 |  |  |  |  |  |  |  |
PHP and cookies (and milk!) - probably a simple error
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
So I have a simple login + set cookie script. After checking to see if the supplied credentials are in the db, the script sets a cookie. After this, the script forwards the user to a password protected page.
I know the login + cookie placing script works fine. When I try the wrong credentials it fails like it should and when I enter the right credentials it sets a cookie (i can see it in my cookies on my browser).
The problem comes when I try to read the cookies back to make sure a user is credentialed for a certain page.
Here is my cookie-reading part of the script:
And, for reference, this is the cookie placing part of the other script:
What am I doing wrong? Why can't I read the cookies back?
I know the login + cookie placing script works fine. When I try the wrong credentials it fails like it should and when I enter the right credentials it sets a cookie (i can see it in my cookies on my browser).
The problem comes when I try to read the cookies back to make sure a user is credentialed for a certain page.
Here is my cookie-reading part of the script:
PHP Syntax (Toggle Plain Text)
And, for reference, this is the cookie placing part of the other script:
PHP Syntax (Toggle Plain Text)
What am I doing wrong? Why can't I read the cookies back?
•
•
Join Date: Sep 2007
Posts: 1,476
Reputation: 
Solved Threads: 136
Try making this your second page and see if any header errors are reported when the cookies are set.
php Syntax (Toggle Plain Text)
Try not to bump 10 year old threads as it can be really annoying.
Like php then read my website at http://syntax.cwarn23.net/
Star-Trek-Atlantis - now that's what I call a movie ^_^
My favourite PC. - MacGyver Fan
Bad english note: dis-iz-2b4u
Like php then read my website at http://syntax.cwarn23.net/
Star-Trek-Atlantis - now that's what I call a movie ^_^
My favourite PC. - MacGyver Fan
Bad english note: dis-iz-2b4u
Bear in mind that some users may choose to set their browsers to accept or decline cookie requests.
I don't have the whole picture from what you've entered but you may find that $_SESSION variables will do the job for you instead. They have super-global scope.
I don't have the whole picture from what you've entered but you may find that $_SESSION variables will do the job for you instead. They have super-global scope.
•
•
Join Date: Sep 2007
Posts: 1,476
Reputation:
Solved Threads: 136
However sessions also use cookies unless you embed the sesssion id in the url.
Try not to bump 10 year old threads as it can be really annoying.
Like php then read my website at http://syntax.cwarn23.net/
Star-Trek-Atlantis - now that's what I call a movie ^_^
My favourite PC. - MacGyver Fan
Bad english note: dis-iz-2b4u
Like php then read my website at http://syntax.cwarn23.net/
Star-Trek-Atlantis - now that's what I call a movie ^_^
My favourite PC. - MacGyver Fan
Bad english note: dis-iz-2b4u
•
•
Join Date: Sep 2009
Posts: 79
Reputation:
Solved Threads: 5
Junior Poster in Training
I would use sessions instead actually, they are more secure as cookies in my opinion, you can read all data cookies send in your browser, but sessions are a bit harder to read becuase they are encoded. They are actually encoded cookies, ...
Last edited by Kruptein; Sep 28th, 2009 at 6:39 am.
•
•
Join Date: Sep 2007
Posts: 1,476
Reputation:
Solved Threads: 136
•
•
•
•
Originally Posted by Kruptein 
I would use sessions instead actually, they are more secure as cookies in my opinion, you can read all data cookies send in your browser, but sessions are a bit harder to read becuase they are encoded. They are actually encoded cookies, ...
Try not to bump 10 year old threads as it can be really annoying.
Like php then read my website at http://syntax.cwarn23.net/
Star-Trek-Atlantis - now that's what I call a movie ^_^
My favourite PC. - MacGyver Fan
Bad english note: dis-iz-2b4u
Like php then read my website at http://syntax.cwarn23.net/
Star-Trek-Atlantis - now that's what I call a movie ^_^
My favourite PC. - MacGyver Fan
Bad english note: dis-iz-2b4u
•
•
Join Date: Apr 2009
Posts: 59
Reputation:
Solved Threads: 1
Junior Poster in Training
So in your connect.php script, after your query, put something like:
Then in your login script, replace
With
Then in your logout script unset the session.
php Syntax (Toggle Plain Text)
php Syntax (Toggle Plain Text)
php Syntax (Toggle Plain Text)
•
•
Join Date: Sep 2007
Posts: 1,476
Reputation:
Solved Threads: 136
•
•
•
•
Originally Posted by Tekkno
So in your connect.php script, after your query, put something like:
Then in your login script, replacephp Syntax (Toggle Plain Text)
Withphp Syntax (Toggle Plain Text)
Then in your logout script unset the session.php Syntax (Toggle Plain Text)
$_POST['pass'] . After that has been validated set $_SESSION['user'] to the username. Then to check if the person is logged in use if(isset($_SESSION['user'])) . But never store a password or even a hashed password in a session or cookie even though sessions are server side. It's just good practice. Try not to bump 10 year old threads as it can be really annoying.
Like php then read my website at http://syntax.cwarn23.net/
Star-Trek-Atlantis - now that's what I call a movie ^_^
My favourite PC. - MacGyver Fan
Bad english note: dis-iz-2b4u
Like php then read my website at http://syntax.cwarn23.net/
Star-Trek-Atlantis - now that's what I call a movie ^_^
My favourite PC. - MacGyver Fan
Bad english note: dis-iz-2b4u
I'd md5 the username and password (creating a 'key'), or hash the user email, and store that in the session instead of 1 using an unsecured cookie, or 2, using an unsecured username and password.
Beware that this method is very insecure and allows for SQL injection hacks. Run a mysql_real_escape on the query, or use the mysqli prepared statements feature to prevent this.
Beware that this method is very insecure and allows for SQL injection hacks. Run a mysql_real_escape on the query, or use the mysqli prepared statements feature to prevent this.
CodeJoust! Design + Development - Proud User of Ubuntu
|
Similar Threads
- MY PHP MySQL Function keeps returning error message: "Database Query Failed" (PHP)
- Simple PHP Regex Question! (PHP)
- PHP Mail Error...Help!!!!! (PHP)
- PHP Cookies Tutorial (PHP)
- PHP Cookies Tutorial (PHP)
- PHP cookies (PHP)
- PHP e-mail SMTP error ??? (PHP)
- Can't get PHP to run ! Please help! (PHP)
Other Threads in the PHP Forum
- Previous Thread: Add images in the PDF file using PHP
- Next Thread: help executing a .wav file with php code
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
ajax apache api array beginner binary body broken buttons cakephp checkbox class cms code cron curl database date date/time display dynamic ebooks echo email error file files folder form forms function functions google href htaccess html image include insert integration ip java javascript joomla limit link list login mail mediawiki menu mlm multiple mycodeisbad mysql number oop paypal pdf php phpincludeissue phpmyadmin problem query radio random recursion regex remote script search seo server sessions sms soap source sp space speed sql subdomain syntax system table tag tutorial update upload url validator variable vbulletin video web webdesign websphere white xml youtube
