Jump to content

COOKIE Problem


JellyFishBoy

Recommended Posts

Hello,

 

I am new to this forum and joined in hope I could get some help in relation to some PHP problems I have stumbled across within my work. I am currently working on an online store I am building from scratch. I have already built the basic system behind it and am now starting to implement a more user friendly design to it with JS validation, stylesheets and imaging layout.

 

I have however come across a COOKIE problem with my login script. The purpose behind it is to only allow users into an area if they have logged in and declared cookies. I declare the cookies with 'setcookie()' then try and retrieve them with '$_COOKIE['firstname'];'.

 

However since implementing my new design layout it has stopped being able to retrieve the cookies. Here is some of the script. I would greatly appreciate any help given :) ...

 

Login.php

<?php
//Validating input details and executing mysql query
if ($username && $pass)
{
mysql_connect("$dhost","$dname","$dpass"); //Connection to mysql server
@mysql_select_db("$dbase") or die ("Unable To Select Database!"); //Connection to stated database
$query = "SELECT firstname, lastname, username FROM userdata WHERE password=SHA('$pass')"; //Retrieves firstname and lastname for username and password combination
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result,MYSQL_NUM); //Return a record, if applicable
if ($row) {
setcookie('firstname', $row[0], time()+3600);
setcookie('lastname', $row[1], time()+3600);
setcookie('username', $row[2], time()+3600); //Set the cookies
echo "<p class='Body-error-P'><span class='Body-text-T'>Login successful. If you are not redirected in 15 seconds click <A HREF='./index.php'>here</A></span></p>";
print "<meta HTTP-EQUIV='REFRESH' content='5 url=./index.php'>";
} else { //no record matched the query
echo "<p class='Body-error-P'><span class='Body-text-T'>The username and password you entered are not valid.</span></p>";
}
mysql_close(); //close database connection
}
}

 

Index.php

<?php
include_once ("config.php");
if(isset($_COOKIE['firstname'])) //if not cookie present, redirect the user
{
echo "<p class='Body-text-P'><span class='Body-text2-T'>You are now logged in, <b>".$_COOKIE['firstname'].' '.$_COOKIE['firstname']."</b></span</p>";
} else {
echo '<p class="Body-text-P"><span class="Body-text-T">You are not logged in at this current time. Please login or register.</span</p>';
}
?>

Let me know if you need anymore coding...

Link to comment
Share on other sites

Ah yes, the culprit is that you are trying to set cookies after you've already sent some HTML out to the browser.  Setting cookies, headers and session information all needs to be done before anything is outputted to the browser.  So, you'd have to move your PHP code to the top of your script for it to work. 

Link to comment
Share on other sites

Great.  That means the cookies are being set properly or you should get error messages.  As a matter of fact, you should be able to see your cookies in Firefox by right clicking somewhere on the page and selecting "View Page Info" from the menu.  Then click the "Security" menu option on the top folowed by the "View Cookies" button.  This will show you the cookies that are available to scripts on the site.  You should see your domain on the left and "firstname" and "lastname" on the right.  Click on those elements and you can see all the information about the cookie. 

 

Can you see your cookies in Firefox?

Link to comment
Share on other sites

Just initiated PHP Error handling on my server. Get this message:

 

Warning: Cannot modify header information - headers already sent by (output started at /home/e-smith/files/ibays/Primary/html/secure/login.php:1) in /home/e-smith/files/ibays/Primary/html/secure/login.php on line 34

 

Maybe I need to put the PHP script with setcookies() within the <head> tags?

Link to comment
Share on other sites

You should be developing with error_reporting = -1 and display_error = On in your php.ini file. If you don't have access to make those changes, paste this in to your script immediately after the opening <?php tag to enable it for that script.

error_reporting(-1);
ini_set('display_errors', 1);

Link to comment
Share on other sites

There are a few lines of code that can echo stuff out to the browser:

 

echo "<p class='Body-error-P'><span class='Body-text-T'>You forgot to enter your username.</span></p>";

 

and

 

echo "<p class='Body-error2-P'><span class='Body-text-T'>You forgot to enter your password.</span></p>";

 

assuming they aren't actually being executed because you properly passed _POST['username'] and _POST['pass'], is there any other place that sends session, cookie, header or output information to the browsers?  The error message is saying something else was outputted to the browser already and cookies have to be first.  Make sure that your opening php tag "<?php" is on the first line of the script too.

Link to comment
Share on other sites

I cant see anything. Only thing before the cookies is field validation and calling the config.php file.

 

Here is the coding at the top of the page...

 

<?php
include_once ("config.php");
if(isset($_POST['submitl']))
{
//Validate username input
if (!empty($_POST['username']))
{
   $username = stripslashes($_POST['username']);
} else {
   $username = NULL;
echo "<p class='Body-error-P'><span class='Body-text-T'>You forgot to enter your username.</span></p>";
}
//Validate password input
if (!empty($_POST['pass']))
{
    $pass = stripslashes($_POST['pass']);
} else {
    $pass = NULL;
echo "<p class='Body-error2-P'><span class='Body-text-T'>You forgot to enter your password.</span></p>";
}
//Validating input details and executing mysql query
if ($username && $pass)
{
mysql_connect("$dhost","$dname","$dpass"); //Connection to mysql server
@mysql_select_db("$dbase") or die ("Unable To Select Database!"); //Connection to stated database
$query = "SELECT firstname, lastname, username FROM userdata WHERE password=SHA('$pass')"; //Retrieves firstname and lastname for username and password combination
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM); //Return a record, if applicable
if ($row) {
//$num = mysql_num_rows ($result);
//if($num > 0)
//{
$row = mysql_fetch_array ($result, MYSQL_ASSOC);
setcookie('firstname', $row[0], time()+1800, '/', '', 0);
setcookie('lastname', $row[1], time()+1800, '/', '', 0);
setcookie('username', $row[2], time()+1800, '/', '', 0); //Set the cookies
echo "<p class='Body-error-P'><span class='Body-text-T'>Login successful. If you are not redirected in 15 seconds click <A HREF='./index.php'>here</A></span></p>";
print "<meta HTTP-EQUIV='REFRESH' content='5 url=./index.php'>";
} else { //no record matched the query
echo "<p class='Body-error-P'><span class='Body-text-T'>The username and password you entered are not valid.</span></p>";
}
mysql_close(); //close database connection
}
}
?>

 

Link to comment
Share on other sites

Not familiar with DW, but double check to make sure there is no whitespace at all before the opening <?php tag, and then have a look at this page regarding how to check whether DW is using a BOM:

http://www.adobe.com/support/documentation/en/dreamweaver/mx2004/dwusing_errata/dwusing_errata2.html

Link to comment
Share on other sites

I am a Dreamweaver noob, but long-time PHP programmer. I suggest that you finish your design in Dreamweaver and then leave Dreamweaver to program PHP in another editor. Dreamweaver offers too much unwanted "help" for me to get any PHP work done. If you're on a Mac, I recommend BBEdit as an editor. I'm not sure if it's available for Windows or not.

Link to comment
Share on other sites

Another problem may lie in the fact that you're using the MYSQL_ASSOC modifier, then attempting to access enumerated array indices, which shouldn't even exist.

$row = mysql_fetch_array ($result, MYSQL_ASSOC);
setcookie('firstname', $row[0], time()+1800, '/', '', 0);
setcookie('lastname', $row[1], time()+1800, '/', '', 0);
setcookie('username', $row[2], time()+1800, '/', '', 0); //Set the cookies

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.