tags:

views:

590

answers:

4
+4  Q: 

Cookies are Not Being Set Properly in PHP Script

Im very new in php and try to use cookie but it is not woking in my site, can anyone guide me please , what is going wrong in my code:

<?php
session_start();
?>
<script>
function Redirect(url)
{
 location.href = url;
}

</script>
<?php 

define('_VALID_ACCESS', true);
include_once "includes/connect.php";
include_once "includes/login.php";


if(empty($_POST['loginname']) || empty($_POST['password']))
{
    $msg = "User or password is empty";
}
else
{
    if(login($_POST['loginname'], $_POST['password']) == true)
    {
     $usern = $_POST['loginname'];
     session_register('loginname');
     $loginname = $usern;  
     sleep(1);
      if(activestatus($_POST['loginname'], $_POST['password']) == true)
      {
      $usern = $_POST['loginname'];
      session_register('loginname');
      $loginname = $usern;  
      sleep(1);

      $hour = time() + 3600;
      setcookie("ID_my_site", $_POST['loginname'], $hour);
      setcookie("Key_my_site", $_POST['password'], $hour); 
      $test = $_COOKIE["ID_my_site"];
      $msg = "<script> Redirect ('home.html?testname=".$test."')</script>"; 
       //header("Location: home.html"); 
      }
      else
      {
      $msg = "<script> Redirect ('valid.php?testname=".$usern."')</script>"; 
      }

    }
    else
    {
     $msg = "<font color=red>User or Password is wrong</font>";
    }
}
echo '<div id="divTarget">' . $msg . '</div>'; 
?>
  <link rel="stylesheet" href="css/blueprint/screen.css" type="text/css" media="screen, projection">
  <link rel="stylesheet" href="css/blueprint/print.css" type="text/css" media="print">
  <link rel="stylesheet" href="css/blueprint/ie.css" type="text/css" media="screen, projection">  
 <body>
 <div class="container" id="login_container">
<form id="login" action="action.php" method="post" name="loginform" >
    <fieldset id="login_screen"  style="width:350px">
     <label id="login_label" for="login">User Login </label> 
        <br><br>
     <label for="login">Email Address</label>
     <input type="text" name="loginname" id="loginname" value="[email protected]">    
     <p id="space"><label for="password">Password</label>
     <input type="password" id="password" name="password"  value="********" ></p>
     <input type="checkbox">Keep me signed in until i signout
     <p id="test"><input type="submit" value="Submit"></p>
     <a href="forgetpassword.html">Forgot
     your password</a>&nbsp;&nbsp;|<span id="free">Not a member?</span><a href="regForm.html">Sign up</a><blink><span id="free">Free</span></blink> 
     </p>
    </fieldset>
</form> </div>
</body>
+2  A: 

1st you don't need session_register, you can just do.

Since session_register is the preferred method since 4.1.0 and deprecated as of PHP 5.3

$_SESSION["loginname"] = $_POST["loginname"]

2nd if you are going to use sessions, your flow could be better, since this does not work.

$_SESSION["foo"] = 1;
header("Location: stuff.php");

Then you can't view the session data in stuff.php. You could either send the user to the main page, and do the authentication there, and if it passes then you just continue on with the loading of the main page, and if it doesn't, then you send the user back to the login page like this.

if($_SESSION["authenticated"] == 0)
{
    header("Location: login.php");
    die();
}
Ólafur Waage  2009-05-13 10:19:19
Thanks im just starting in the learning phase.
jazzrai  2009-05-13 10:21:20
Why wouldn't stuff.php be able to view the session data? I assume you mean logically he doesn't want stuff.php to be able to access the session data rather than the the setting of the session variable "foo" value would not be visible in stuff.php?
Steve Claridge  2009-05-13 10:37:35
If you do a HTTP header redirect the session data isn't written to the server. Unless you specifically tell it to be written to the server with something like session_write_close() http://is.php.net/manual/en/function.session-write-close.php
Ólafur Waage  2009-05-13 10:57:54
That's absolutely untrue.
TML  2009-05-19 01:24:02
+1  A: 

Try this (specifying the root of your site) :

setcookie("ID_my_site", $_POST['loginname'], $hour,'/');

or try this (adding quotes to your loginname) :

setcookie("ID_my_site", "$_POST['loginname']", $hour,'/');
Chris Murray  2009-05-19 01:31:37
+4  A: 

Turn on display_errors and set your error_reporting to E_ALL and you should see an error message about 'headers already sent' - you have to call setcookie() BEFORE ANY HTML IS SENT. From php.net/setcookie:

setcookie() defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including and tags as well as any whitespace.

In the code block that you posted this bit:

<script>
function Redirect(url)
{
 location.href = url;
}

</script>

Is being output directly to the browser well before you ever attempt to set the cookies.

Your two possibilities would be to use output buffering so that you output everything at the very end or to switch to a method where all of your processing code is executed first in one script and there you set $_SESSION and cookie values and then include a second script at the tail end of the first that contains the code to be output to the browser.

TML  2009-05-19 02:15:24
+1  A: 

Also you should not be storing a password is cookie data -- this is a big security No-No!!!

If you want to do something like that set a unique - random - identifier that changes when they login and use that instead (you should still MD5 it)

 2009-05-31 23:11:57

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases