted February 4, 2009 Any ideas? Quote Link to comment Share on other sites More sharing options...
hoopplaya4 Posted February 4, 2009 Author Share Posted February 4, 2009 Ok, so I think it does have something do with the directory in which the cookie is set. As I previously mentioned, the cookie is being set in /scripts/process_login.php, so I created a test file: /scripts/test.php. This test is able to display the cookie. I guess I'm going to have to do some research on it, and how to set the path. Quote Link to comment Share on other sites More sharing options...
hoopplaya4 Posted February 4, 2009 Author Share Posted February 4, 2009 Looks like I totally overlooked this (http://us3.php.net/setcookie) somehow: path The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain . If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain . The default value is the current directory that the cookie is being set in. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.