king.oslo Posted November 23, 2009 Share Posted November 23, 2009 Hello, I have a website that sets a cookie when a user visits the website. The cookie holds an ID number that I have decided to refer to Computer Identification Number (CIN) that is unique for every user. The idea is to be able to identify a computer with the CIN even if the IP changes. This is the code I use. What it does is that it first checks whether a visitor is an admin. Every admin pc has the admin cookie called 'admin'. If the user is not an admin, the script checks if cookies of the user is enabled and reloads the page to check. If cookies are on, it checks if the user has been here before, by checking if cookie called tp_visitor is set, if it isnt, the script sets a new tp_visitor. The tp_visitor contains the unique ID number {CIN} ). Each visit, the script writes to a database and logs the CIN, IP and timestamp: <?php $connection = connect(); //CONNECTS TO MYSQL if (empty($_COOKIE['admin']) ) { //COMPUTERS WITH COOKIE: 'ADMIN' ARE ADMINS, AND SHOULD NOT BE COUNTED if (isset($_SERVER['HTTP_REFERER'])) { $ref = $_SERVER['HTTP_REFERER']; } // CHECKS IF USER HAS COOKIE BY FIRST SETTING ONE THEN RELOADING THE SAME PAGE TO CHECK IF THE COOKIE WAS SET if ( ! isset( $_GET['entry'] ) ) { setcookie('enabled', 'test', (time() + (60*60*24*365*5))); header('location: ' . $_SERVER['PHP_SELF'] . '?entry=1&' . SID); } else { //IF COOKIE WAS SET if (!empty($_COOKIE['enabled'])) { //IF COOKIE TP_VISITOR IS NOT SET (THE USER IS HERE FOR THE FIRST TIME) if ( !isset( $_COOKIE['tp_visitor'] ) ) { $new_cin = 'SELECT COUNT(*) FROM kingoslo.cin'; $resultat = mysql_query($new_cin, $connection); $new_cin = mysql_result($resultat,0); $new_cin = $new_cin + 1; setcookie('tp_visitor', $new_cin, (time() +(60*60*24*365*5)) ); $cookie = 'INSERT INTO kingoslo.cinlog (cin, tid, ip, referanse) VALUES ("' . $new_cin . '", "' . time() . '", "' . getenv("REMOTE_ADDR") . '", "' . $ref . '")'; $new_cin = 'INSERT INTO kingoslo.cin (cin, visits, epost) VALUES ("' . $new_cin . '", 0, 0)'; mysql_query($cookie, $connection); mysql_query($new_cin, $connection); } //IF COOKIE TP_VISITOR IS SET (THE USER IS NOT HERE FOR THE FIRST TIME) else { $no_cookie = 'INSERT INTO kingoslo.cinlog (cin, tid, ip, referanse) VALUES ("' . $_COOKIE['tp_visitor'] . '", "' . time() . '", "' . getenv("REMOTE_ADDR") . '", "' . $ref . '")'; mysql_query($no_cookie, $connection); setcookie('tp_visitor', $_COOKIE['tp_visitor'], (time() +(60*60*24*365*5)) ); } } else { //IF COOKIES WAS DISABLED $no_cookie = 'INSERT INTO kingoslo.cinlog (cin, tid, ip, referanse) VALUES ("COOKIE_DISABLED", "' . time() . '", "' . getenv("REMOTE_ADDR") . '", "' . $ref . '")'; mysql_query($no_cookie, $connection); } } } close($connection); //CLOSES CONNECTION ?> Now what is the problem? Well it seems that when I visit this script, it will sometimes create a new CIN and cookie called tp_visitor even if the user has been on the website before! This seems to happen more frequently when I am directed from different sources, i.e. if I am first directed from a link on Google, then type in the URL of the website in the next attempt. I was wondering what this may be the result of. I think it is very strange Thanks, Marius Quote Link to comment https://forums.phpfreaks.com/topic/182655-strange-cookie-problem-setcookie-dependant-on-where-user-was-directed-from/ Share on other sites More sharing options...
PFMaBiSmAd Posted November 23, 2009 Share Posted November 23, 2009 admin pc has the admin cookie called 'admin'Doing this will allow your site to be taken over by a hacker because that is one of the first things they will try (anyone can provide a cookie with any name or value in it when they visit your site.) If someone is an administrator, should only be determined by a value you have assigned to specific usernames on the web server. The setcookie() function contains a DOMAIN parameter. You need to set it to .yourdomain.com (the leading dot should be used) so that all variations of your domain, both with a www. and without a www. will match the cookie. You also need to set the PATH parameter to a / so that cookies set in any path on your site will match all the paths. Ref: http://us.php.net/setcookie Quote Link to comment https://forums.phpfreaks.com/topic/182655-strange-cookie-problem-setcookie-dependant-on-where-user-was-directed-from/#findComment-964029 Share on other sites More sharing options...
king.oslo Posted November 23, 2009 Author Share Posted November 23, 2009 Thanks for that! May I set the same cookie to be used for "domain.com" and "domain.net"? May I use the setcookie domain argument as '.domain.', or something else? Thanks, Marius Quote Link to comment https://forums.phpfreaks.com/topic/182655-strange-cookie-problem-setcookie-dependant-on-where-user-was-directed-from/#findComment-964106 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.