JCS1988 Posted February 9, 2008 Share Posted February 9, 2008 Here I am again, another minor problem I have. My site uses sessions, but I have one particular script that requires a user ID from a cookie called $currentcustomer. I don't have the knowledge to go through and modify the code and use sessions so I figure I'll just set the cookie it wants and be done with it. Here is my script, after logging in the user is taken here to verify the provided login info. Thanks in advance! This is the session it's creating for the customer id, I'd like a cookie version as well, I'm just not sure where to place it and how to call it in properly. $_SESSION['SESS_CUSTOMER_ID']=$customer['customer_id']; Here is the entire page <?php //Start session session_start(); //Connect to mysql server $link=mysql_connect("host","login","password"); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db=mysql_select_db("jcs5325aii_photography"); if(!$db) { die("Unable to select database"); } //Sanitize the value received from login field //to prevent SQL Injection if(!get_magic_quotes_gpc()) { $username=mysql_real_escape_string($_POST['username']); }else { $username=$_POST['username']; } //Create query $qry="SELECT customer_id FROM users WHERE username='$username' AND password='$password'"; $result=mysql_query($qry); $customer_id="SELECT customer_id FROM users WHERE username='$username' AND password='$password'"; //Check whether the query was successful or not if($result) { if(mysql_num_rows($result)>0) { //Login Successful session_regenerate_id(); $customer=mysql_fetch_assoc($result); $_SESSION['SESS_CUSTOMER_ID']=$customer['customer_id']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Quote Link to comment Share on other sites More sharing options...
kratsg Posted February 9, 2008 Share Posted February 9, 2008 setcookie(name, value, expire, path, domain); Put this near the top of your page, just right under the session start, before you send any output. This runs before the headers have been set. All you really need is the name, value, and when it expires in seconds. If you want to block access to your cookie for only your site, use path/domain: The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain . If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain . The default value is the current directory that the cookie is being set in. domain The domain that the cookie is available. To make the cookie available on all subdomains of example.com then you'd set it to '.example.com'. The . is not required but makes it compatible with more browsers. Setting it to www.example.com will make the cookie only available in the www subdomain. Refer to tail matching in the » spec for details. ~PHP.net Quote Link to comment Share on other sites More sharing options...
JCS1988 Posted February 9, 2008 Author Share Posted February 9, 2008 I have the cookies working now, they do show up but the one variable I need isn't displaying properly. Most likely because I have it set wrong, any idea on how I would do something like this? This is the session I am creating: $_SESSION['SESS_CUSTOMER_ID']=$customer['customer_id']; $customer_id = "'$_SESSION['SESS_CUSTOMER_ID']'"; setcookie("currentcustomer", $customer_id, time()+3600); <?php //Start session session_start(); $customer_id = "'$_SESSION['SESS_CUSTOMER_ID']'"; setcookie("currentcustomer", $customer_id, time()+3600); //Connect to mysql server $link=mysql_connect("data.jcs5325.aisites.com","jcs5325aii_pho","203633"); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db=mysql_select_db("jcs5325aii_photography"); if(!$db) { die("Unable to select database"); } //Sanitize the value received from login field //to prevent SQL Injection if(!get_magic_quotes_gpc()) { $username=mysql_real_escape_string($_POST['username']); }else { $username=$_POST['username']; } //Create query $qry="SELECT customer_id FROM users WHERE username='$username' AND password='$password'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result)>0) { //Login Successful session_regenerate_id(); $customer=mysql_fetch_assoc($result); $_SESSION['SESS_CUSTOMER_ID']=$customer['customer_id']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Quote Link to comment Share on other sites More sharing options...
revraz Posted February 9, 2008 Share Posted February 9, 2008 You don't need the singe/double quotes around the session variable $customer_id = $_SESSION['SESS_CUSTOMER_ID']; Quote Link to comment Share on other sites More sharing options...
JCS1988 Posted February 9, 2008 Author Share Posted February 9, 2008 I had figured that wasn't set right, the " and ' are always confusing to me. Now I made the changes but the cookie will not show up using IE or Firefox, although it does work if I add just a regular value to the cookie such as $customer_id = "idValue"; Is this because the session is created AFTER the setcookie function? Here is the code I have now, I added your code in place of mine. But look down where the session is created, does this have something to do with why the cookie wont set? <?php //Start session session_start(); $customer_id = $_SESSION['SESS_CUSTOMER_ID']; setcookie("currentcustomer", $customer_id, time()+3600); //Connect to mysql server $link=mysql_connect("data.jcs5325.aisites.com","jcs5325aii_pho","203633"); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db=mysql_select_db("jcs5325aii_photography"); if(!$db) { die("Unable to select database"); } //Sanitize the value received from login field //to prevent SQL Injection if(!get_magic_quotes_gpc()) { $username=mysql_real_escape_string($_POST['username']); }else { $username=$_POST['username']; } //Create query $qry="SELECT customer_id FROM users WHERE username='$username' AND password='$password'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result)>0) { //Login Successful session_regenerate_id(); $customer=mysql_fetch_assoc($result); $_SESSION['SESS_CUSTOMER_ID']=$customer['customer_id']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.