RMorrison Posted March 7, 2017 Share Posted March 7, 2017 I made a login for my site, and when testing it, I found that either the cookie is not setting or it is unsetting right after. Code which handles login: if (isset($_POST['login'])) { $submitted_username = request_var('username', false); $submitted_password = request_var('password', false); if (!$submitted_username || !$submitted_password) { $template_file = "user_login.html"; $template->assign_var('ERROR', 1); $template->assign_var('MESSAGE', 'Error: Username or Password not supplied.'); break; } $user_info = $user->user_login($submitted_username, $submitted_password); if ($user_info) { $sess_id = unique_id(); setcookie('hs_user_sess', $sess_id, time()+(86400*30)); //Set cookie for 30 days to auto login. $session_info = array( 'user_id' => $user_info['user_id'], 'uniq_id' => $sess_id ); $query = $db->build_query('insert', SESSION_TABLE, $session_info); if ($db->query($query)) { $template_file = "user_message.html"; $template->assign_var('ERROR', 0); $template->assign_var('MESSAGE', 'Success. User Logged in'); } else { $template_file = "user_message.html"; $template->assign_var('ERROR', 1); $template->assign_var('MESSAGE', 'Error: Unable to save session information'); setcookie('hs_user_sess', '', time()-3600); break; } $userinfo = $user->get_user('session', $sess_id); if ($userinfo) { //Valid session so lets renew cookie and get info from database setcookie('hs_user_sess', $session, time() + (86400*30)); $permissions = $user->get_permissions($userinfo['user_id']); $userinfo['permissions'] = $permissions; $userinfo['logged_in'] = 1; $user->user_info = $userinfo; } } else { $template_file = "user_login.html"; $template->assign_var('ERROR', 1); $template->assign_var('MESSAGE', 'Error: Incorrect Username/Password combination'); } } Code which grabs info from database at start if the cookie exists: if (isset($_COOKIE['hs_user_sess'])){ $session = $db->clean($_COOKIE['hs_user_sess']); $userinfo = $user->get_user('session', $session); if ($userinfo) { //Valid session so lets renew cookie and get info from database setcookie('hs_user_sess', $session, time()+(86400*30)); $permissions = $user->get_permissions($userinfo['user_id']); $userinfo['permissions'] = $permissions; $userinfo['logged_in'] = true; $user->user_info = $userinfo; } else { //Not valid session so lets remove cookie setcookie('hs_user_sess', '', time() - 3600); }} I wholly expect this to be some silly error on my part as I wrote this while at work earlier today and i'm tired and can't for the life of me work it out now. Thanks in advance. Quote Link to comment https://forums.phpfreaks.com/topic/303386-cookie-issue/ Share on other sites More sharing options...
Mlaaa Posted March 7, 2017 Share Posted March 7, 2017 Are u using error_reporting(E_ALL); ini_set('error_reporting', 1); var_dump($_COOKIE); And i think that u need to check if user is logged in ( if cookie exists ) before u try to login. Quote Link to comment https://forums.phpfreaks.com/topic/303386-cookie-issue/#findComment-1543895 Share on other sites More sharing options...
Solution mac_gyver Posted March 7, 2017 Solution Share Posted March 7, 2017 the code at the top of your post has - setcookie('hs_user_sess', $session, time() + (86400*30));, but there is no $session variable present in that code, so it would set the cookie to an empty value. also, break; only works for loops and switch statements. it has no affect on if() statements, so in the cases where you have used it in the code above, all the logic is still being executed. if your code testing if the cookie is set is being executed on the same page request where you are setting the cookie, the $_COOKIE variable won't be set until the browser makes a request to the web server after you have set the cookie. Quote Link to comment https://forums.phpfreaks.com/topic/303386-cookie-issue/#findComment-1543896 Share on other sites More sharing options...
RMorrison Posted March 8, 2017 Author Share Posted March 8, 2017 the code at the top of your post has - setcookie('hs_user_sess', $session, time() + (86400*30));, but there is no $session variable present in that code, so it would set the cookie to an empty value. also, break; only works for loops and switch statements. it has no affect on if() statements, so in the cases where you have used it in the code above, all the logic is still being executed. if your code testing if the cookie is set is being executed on the same page request where you are setting the cookie, the $_COOKIE variable won't be set until the browser makes a request to the web server after you have set the cookie. The first line was actually the problem. Should have been $sess_id here. The code supplied was part of a switch statement in this case which is why I had break in there. I also modified the check in common.php not to do the check if the user is mid-login in this case. Quote Link to comment https://forums.phpfreaks.com/topic/303386-cookie-issue/#findComment-1543910 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.