views:

590

answers:

4

Im very new in php and try to use cookie but it is not woking in my site, can anyone guide me please , what is going wrong in my code:

<?php
session_start();
?>
<script>
function Redirect(url)
{
 location.href = url;
}

</script>
<?php 

define('_VALID_ACCESS', true);
include_once "includes/connect.php";
include_once "includes/login.php";


if(empty($_POST['loginname']) || empty($_POST['password']))
{
    $msg = "User or password is empty";
}
else
{
    if(login($_POST['loginname'], $_POST['password']) == true)
    {
     $usern = $_POST['loginname'];
     session_register('loginname');
     $loginname = $usern;  
     sleep(1);
      if(activestatus($_POST['loginname'], $_POST['password']) == true)
      {
      $usern = $_POST['loginname'];
      session_register('loginname');
      $loginname = $usern;  
      sleep(1);

      $hour = time() + 3600;
      setcookie("ID_my_site", $_POST['loginname'], $hour);
      setcookie("Key_my_site", $_POST['password'], $hour); 
      $test = $_COOKIE["ID_my_site"];
      $msg = "<script> Redirect ('home.html?testname=".$test."')</script>"; 
       //header("Location: home.html"); 
      }
      else
      {
      $msg = "<script> Redirect ('valid.php?testname=".$usern."')</script>"; 
      }

    }
    else
    {
     $msg = "<font color=red>User or Password is wrong</font>";
    }
}
echo '<div id="divTarget">' . $msg . '</div>'; 
?>
  <link rel="stylesheet" href="css/blueprint/screen.css" type="text/css" media="screen, projection">
  <link rel="stylesheet" href="css/blueprint/print.css" type="text/css" media="print">
  <link rel="stylesheet" href="css/blueprint/ie.css" type="text/css" media="screen, projection">  
 <body>
 <div class="container" id="login_container">
<form id="login" action="action.php" method="post" name="loginform" >
    <fieldset id="login_screen"  style="width:350px">
     <label id="login_label" for="login">User Login </label> 
        <br><br>
     <label for="login">Email Address</label>
     <input type="text" name="loginname" id="loginname" value="[email protected]">    
     <p id="space"><label for="password">Password</label>
     <input type="password" id="password" name="password"  value="********" ></p>
     <input type="checkbox">Keep me signed in until i signout
     <p id="test"><input type="submit" value="Submit"></p>
     <a href="forgetpassword.html">Forgot
     your password</a>&nbsp;&nbsp;|<span id="free">Not a member?</span><a href="regForm.html">Sign up</a><blink><span id="free">Free</span></blink> 
     </p>
    </fieldset>
</form> </div>
</body>
+2  A: 

1st you don't need session_register, you can just do.

Since session_register is the preferred method since 4.1.0 and deprecated as of PHP 5.3

$_SESSION["loginname"] = $_POST["loginname"]

2nd if you are going to use sessions, your flow could be better, since this does not work.

$_SESSION["foo"] = 1;
header("Location: stuff.php");

Then you can't view the session data in stuff.php. You could either send the user to the main page, and do the authentication there, and if it passes then you just continue on with the loading of the main page, and if it doesn't, then you send the user back to the login page like this.

if($_SESSION["authenticated"] == 0)
{
    header("Location: login.php");
    die();
}
Ólafur Waage
Thanks im just starting in the learning phase.
jazzrai
Why wouldn't stuff.php be able to view the session data? I assume you mean logically he doesn't want stuff.php to be able to access the session data rather than the the setting of the session variable "foo" value would not be visible in stuff.php?
Steve Claridge
If you do a HTTP header redirect the session data isn't written to the server. Unless you specifically tell it to be written to the server with something like session_write_close() http://is.php.net/manual/en/function.session-write-close.php
Ólafur Waage
That's absolutely untrue.
TML
+1  A: 

Try this (specifying the root of your site) :

setcookie("ID_my_site", $_POST['loginname'], $hour,'/');

or try this (adding quotes to your loginname) :

setcookie("ID_my_site", "$_POST['loginname']", $hour,'/');
Chris Murray
+4  A: 

Turn on display_errors and set your error_reporting to E_ALL and you should see an error message about 'headers already sent' - you have to call setcookie() BEFORE ANY HTML IS SENT. From php.net/setcookie:

setcookie() defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including and tags as well as any whitespace.

In the code block that you posted this bit:

<script>
function Redirect(url)
{
 location.href = url;
}

</script>

Is being output directly to the browser well before you ever attempt to set the cookies.

Your two possibilities would be to use output buffering so that you output everything at the very end or to switch to a method where all of your processing code is executed first in one script and there you set $_SESSION and cookie values and then include a second script at the tail end of the first that contains the code to be output to the browser.

TML
+1  A: 

Also you should not be storing a password is cookie data -- this is a big security No-No!!!

If you want to do something like that set a unique - random - identifier that changes when they login and use that instead (you should still MD5 it)