logank9 Posted August 17, 2009 Share Posted August 17, 2009 Alright, so I'm trying to create a login system for the first time on my website, and I am running into difficulties. <?php ob_start(); $uguess = $_GET['user']; $pguess = $_GET['pass']; $filename = "upass.txt"; $fp = @fopen($filename, 'r'); if ($fp) { $fcontent = fread($fp, filesize($filename)); } list($user,$pass) = explode(":",$fcontent); if($user==$uguess && $pass==$pguess) { setcookie('logank9.com',$pguess,time()+(3600*24)); echo "<center>Correct password.</center>"; echo $_COOKIE['logank9.com']; // PRINTS NOTHING??? } else { echo "<center>Wrong password.</center>"; } echo "<br><br><a href='home'><center>Click here if your browser does not redirect you.</center></a>"; echo "<meta http-equiv='refresh' content='4;url=home'>"; ?> Here's what it does: it reads in a file only the server has access to, and then it simply checks what the user typed with that file. I'm having quite a bit of trouble with cookies. When I call "setcookie", and then try to print out the value of the cookie, nothing happens. I've even tried putting an actual string in such as "thisisastring". I have a sneaking suspicion that it has something to do with ob_start() but it doesn't work if that line isn't there. Sorry if this is a simple mistake. Quote Link to comment https://forums.phpfreaks.com/topic/170634-problems-with-cookies/ Share on other sites More sharing options...
JonnoTheDev Posted August 17, 2009 Share Posted August 17, 2009 Problems with this code 1. Passing the username & password through the url is insane $uguess = $_GET['user']; $pguess = $_GET['pass']; 2. The text file looks to be in the same directory as your script as there is no path. If this in in your web root then anyone can view it i.e. http://abc.com/upass.txt $filename = "upass.txt"; Also you are surpressing errors when the file is read. Is the file being read at all? $fp = @fopen($filename, 'r'); 3. Why are you using a cookie for login rather than a session? Also storing passwords in cookies is insane as they are clear text files. Trojans, worms, computer users etc could read this. setcookie('logank9.com',$pguess,time()+(3600*24)); 4. For user redirection you should use the header() function. Not meta refresh header("Location:index.php"); Use sessions as opposed to cookies, use POST not GET for input fields, move the password file outside of the web document root and debug your code i.e. Check the file is being read. Check the username, password are being compared against the data, check a session is set. Echo data to the screen so you can see what is being used. Quote Link to comment https://forums.phpfreaks.com/topic/170634-problems-with-cookies/#findComment-900049 Share on other sites More sharing options...
logank9 Posted August 17, 2009 Author Share Posted August 17, 2009 (Sorry for the late reply) I tried correcting my code to everything you said, and debugged it. With sessions it worked a little better, but still the same major problem. This is what I did: session_start(); $_SESSION['test'] = "hi"; echo $_SESSION['test']; ^I did that in one page, and it prints "hi" Then in a different page I do: echo $_SESSION['test']; This prints nothing. Quote Link to comment https://forums.phpfreaks.com/topic/170634-problems-with-cookies/#findComment-900463 Share on other sites More sharing options...
JonnoTheDev Posted August 18, 2009 Share Posted August 18, 2009 This must be at the top of all pages using sessions. i.e. place in a common include session_start(); http://www.sitepoint.com/article/users-php-sessions-mysql/ Quote Link to comment https://forums.phpfreaks.com/topic/170634-problems-with-cookies/#findComment-900763 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.