Jump to content

Archived

This topic is now archived and is closed to further replies.

localhost

doesnt set cookie?

Recommended Posts

for some reason, i was switching my system from sessions to cookies, and well, my login will not set the cookie, therefore the site thinks you are not logged in messing up alot of things.

if you can think of anything, please let me know.

code:
[code]
<?php
# ini_set('error_reporting', E_ALL);
?><head>
<style type="text/css">
<!--
.loginheader {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: x-small;
font-style: normal;
line-height: 24px;
font-weight: normal;
font-variant: normal;
text-transform: none;
color: #FFFFFF;
background-image: url(cat.jpg);
background-repeat: no-repeat;
background-position: center top;
width: 650px;

}
</style>
</head>

<?php

$where = $_SERVER['HTTP_REFERER'];

include('inc/connect.php');
include('inc/class_core.php');
include('inc/config.php');

$login = $_COOKIE['username'];

/* ######## IF ALREADY LOGGED IN REDIRECT TO HOME ######## */
if($login)
{
echo "<script>window.location=\"index.php\"</script>";
}

if ($_POST['username']) {
$username=$_POST['username'];
$password=$core->encrypt($_POST['password']);
if ($password==NULL) {
echo "<font face='verdana' size='2'>No password given.";
}else{
$query = mysql_query("SELECT username,password FROM {$TABLE_PREFIX}_users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($query);
if($data['password'] != $password) {
echo "Incorrect login, try again.";
}else{
$query = mysql_query("SELECT username,password FROM {$TABLE_PREFIX}_users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$value = $row['username'];

/* ###### SET THE COOKIE TITLED TO THE USERNAME THEY LOGGED IN AS ###### */
setcookie("username", $value, -1);

/* ###### REDIRECT TO HOME PAGE ###### */
echo "<script>
window.location=\"index.php\"
</script>";
}
}
}
?>

<center>
<div class="loginheader">Login</div>


<table border="1" width="650">
  <tr>
    <td height="226">
<Center>
<font face="verdana" size="2">
If you do not have an account please <A href="register.php">Sign up</A> for free, if you have an account but have
lost your password then click <a href="#">here</a>.
<br />
<br />
<form action="login.php" method="POST">
Username:
<input type="text" name="username" value="Username" onFocus="this.value=''" />
<br />
    Password:
<input type="password" name="password" value="Password" onFocus="this.value=''" />
<br />
<input type="submit" name="submit" value="Login" />
</form>
<Br />
</td>
</tr>
</table>
<?php
include('footer.php');
echo "<br><br><br>";
include('poweredby.php');
?>
</center>
[/code]

Share this post


Link to post
Share on other sites
Quite simply you have set the expire time on your cookie to -1 second ergo the cookie will be deleted immediately...

set it to something useful like 3600 * 24 * 28 (4 weeks).

PS This is my take on cookies --- i have seen many people use set cokkie several times in one script asigining new cookie name each time. I personnally only ever set one cookie (if at all) and use a delimiter to separate the value. This means only one cookie header is sent and all the information is still available.

I have never looked at the efficiency of multiple cookies versus delimited ones - hopefully someone will add their comment and the matter.

Share this post


Link to post
Share on other sites
setcookie("username", $value, time()+3600 * 24 * 28); //  Sets cookie to username, expires in 4 weeks.

That still does not work, doesn't set the cookie in my cookies at all!

Share this post


Link to post
Share on other sites
1st) To set up cookie you have to do in a header, before ANY HTML CODE !!!
that PHP code where you are setting cookies have to be where you have
# ini_set('error_reporting', E_ALL);

2st) If you cannot move this code you have to use : Output Buffering

try to find some tutorials about ob_start(); ob_flush(); ob_end_flush();

It will definetly help you...

Share this post


Link to post
Share on other sites
Pardon? How would I put it on top of everything when its only supposed to be set once they have entered in the corregct user information? I am almost positive it can work without being at the top.

Share this post


Link to post
Share on other sites
I said too..one time.... try to use
$check_status ....
on the top use :
if ($check_status == 1) {
setcookie (blablabla);
}


and and then use form...

But if it will not work..use ob_flush();


Its a pretty powerfull tool in PHP...

Share this post


Link to post
Share on other sites
localhost you dont actually need your PHP within the HTML Code. You should move your PHP code above your html code. Otherwise you wont be able to set a cookie. You cannot use header/setcookie when your have already sent html code to the browser. You should always process your PHP code, before any HTML code is sent to the browser.

Also teh way you are checking the username/password is an ineffeciant way of doing it. You should select both the username and password within your SQL Query. MySQL will then check whether the password matches the password within the database for the username specified.

Also rather than echoing your errors, you should setup an error var, which will store your errors. Then when you goto show the login form, you should check whether there is any errors, if there are display them.

This is a much more better cleaner way of doing what you want to do. Here is your new code:
[code]<?php
// process PHP before HTML, after HTML has been sent

$where = $_SERVER['HTTP_REFERER'];

include 'inc/connect.php';
include 'inc/class_core.php';
include 'inc/config.php';

// chekc the user isn't logged in first
if(isset($_COOKIE['username']))
{
    // if they are we'll redirect them
    header('Location: index.php');
}
// if they arent logged in, we'll now attempt to log them in
elseif (isset($_POST['username']))
{
    // check password has been filled in
    if (empty($_POST['password']))
    {
        // if it is, set the error
        $error = 'No password given';
    }
    else
    {
        // prepare the username and passwoprd
        // use mysql_real_escape_string to prevent SQL Injection attacks!
        $username = mysql_real_escape_string($_POST['username']);
        $password = $core->encrypt($_POST['password']);

        // Prepare our query
        $sql = "SELECT username, `password` FROM {$TABLE_PREFIX}_users WHERE username = '$username' AND `password`= '$password'";
        $result = mysql_query($sql) or die(mysql_error());

        // now check that MySQL return only 1 result
        // if it did, we set the cookie and redirect the user
        if(mysql_num_rows($result) == 1)
        {
            $user = mysql_fetch_assoc($result);
            /* SET THE COOKIE TITLED TO THE USERNAME THEY LOGGED IN AS */
            setcookie("username", $user['username'], time()+43200);

            /* ###### REDIRECT TO HOME PAGE ###### */
            header("Location: index.php");
        }
        // other wise we set an error!
        else
        {
            $error = 'Incorrect login, try again.';
        }
    }
}
?>
<head>
<style type="text/css">
.loginheader {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: x-small;
font-style: normal;
line-height: 24px;
font-weight: normal;
font-variant: normal;
text-transform: none;
color: #FFFFFF;
background-image: url(cat.jpg);
background-repeat: no-repeat;
background-position: center top;
width: 650px;

}
</style>
</head>
<body>

<center>
<div class="loginheader">Login</div>


<table border="1" width="650"><?php
// chekc that the error variable exists, if it does theres an error, so we display it
if(isset($error)) { ?>
  <tr>
    <td style="color: #FF0000"><?php echo $error; ?></td>
  </tr>
<?php
}
// end error display!
?><tr>
    <td height="226">
<center>
<font face="verdana" size="2">
If you do not have an account please <A href="register.php">Sign up</A> for free, if you have an account but have
lost your password then click <a href="#">here</a>.
<br />
<br />
<form action="login.php" method="POST">
Username:
<input type="text" name="username" value="Username" onFocus="this.value=''" />
<br />
    Password:
<input type="password" name="password" value="Password" onFocus="this.value=''" />
<br />
<input type="submit" name="submit" value="Login" />
</form>
<Br />
</td>
</tr>
</table>
<?php
include 'footer.php';
echo '<br><br><br>';
include 'poweredby.php';
?>
</center>[/code]
Also I have set the cookie to expire after 12hours have passed, with this:
[code]setcookie("username", $user['username'], time()+43200);[/code]
Have a read of the comments within the code to see whats going on.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.