tags:

views:

38

answers:

4
Q: 

Check session and cookie not working in PHP

I have this code that makes sure your are logged in, and then making sure you are on the right page by checking a cookie set at login. This code works on a page in a directory underneath the login in script, however in a page in a directory below that it always takes you to accessdenied. Any ideas?

<?php

session_start();

if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
    header("location: http://mywebsite.com/member/accessdenied.html");
    exit();
}


 $_COOKIE["verify"] = $verify;
 if( $verify != file_get_contents("name.txt")) { 
  header("location: http://mywebsite.com/member/accessdenied.html");
 } else {  }

 ?>

And it seems like just the bottom part, the part that checks the cookie, isn't working. Again, any ideas?

+4  A: 

I think you have your cookie assignment backwards:

$_COOKIE["verify"] = $verify;

Should be

$verify = $_COOKIE["verify"];

And that should be:

$verify = isset($_COOKIE["verify"])?$_COOKIE["verify"]:false;

As if the cookie was not previously set, well it would give a notice error.

Brad F Jacobs  2010-07-27 15:38:52
I tried this, however it still came up to accessdenied, and I checked the cookie was set at login.
Tony C  2010-07-27 15:52:20
Then I would try some debugging methods. IE: Echo out the file and echo out the cookie, make sure they are the same etc. And make sure the expected results are getting populated properly.
Brad F Jacobs  2010-07-27 15:59:23
A: 

are you sure you always get the content from file_get_contents? I could imagine it's found in one directory but not in the other!

Nicolas78  2010-07-27 15:41:44
yes, there is a copy of name.txt in both directories, thanks for the help though.
Tony C  2010-07-27 15:45:41
A: 

antoher idea: cookies can be set to be relevant for a particular directory only. I just realize, what we're missing here, is the part where you set the cookie in the first place.

Nicolas78  2010-07-27 16:30:02
+1  A:  
<?php

 $verify = $_COOKIE["verify"];

 if( $verify == file_get_contents("name.txt")) { 
     echo $verify . 'is equal to the content of name.txt'
 } else {  
     echo $verify . 'is NOT equal to the content of name.txt'
 }

 ?>

Try debugging the code with this. See if the content of your variable is what you want. But I find it unusual that a variable would be a file.

Anraiki  2010-07-27 16:30:48

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases