Jump to content


Photo

doesnt set cookie?


  • Please log in to reply
7 replies to this topic

#1 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 23 July 2006 - 09:58 PM

for some reason, i was switching my system from sessions to cookies, and well, my login will not set the cookie, therefore the site thinks you are not logged in messing up alot of things.

if you can think of anything, please let me know.

code:
<?php
# ini_set('error_reporting', E_ALL);
?><head>
<style type="text/css">
<!--
.loginheader {
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: x-small;
	font-style: normal;
	line-height: 24px;
	font-weight: normal;
	font-variant: normal;
	text-transform: none;
	color: #FFFFFF;
	background-image: url(cat.jpg);
	background-repeat: no-repeat;
	background-position: center top;
	width: 650px;
	
}
</style>
</head>

<?php

$where = $_SERVER['HTTP_REFERER'];

include('inc/connect.php');
include('inc/class_core.php');
include('inc/config.php');

$login = $_COOKIE['username'];

/* ######## IF ALREADY LOGGED IN REDIRECT TO HOME ######## */
if($login)
{
echo "<script>window.location=\"index.php\"</script>";
}

if ($_POST['username']) {
$username=$_POST['username'];
$password=$core->encrypt($_POST['password']);
if ($password==NULL) {
echo "<font face='verdana' size='2'>No password given.";
}else{
$query = mysql_query("SELECT username,password FROM {$TABLE_PREFIX}_users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($query);
if($data['password'] != $password) {
echo "Incorrect login, try again.";
}else{
$query = mysql_query("SELECT username,password FROM {$TABLE_PREFIX}_users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$value = $row['username'];

/* ###### SET THE COOKIE TITLED TO THE USERNAME THEY LOGGED IN AS ###### */
setcookie("username", $value, -1);

/* ###### REDIRECT TO HOME PAGE ###### */
echo "<script>
window.location=\"index.php\"
</script>";
}
}
}
?>

<center>
<div class="loginheader">Login</div>


<table border="1" width="650">
  <tr>
    <td height="226">
<Center>
	<font face="verdana" size="2">
	If you do not have an account please <A href="register.php">Sign up</A> for free, if you have an account but have
	lost your password then click <a href="#">here</a>.
	<br />
	<br />
	<form action="login.php" method="POST">
	 Username: 
<input type="text" name="username" value="Username" onFocus="this.value=''" />
<br />
     Password: 
<input type="password" name="password" value="Password" onFocus="this.value=''" />
<br />
<input type="submit" name="submit" value="Login" />
</form>
<Br />
</td>
</tr>
</table>
<?php 
include('footer.php');
echo "<br><br><br>";
include('poweredby.php');
?>
</center>


#2 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 23 July 2006 - 11:19 PM

Quite simply you have set the expire time on your cookie to -1 second ergo the cookie will be deleted immediately...

set it to something useful like 3600 * 24 * 28 (4 weeks).

PS This is my take on cookies --- i have seen many people use set cokkie several times in one script asigining new cookie name each time. I personnally only ever set one cookie (if at all) and use a delimiter to separate the value. This means only one cookie header is sent and all the information is still available.

I have never looked at the efficiency of multiple cookies versus delimited ones - hopefully someone will add their comment and the matter.
follow me on twitter @PHPsycho

#3 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 23 July 2006 - 11:27 PM

setcookie("username", $value, time()+3600 * 24 * 28); //  Sets cookie to username, expires in 4 weeks.

That still does not work, doesn't set the cookie in my cookies at all!

#4 crashmaster

crashmaster
  • Members
  • PipPipPip
  • Advanced Member
  • 169 posts
  • LocationCzech Republic, Prague

Posted 23 July 2006 - 11:28 PM

1st) To set up cookie you have to do in a header, before ANY HTML CODE !!!
that PHP code where you are setting cookies have to be where you have
# ini_set('error_reporting', E_ALL);

2st) If you cannot move this code you have to use : Output Buffering

try to find some tutorials about ob_start(); ob_flush(); ob_end_flush();

It will definetly help you...
I'll never be the same...

#5 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 23 July 2006 - 11:41 PM

Pardon? How would I put it on top of everything when its only supposed to be set once they have entered in the corregct user information? I am almost positive it can work without being at the top.

#6 crashmaster

crashmaster
  • Members
  • PipPipPip
  • Advanced Member
  • 169 posts
  • LocationCzech Republic, Prague

Posted 23 July 2006 - 11:45 PM

I said too..one time.... try to use
$check_status ....
on the top use :
if ($check_status == 1) {
setcookie (blablabla);
}


and and then use form...

But if it will not work..use ob_flush();


Its a pretty powerfull tool in PHP...
I'll never be the same...

#7 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 24 July 2006 - 11:39 AM

localhost you dont actually need your PHP within the HTML Code. You should move your PHP code above your html code. Otherwise you wont be able to set a cookie. You cannot use header/setcookie when your have already sent html code to the browser. You should always process your PHP code, before any HTML code is sent to the browser.

Also teh way you are checking the username/password is an ineffeciant way of doing it. You should select both the username and password within your SQL Query. MySQL will then check whether the password matches the password within the database for the username specified.

Also rather than echoing your errors, you should setup an error var, which will store your errors. Then when you goto show the login form, you should check whether there is any errors, if there are display them.

This is a much more better cleaner way of doing what you want to do. Here is your new code:
<?php
// process PHP before HTML, after HTML has been sent

$where = $_SERVER['HTTP_REFERER'];

include 'inc/connect.php';
include 'inc/class_core.php';
include 'inc/config.php';

// chekc the user isn't logged in first
if(isset($_COOKIE['username']))
{
    // if they are we'll redirect them
    header('Location: index.php');
}
// if they arent logged in, we'll now attempt to log them in
elseif (isset($_POST['username']))
{
    // check password has been filled in
    if (empty($_POST['password']))
    {
        // if it is, set the error
        $error = 'No password given';
    }
    else
    {
        // prepare the username and passwoprd
        // use mysql_real_escape_string to prevent SQL Injection attacks!
        $username = mysql_real_escape_string($_POST['username']);
        $password = $core->encrypt($_POST['password']);

        // Prepare our query
        $sql = "SELECT username, `password` FROM {$TABLE_PREFIX}_users WHERE username = '$username' AND `password`= '$password'";
        $result = mysql_query($sql) or die(mysql_error());

        // now check that MySQL return only 1 result
        // if it did, we set the cookie and redirect the user
        if(mysql_num_rows($result) == 1)
        {
            $user = mysql_fetch_assoc($result);
            /* SET THE COOKIE TITLED TO THE USERNAME THEY LOGGED IN AS */
            setcookie("username", $user['username'], time()+43200);

            /* ###### REDIRECT TO HOME PAGE ###### */
            header("Location: index.php");
        }
        // other wise we set an error!
        else
        {
            $error = 'Incorrect login, try again.';
        }
    }
}
?>
<head>
<style type="text/css">
.loginheader {
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: x-small;
	font-style: normal;
	line-height: 24px;
	font-weight: normal;
	font-variant: normal;
	text-transform: none;
	color: #FFFFFF;
	background-image: url(cat.jpg);
	background-repeat: no-repeat;
	background-position: center top;
	width: 650px;

}
</style>
</head>
<body>

<center>
<div class="loginheader">Login</div>


<table border="1" width="650"><?php
// chekc that the error variable exists, if it does theres an error, so we display it
if(isset($error)) { ?>
  <tr>
    <td style="color: #FF0000"><?php echo $error; ?></td>
  </tr>
<?php
}
// end error display!
?><tr>
    <td height="226">
<center>
	<font face="verdana" size="2">
	If you do not have an account please <A href="register.php">Sign up</A> for free, if you have an account but have
	lost your password then click <a href="#">here</a>.
	<br />
	<br />
	<form action="login.php" method="POST">
	 Username:
<input type="text" name="username" value="Username" onFocus="this.value=''" />
<br />
     Password:
<input type="password" name="password" value="Password" onFocus="this.value=''" />
<br />
<input type="submit" name="submit" value="Login" />
</form>
<Br />
</td>
</tr>
</table>
<?php
include 'footer.php';
echo '<br><br><br>';
include 'poweredby.php';
?>
</center>
Also I have set the cookie to expire after 12hours have passed, with this:
setcookie("username", $user['username'], time()+43200);
Have a read of the comments within the code to see whats going on.

#8 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 24 July 2006 - 11:50 AM

thanks wildteen, your code works wonderfully!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users