Jump to content

doesnt set cookie?


localhost

Recommended Posts

for some reason, i was switching my system from sessions to cookies, and well, my login will not set the cookie, therefore the site thinks you are not logged in messing up alot of things.

if you can think of anything, please let me know.

code:
[code]
<?php
# ini_set('error_reporting', E_ALL);
?><head>
<style type="text/css">
<!--
.loginheader {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: x-small;
font-style: normal;
line-height: 24px;
font-weight: normal;
font-variant: normal;
text-transform: none;
color: #FFFFFF;
background-image: url(cat.jpg);
background-repeat: no-repeat;
background-position: center top;
width: 650px;

}
</style>
</head>

<?php

$where = $_SERVER['HTTP_REFERER'];

include('inc/connect.php');
include('inc/class_core.php');
include('inc/config.php');

$login = $_COOKIE['username'];

/* ######## IF ALREADY LOGGED IN REDIRECT TO HOME ######## */
if($login)
{
echo "<script>window.location=\"index.php\"</script>";
}

if ($_POST['username']) {
$username=$_POST['username'];
$password=$core->encrypt($_POST['password']);
if ($password==NULL) {
echo "<font face='verdana' size='2'>No password given.";
}else{
$query = mysql_query("SELECT username,password FROM {$TABLE_PREFIX}_users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($query);
if($data['password'] != $password) {
echo "Incorrect login, try again.";
}else{
$query = mysql_query("SELECT username,password FROM {$TABLE_PREFIX}_users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$value = $row['username'];

/* ###### SET THE COOKIE TITLED TO THE USERNAME THEY LOGGED IN AS ###### */
setcookie("username", $value, -1);

/* ###### REDIRECT TO HOME PAGE ###### */
echo "<script>
window.location=\"index.php\"
</script>";
}
}
}
?>

<center>
<div class="loginheader">Login</div>


<table border="1" width="650">
  <tr>
    <td height="226">
<Center>
<font face="verdana" size="2">
If you do not have an account please <A href="register.php">Sign up</A> for free, if you have an account but have
lost your password then click <a href="#">here</a>.
<br />
<br />
<form action="login.php" method="POST">
Username:
<input type="text" name="username" value="Username" onFocus="this.value=''" />
<br />
    Password:
<input type="password" name="password" value="Password" onFocus="this.value=''" />
<br />
<input type="submit" name="submit" value="Login" />
</form>
<Br />
</td>
</tr>
</table>
<?php
include('footer.php');
echo "<br><br><br>";
include('poweredby.php');
?>
</center>
[/code]
Link to comment
Share on other sites

Quite simply you have set the expire time on your cookie to -1 second ergo the cookie will be deleted immediately...

set it to something useful like 3600 * 24 * 28 (4 weeks).

PS This is my take on cookies --- i have seen many people use set cokkie several times in one script asigining new cookie name each time. I personnally only ever set one cookie (if at all) and use a delimiter to separate the value. This means only one cookie header is sent and all the information is still available.

I have never looked at the efficiency of multiple cookies versus delimited ones - hopefully someone will add their comment and the matter.
Link to comment
Share on other sites

1st) To set up cookie you have to do in a header, before ANY HTML CODE !!!
that PHP code where you are setting cookies have to be where you have
# ini_set('error_reporting', E_ALL);

2st) If you cannot move this code you have to use : Output Buffering

try to find some tutorials about ob_start(); ob_flush(); ob_end_flush();

It will definetly help you...
Link to comment
Share on other sites

localhost you dont actually need your PHP within the HTML Code. You should move your PHP code above your html code. Otherwise you wont be able to set a cookie. You cannot use header/setcookie when your have already sent html code to the browser. You should always process your PHP code, before any HTML code is sent to the browser.

Also teh way you are checking the username/password is an ineffeciant way of doing it. You should select both the username and password within your SQL Query. MySQL will then check whether the password matches the password within the database for the username specified.

Also rather than echoing your errors, you should setup an error var, which will store your errors. Then when you goto show the login form, you should check whether there is any errors, if there are display them.

This is a much more better cleaner way of doing what you want to do. Here is your new code:
[code]<?php
// process PHP before HTML, after HTML has been sent

$where = $_SERVER['HTTP_REFERER'];

include 'inc/connect.php';
include 'inc/class_core.php';
include 'inc/config.php';

// chekc the user isn't logged in first
if(isset($_COOKIE['username']))
{
    // if they are we'll redirect them
    header('Location: index.php');
}
// if they arent logged in, we'll now attempt to log them in
elseif (isset($_POST['username']))
{
    // check password has been filled in
    if (empty($_POST['password']))
    {
        // if it is, set the error
        $error = 'No password given';
    }
    else
    {
        // prepare the username and passwoprd
        // use mysql_real_escape_string to prevent SQL Injection attacks!
        $username = mysql_real_escape_string($_POST['username']);
        $password = $core->encrypt($_POST['password']);

        // Prepare our query
        $sql = "SELECT username, `password` FROM {$TABLE_PREFIX}_users WHERE username = '$username' AND `password`= '$password'";
        $result = mysql_query($sql) or die(mysql_error());

        // now check that MySQL return only 1 result
        // if it did, we set the cookie and redirect the user
        if(mysql_num_rows($result) == 1)
        {
            $user = mysql_fetch_assoc($result);
            /* SET THE COOKIE TITLED TO THE USERNAME THEY LOGGED IN AS */
            setcookie("username", $user['username'], time()+43200);

            /* ###### REDIRECT TO HOME PAGE ###### */
            header("Location: index.php");
        }
        // other wise we set an error!
        else
        {
            $error = 'Incorrect login, try again.';
        }
    }
}
?>
<head>
<style type="text/css">
.loginheader {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: x-small;
font-style: normal;
line-height: 24px;
font-weight: normal;
font-variant: normal;
text-transform: none;
color: #FFFFFF;
background-image: url(cat.jpg);
background-repeat: no-repeat;
background-position: center top;
width: 650px;

}
</style>
</head>
<body>

<center>
<div class="loginheader">Login</div>


<table border="1" width="650"><?php
// chekc that the error variable exists, if it does theres an error, so we display it
if(isset($error)) { ?>
  <tr>
    <td style="color: #FF0000"><?php echo $error; ?></td>
  </tr>
<?php
}
// end error display!
?><tr>
    <td height="226">
<center>
<font face="verdana" size="2">
If you do not have an account please <A href="register.php">Sign up</A> for free, if you have an account but have
lost your password then click <a href="#">here</a>.
<br />
<br />
<form action="login.php" method="POST">
Username:
<input type="text" name="username" value="Username" onFocus="this.value=''" />
<br />
    Password:
<input type="password" name="password" value="Password" onFocus="this.value=''" />
<br />
<input type="submit" name="submit" value="Login" />
</form>
<Br />
</td>
</tr>
</table>
<?php
include 'footer.php';
echo '<br><br><br>';
include 'poweredby.php';
?>
</center>[/code]
Also I have set the cookie to expire after 12hours have passed, with this:
[code]setcookie("username", $user['username'], time()+43200);[/code]
Have a read of the comments within the code to see whats going on.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.