Jump to content

[SOLVED] Is there a significant difference in the way PHP 4 and PHP 5 handle setcookie()?

bothwell

By bothwell
in PHP Coding Help

 Share

Recommended Posts

bothwell Member

bothwell

Posted
Posted

Need to diagnose why a login system isn't working right. My dev box is PHP 5, the production server I'm working with is PHP 4. For some reason the production server isn't setting cookies when it should:

 

if(! empty($_GET['user']) ) {

	if( login_user($_GET['user'],$_GET['password']) ) {

		setcookie(COOKIE_NAME,md5( $_GET['user'] . COOKIE_NAME . md5($_GET['password']) ), time() + 3600, '/');
		$_SESSION['logged'] = $_GET['user'];

		if(! empty($_GET['referrer']) && strpos($_GET['referrer'],'/auth/') === false) {
			$redirect = $_GET['referrer'];
		} else {
			$redirect = '../index.php';
		}

		header('Location: '. $redirect);
		exit;
	}

 

Works great on PHP 5, but nada on PHP 4. Anybody able to point me at where I'm going wrong?

 

Thanks!

 

premiso Regular Member

premiso

Posted
Posted

Should not be any difference, honestly. I do notice you are not setting a domain, that may have something to do with it. Try setting the domain in the cookie and see if it works.

 

Changelog

 

Version Description

5.2.0 The httponly parameter was added

 

That is the only change in setcookie to PHP5, which does not effect you with the code provided.

premiso Regular Member

premiso

Posted
Posted

Nope, no difference with adding the domain either. It's very puzzling. It couldn't be something to do with the server configuration, could it?

 

So it works on your local server, which is PHP 5, but no on production which is PHP4, by chance is there a timezone difference? 1 hour has the flaw of timezones, say your server is one hour ahead and the cookie is set on your local machine, it has already expired. I am not sure if this is 100% true, I have heard issues about that.

 

Try setting the cookie for 24 hours and see what happens.

bothwell Member

bothwell

Posted
  • Author
Posted

Well, that didn't work either, so I started trying crazy stuff. Looks like the cookie isn't being set because the DB query that looks for the user is returning no rows (  ??? ).

 

function login_user($user,$password) {

$q = sprintf("SELECT * FROM user WHERE login='%s' AND password=MD5('%s')",
	mysql_escape_string($user),
	mysql_escape_string($password)
);

$r = mysql_query($q)
	or die( mysql_error() );

if( mysql_num_rows($r) < 1 ) {
	//return false;
	print "function is failing here";
} else {
	return mysql_fetch_assoc($r);
}
}

 

There doesn't really seem to be anything there that would be obviously causing a problem, though.

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

So, have you checked what is in $user and $password by echoing them at that point in the code and have you checked in the database if there is a row where login has the value you are putting in $user and password has the value you get when you do MD5($password)?

printf Newbie

printf

Posted
Posted

Where does COOKIE_NAME come from? I would use header() and set a raw cookie. setcookie() and me hate each other!

 

 


$name  = 'cookie_name';       // the cookie name
$value = 'cookie_value';      // the cookie value
$domain = 'www.site.com';     // the domain name, leave empty if localhost, 127.0.0.1
$path       = '/';            // the path where the cookie is valid
$expire     = time () + 3600; // the cookie expire time
$javascript = true;           // allow javascript cookie access



function auth_cookie ( $name, $value, $domain, $path, $expire, $javascript )
{
header ( 'Set-Cookie: ' . rawurlencode ( $name ) . '=' . rawurlencode ( $value ) . '; expires=' . gmdate ( 'l, d-M-Y H:i:s \G\M\T', $expire ) . '; path=' . $path . ( empty ( $domain ) ? '' : '; domain=' . $domain ) . ( $javascript ? '' : '; HttpOnly' ), false );

return;
}

auth_cookie ( $name, $value, $domain, $path, $expire, $javascript );

bothwell Member

bothwell

Posted
  • Author
Posted

So, have you checked what is in $user and $password by echoing them at that point in the code and have you checked in the database if there is a row where login has the value you are putting in $user and password has the value you get when you do MD5($password)?

 

Yep! $user and $password both pass the correct values through the login_user function, and the database record I'm testing on matches exactly on my dev box and on the production one. I even copied the md5 hash in, so I'm absolutely sure they're identical.

 

Oh, holy moly - I've just worked it out. The production database had varchar(30) for the password column so it was truncating all the MD5 hashes. Lol, I can't believe it took me so long to figure this out.

 

Thanks for your help, guys! :D

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.