Renlok Posted December 20, 2006 Share Posted December 20, 2006 ok my login page is sposed to set up two cookie but it only sets up one and ive no idea why.heres the login script if its any help.[code]<?php include("includes/config.inc.php"); // connect to the mysql server $link = mysql_connect($server, $db_user, $db_pass) or die ("Could not connect to mysql because ".mysql_error()); // select the database mysql_select_db($database) or die ("Could not select database because ".mysql_error()); $match = "select id from a_users where nick = '".$_POST['nick']."' and password = '".$_POST['password']."';"; $qry = mysql_query($match) or die ("Could not match data because ".mysql_error()); $num_rows = mysql_num_rows($qry); $username = $_POST['nick']; if($num_rows <= 0){ echo "Sorry, there is no username $username with the specified password.<br>"; echo "<a href=login.php>Try again</a>"; exit; } else { setcookie("loggedin", "TRUE", time()+(3600 * 24)); setcookie("mysite_username", "$username"); echo "You are now logged in!<br>"; echo "Continue to the <a href=my_account.php>members</a> section."; } $TPL_err=0; $TPL_errmsg="";?>[/code]its creates the 'mysite_username' cookie but not the 'loggedin' cookie. Link to comment https://forums.phpfreaks.com/topic/31348-error-with-setting-session-cookies/ Share on other sites More sharing options...
Chronos Posted December 20, 2006 Share Posted December 20, 2006 First off, why should you want to create more then one cookie?You should just create one cookie and insert all the info there. You can use the serialize() and array() fucntions for this. This way you only have to worry about one cookie :)Having said that try this:$exptime = 3600 * 24;setcookie("loggedin", "TRUE", time()+$exptime);Then a little tip about you cookie, you're using a username for validate the user! This is never a good idea because i could just hack the cookie and let it think i'm the admin or something. You should always have something that validates the cookie info against the server.I recommend the following code:$cookiehash = md5($username.$password);This way the hacker you has the cookie could recreate the cookie but could never recreate another user which has more rights! :) Link to comment https://forums.phpfreaks.com/topic/31348-error-with-setting-session-cookies/#findComment-145067 Share on other sites More sharing options...
Renlok Posted December 20, 2006 Author Share Posted December 20, 2006 thanks but once ive run the username and password though md5($username.$password); how can i gat the original enteries back out? Link to comment https://forums.phpfreaks.com/topic/31348-error-with-setting-session-cookies/#findComment-145230 Share on other sites More sharing options...
Chronos Posted December 21, 2006 Share Posted December 21, 2006 Use a code like this:$ret = serialize(array($userid,md5($username.$password)));Use $ret to store the cookie.Now, when trying to determine which user is trying to log on:$a_cookie = unerialize($_COOKIE['whatever']);Now we have:$a_cookie[0] - The user ID, use this to retrieve the username/password from database.$a_cookie[1] - The validation MD5 CodeNow, hash the username/password from the database the same way as you did from the cookie and parse them against eachother! :) Link to comment https://forums.phpfreaks.com/topic/31348-error-with-setting-session-cookies/#findComment-145732 Share on other sites More sharing options...
Renlok Posted December 21, 2006 Author Share Posted December 21, 2006 thanks i tried but its come back with the error [i]'Fatal error: Call to undefined function unerialize() in /home/renlok/public_html/roe/members.php on line 10'[/i]the code it used is[code]<html><head><title>Members' Section</title></head><body><?phpif (!isset($_COOKIE['mysite_username'])) die("You are not logged in!");$logcookie = unerialize($_COOKIE['mysite_username']);$mysite_username = $a_cookie[0];echo "you are logged in as $mysite_username.<p>";echo "this has not been made bare with us, or help us be sending us ideas at [email protected]";?></body></html>[/code] Link to comment https://forums.phpfreaks.com/topic/31348-error-with-setting-session-cookies/#findComment-146061 Share on other sites More sharing options...
Chronos Posted December 22, 2006 Share Posted December 22, 2006 Sorry haha, typo :Punserialize();But, according to this code, i can hack the cookie and put username 'bogus' in it and it will parse as a valid user! Don't forget the security and valditate the cookie.Cookie hacking is one of the most common website hacking methods Link to comment https://forums.phpfreaks.com/topic/31348-error-with-setting-session-cookies/#findComment-146310 Share on other sites More sharing options...
Renlok Posted December 22, 2006 Author Share Posted December 22, 2006 urm now i chenged the spelling of unserialize(); so i now get no errors but it just comes up with $a_cookie[0] and $a_cookie[1] being nothingwhen you reach the page all that shows is:[quote]you are logged in as .this has not been made bare with us, or help us be sending us ideas at [email protected] [/quote] Link to comment https://forums.phpfreaks.com/topic/31348-error-with-setting-session-cookies/#findComment-146362 Share on other sites More sharing options...
Chronos Posted December 22, 2006 Share Posted December 22, 2006 $logcookie = unerialize($_COOKIE['mysite_username']);$mysite_username = $a_cookie[0];You are trying to assign a cookie variable to $mysite_username where none exist.$logcookie containts the cookie information, not a_cookie in your case :) Link to comment https://forums.phpfreaks.com/topic/31348-error-with-setting-session-cookies/#findComment-146363 Share on other sites More sharing options...
Renlok Posted December 22, 2006 Author Share Posted December 22, 2006 cant get it to work, meh i give up. Link to comment https://forums.phpfreaks.com/topic/31348-error-with-setting-session-cookies/#findComment-146377 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.