COOKIE Problem

[JellyFishBoy]

Hello,

 

I am new to this forum and joined in hope I could get some help in relation to some PHP problems I have stumbled across within my work. I am currently working on an online store I am building from scratch. I have already built the basic system behind it and am now starting to implement a more user friendly design to it with JS validation, stylesheets and imaging layout.

 

I have however come across a COOKIE problem with my login script. The purpose behind it is to only allow users into an area if they have logged in and declared cookies. I declare the cookies with 'setcookie()' then try and retrieve them with '$_COOKIE['firstname'];'.

 

However since implementing my new design layout it has stopped being able to retrieve the cookies. Here is some of the script. I would greatly appreciate any help given ...

 

Login.php

<?php
//Validating input details and executing mysql query
if ($username && $pass)
{
mysql_connect("$dhost","$dname","$dpass"); //Connection to mysql server
@mysql_select_db("$dbase") or die ("Unable To Select Database!"); //Connection to stated database
$query = "SELECT firstname, lastname, username FROM userdata WHERE password=SHA('$pass')"; //Retrieves firstname and lastname for username and password combination
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result,MYSQL_NUM); //Return a record, if applicable
if ($row) {
setcookie('firstname', $row[0], time()+3600);
setcookie('lastname', $row[1], time()+3600);
setcookie('username', $row[2], time()+3600); //Set the cookies
echo "<p class='Body-error-P'><span class='Body-text-T'>Login successful. If you are not redirected in 15 seconds click <A HREF='./index.php'>here</A></span></p>";
print "<meta HTTP-EQUIV='REFRESH' content='5 url=./index.php'>";
} else { //no record matched the query
echo "<p class='Body-error-P'><span class='Body-text-T'>The username and password you entered are not valid.</span></p>";
}
mysql_close(); //close database connection
}
}

 

Index.php

<?php
include_once ("config.php");
if(isset($_COOKIE['firstname'])) //if not cookie present, redirect the user
{
echo "<p class='Body-text-P'><span class='Body-text2-T'>You are now logged in, <b>".$_COOKIE['firstname'].' '.$_COOKIE['firstname']."</b></span</p>";
} else {
echo '<p class="Body-text-P"><span class="Body-text-T">You are not logged in at this current time. Please login or register.</span</p>';
}
?>

Let me know if you need anymore coding...

[beegro]

Are the "login.php" and "index.php" scripts in the same directory? 

[JellyFishBoy]

Yes they are.

 

Here is the login.php full script: http://pastebin.com/L639gFRC

 

Here is the index.php: http://pastebin.com/fwQ9rctk

[beegro]

Ah yes, the culprit is that you are trying to set cookies after you've already sent some HTML out to the browser.  Setting cookies, headers and session information all needs to be done before anything is outputted to the browser.  So, you'd have to move your PHP code to the top of your script for it to work. 

[JellyFishBoy]

Ok. Changed the login php to put the setcookie at the top of the script

 

login.php : http://pastebin.com/08wJMqWE

 

And also changed index.php to retrieve the cookies at the top of the page

 

index.php: http://pastebin.com/fwrTViJG

 

Still no luck

[beegro]

Are you getting a successful redirect?  I guess I should say, is this line getting echoed to the screen?

 

print "<meta HTTP-EQUIV='REFRESH' content='5 url=./index.php'>";

[JellyFishBoy]

Yes that line is displaying upon pressing the 'Login' button.

[beegro]

Great.  That means the cookies are being set properly or you should get error messages.  As a matter of fact, you should be able to see your cookies in Firefox by right clicking somewhere on the page and selecting "View Page Info" from the menu.  Then click the "Security" menu option on the top folowed by the "View Cookies" button.  This will show you the cookies that are available to scripts on the site.  You should see your domain on the left and "firstname" and "lastname" on the right.  Click on those elements and you can see all the information about the cookie. 

 

Can you see your cookies in Firefox?

[JellyFishBoy]

Hhmmm. When I look for cookies on Firefox it states on both login.php (before it redirects) and index.php...

 

Is this website storing any information (cookies) on my computer? No.

 

:S

 

Must be something with the cookie declaration then?

[beegro]

Hmmm, you should get an error from php if the cookie is unable to be set.  Is error reporting turned on?  I'm going to load these on my machine and check it out. 

[JellyFishBoy]

Just initiated PHP Error handling on my server. Get this message:

 

Warning: Cannot modify header information - headers already sent by (output started at /home/e-smith/files/ibays/Primary/html/secure/login.php:1) in /home/e-smith/files/ibays/Primary/html/secure/login.php on line 34

 

Maybe I need to put the PHP script with setcookies() within the <head> tags?

[Pikachu2000]

You should be developing with error_reporting = -1 and display_error = On in your php.ini file. If you don't have access to make those changes, paste this in to your script immediately after the opening <?php tag to enable it for that script.

error_reporting(-1);
ini_set('display_errors', 1);

[beegro]

This means that somewhere on your script something outputted data to the browser.  What's on line 34?

[JellyFishBoy]

Line 34 - 36:

 

setcookie('firstname', $row[0], time()+1800, '/', '', 0);

setcookie('lastname', $row[1], time()+1800, '/', '', 0);

setcookie('username', $row[2], time()+1800, '/', '', 0); //Set the cookies

[beegro]

There are a few lines of code that can echo stuff out to the browser:

 

echo "<p class='Body-error-P'><span class='Body-text-T'>You forgot to enter your username.</span></p>";

 

and

 

echo "<p class='Body-error2-P'><span class='Body-text-T'>You forgot to enter your password.</span></p>";

 

assuming they aren't actually being executed because you properly passed _POST['username'] and _POST['pass'], is there any other place that sends session, cookie, header or output information to the browsers?  The error message is saying something else was outputted to the browser already and cookies have to be first.  Make sure that your opening php tag "<?php" is on the first line of the script too.

[Pikachu2000]

output started at /home/e-smith/files/ibays/Primary/html/secure/login.php:1

[JellyFishBoy]

I cant see anything. Only thing before the cookies is field validation and calling the config.php file.

 

Here is the coding at the top of the page...

 

<?php
include_once ("config.php");
if(isset($_POST['submitl']))
{
//Validate username input
if (!empty($_POST['username']))
{
   $username = stripslashes($_POST['username']);
} else {
   $username = NULL;
echo "<p class='Body-error-P'><span class='Body-text-T'>You forgot to enter your username.</span></p>";
}
//Validate password input
if (!empty($_POST['pass']))
{
    $pass = stripslashes($_POST['pass']);
} else {
    $pass = NULL;
echo "<p class='Body-error2-P'><span class='Body-text-T'>You forgot to enter your password.</span></p>";
}
//Validating input details and executing mysql query
if ($username && $pass)
{
mysql_connect("$dhost","$dname","$dpass"); //Connection to mysql server
@mysql_select_db("$dbase") or die ("Unable To Select Database!"); //Connection to stated database
$query = "SELECT firstname, lastname, username FROM userdata WHERE password=SHA('$pass')"; //Retrieves firstname and lastname for username and password combination
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM); //Return a record, if applicable
if ($row) {
//$num = mysql_num_rows ($result);
//if($num > 0)
//{
$row = mysql_fetch_array ($result, MYSQL_ASSOC);
setcookie('firstname', $row[0], time()+1800, '/', '', 0);
setcookie('lastname', $row[1], time()+1800, '/', '', 0);
setcookie('username', $row[2], time()+1800, '/', '', 0); //Set the cookies
echo "<p class='Body-error-P'><span class='Body-text-T'>Login successful. If you are not redirected in 15 seconds click <A HREF='./index.php'>here</A></span></p>";
print "<meta HTTP-EQUIV='REFRESH' content='5 url=./index.php'>";
} else { //no record matched the query
echo "<p class='Body-error-P'><span class='Body-text-T'>The username and password you entered are not valid.</span></p>";
}
mysql_close(); //close database connection
}
}
?>

 

[Pikachu2000]

What editor are you using? It may be saving the file with a BOM (byte order mark) at the beginning.

[JellyFishBoy]

Dreamweaver..

[Pikachu2000]

Not familiar with DW, but double check to make sure there is no whitespace at all before the opening <?php tag, and then have a look at this page regarding how to check whether DW is using a BOM:

http://www.adobe.com/support/documentation/en/dreamweaver/mx2004/dwusing_errata/dwusing_errata2.html

[BlueSkyIS]

I am a Dreamweaver noob, but long-time PHP programmer. I suggest that you finish your design in Dreamweaver and then leave Dreamweaver to program PHP in another editor. Dreamweaver offers too much unwanted "help" for me to get any PHP work done. If you're on a Mac, I recommend BBEdit as an editor. I'm not sure if it's available for Windows or not.

[beegro]

You should be fine in Dreamweaver.  It doesn't add anything to the code as long as you're in the "code" pane which you should be in anyway if you're coding.  Any luck on finding the white space?

[JellyFishBoy]

I just saved in Notepad++ and reloaded the page. It doesn't flag any PHP errors now, but still doesn't input the cookies after checking via Page Info on Firefox... :/

[JellyFishBoy]

jfbsystems.co.uk/secure/login.php is the live page by the way..

[Pikachu2000]

Another problem may lie in the fact that you're using the MYSQL_ASSOC modifier, then attempting to access enumerated array indices, which shouldn't even exist.

$row = mysql_fetch_array ($result, MYSQL_ASSOC);
setcookie('firstname', $row[0], time()+1800, '/', '', 0);
setcookie('lastname', $row[1], time()+1800, '/', '', 0);
setcookie('username', $row[2], time()+1800, '/', '', 0); //Set the cookies