Jump to content

Trouble setting cookies

raytri

By raytri
in PHP Coding Help

 Share

Recommended Posts

raytri Newbie

raytri

Posted
Posted

I'm trying to set cookies for the first time, and having no luck. No cookies get set.

 

For what it's worth I'm working on an Apache server.

 

I'm trying to set a cookie that will remember a user's login and password for the duration of the session so they don't have to keep re-logging in.

 

I have a login form that sends two variables: $username and $password. The code checks the name/password against a table to see if a match exists; if so, access is granted.

 

The first time someone logs in, the password is checked against the form variables: $username and $password. But I'm trying to have the page create a pair of cookies so that on subsequent passes the password will be checked against the cookies (in this case, UN for username and PW for password).

 

Right now the code works the first time, but not on subsequent passes (I get the "username not found" message). So it's reading the form data correctly, but not getting anything from the cookies. A check of the cookies list in my browser indicates the cookies simply aren't being created.

 

Here's the code:

 

$username = $_POST['username'];

$password = $_POST['password'];

 

setcookie("UN", $username);

setcookie("PW", $password);

 

 

if(isset($_COOKIE['UN']) and isset($_COOKIE['PW']))

{

$verify= mysql_query("SELECT * FROM Admin Where Admin.userName = '$UN' AND Admin.password = '$PW'");

}

else

{

$verify= mysql_query("SELECT * FROM Admin Where Admin.userName = '$username' AND Admin.password = '$password'");

}

 

$numRows= mysql_num_rows($verify);

 

if ($numRows == 1)

{

// let user see admin page

}

else

{

 

echo "<p>Username/password not found. Please go back and re-enter.</p><p><a href=\"../admin.html\">Back to login page</a></p>";

}

 

Thanks for helping out a newbie!

Link to comment
Share on other sites
phant0m Member

phant0m

Posted
Posted

well...

you've got quite some mistakes ;)

1st) I advise you to use sessions to keep track of a user on the webpage.

2nd) NEVER store a password in a cookie! It's "dangerous"!

3rd) You cannot set a cookie, and then read from it instantly. When you execute your code, you tell the client to SET a cookie. Next time you access some page of yours, your browsers SENDS a cookie to the server, which puts it in $_COOKIE. Even though you don't do this, it's important to know ;)

 

So much for the cookies...

 

As for the sessions:

On every page, put session_start() first. This creates or resumes a previous session. A session is some kind of array, which is persistent for ONE(well, hopefully just one ;)) user during a certain amount of time. You can store values to it, and fetch them again on an other page. So what do we do? We remember the username in the session, when he is logged in.

 

so, on your login.php - or whatever your login script is called, do something like this:

<?php
  session_start();
  $valid_input = true;
  if(!(isset($_POST['username']) && isset($_POST['password']))){
    $valid_input = false;  
  }
  else{
    $valid_input &= $_POST['username'] != '';
    $valid_input &= $_POST['password'] != '';
    if($valid_input){
      if(get_magic_quotes_gpc()){
        $username = stripcslashes($_POST['username']);
        $password = stripcslashes($_POST['password']);      
      }
      else{
        $username = $_POST['username'];
        $password = $_POST['password'];
      }
      $username = mysql_real_escape_string($username);
      $password = mysql_real_escape_string($password);
      $sql = "SELECT * FROM Admin Where userName = '".$username."' AND password = '".$password."' LIMIT 1";
      if($res = mysql_query($sql)){
        if(mysql_num_rows($res) == 1){
          //login was valid
          $_SESSION['username'] = $username;
        }
      }
      else{
        //something with the mysqlquery has gone wrong
      }
      
    }
  }
  if(!$valid_input){
    //username and/or password ahven't been set
  }
?>

 

 

create a function to check whether the user is logged in:

<?php
function is_user_logged_in(){
  return isset($_SESSION['username'] && $_SESSION['username'] != '';
}
?>

 

Also, you try to access $UN and $PW even though they have never been set.

 

Link to comment
Share on other sites
  • 3 weeks later...
claritydigital Newbie

claritydigital

Posted
Posted

hi all, thanks for this thread. I am experiencing the same problems as raytri. Damn cookie wont set... It worked one day, then I woke up, and it didnt work anymore.

 

The issue i have with using sessions is that they seem to lose persistance after the user is inactive(not going from page to page to refresh session) for 30 mins or so... Now this is why I want to use cookies. I dont want my users typing out long blog entries for instance, and then going to save them, and their session is dead, so they lose their work(so 1997). I know you can set a time for the session to expire, but I also read that this is unsafe. Ive also read session data can run heavily on your server if your site has alot of users, and that cookies is the best option for sites of this kind.... what do you think of this phant0m? Im still a learner, so this is a genuine question.

 

Thanks everyone

 

Clarity

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.