PHP - Setcookie For All Subdomains

i have never been able to get this to work but i am at it agian
in this code the php is not making the cookie can any one tell me why



<?php
 function getRandomString($length = 5) {
    $validCharacters = "abcdefghijklmnopqrstuxyvwzABCDEFGHIJKLMNOPQRSTUXYVWZ+-*#&@!?1234567890";
    $validCharNumber = strlen($validCharacters);
 
    $result = "";
 
    for ($i = 0; $i < $length; $i++) {
        $index = mt_rand(0, $validCharNumber - 1);
        $result .= $validCharacters[$index];
    }
 
    return $result;
}
setcookie("code", "getRandomString()", 3600000);
echo getRandomString();
?>

Hi,

I'm working on a mac with MAMP, phpMyadmin. on localhost, also the mysql server is on my localhost.

I've tested in either Safari and Firefox.

I'm trying to set my cookie, and it doesn't work, and pulling my hair out. I'm trying out following script which should work, but it doesn't and it's driving me mad. I wanna check the cookie for when a person is or isn't logged in, so that i can show additional data on the .php page
<html>
<body>
<?php
   $value = "my cookie value";

// send a cookie that expires in 24 hours
setcookie("TestCookie",$value, time()+3600*24);


// Print individual cookies
echo $_COOKIE["TestCookie"];

// Print all cookies
print_r($_COOKIE);
?>

</body>
</html>

For some reason I can not get this to work. Any thoughts?

        if( $row['password'] == $pass && $row['name'] == $user )
        {
          $username = $row['name'];
          $uid = $row['id'];
          setcookie("id", $uid, 1400); //creates the first session var
          setcookie("username", $username, 1400); // second session var
          setcookie("loggedin", "1", 1400);

          echo "<script type=\"text/javascript\">alert(\"".$row['name']."Logged in as ".$_COOKIE['username'].".\"); window.location=\"index.php?OMG=loggedin\"</script>";
        }

I get a message box saying: "[username] Logged in as ."
I've searched php.ini for corrupt cookie settings, nothing unusual.

Good Day,

I'm using the following example script from http://php.net/manual/en/function.session-set-save-handler.php which I have placed in session-handler.php and is included at the top of my index.php file. I have multiple domain names for the same website, so naturally when a person logs into the site, I would like the session to be active across all the domains instead of them having to login again if say they go from mysite.com to mysite2.com.

session-handler.php
<?php

function open($save_path, $session_name)
{
  global $sess_save_path;

  $sess_save_path = $save_path;
  return(true);
}

function close()
{
  return(true);
}

function read($id)
{
  global $sess_save_path;

  $sess_file = "$sess_save_path/sess_$id";
  return (string) @file_get_contents($sess_file);
}

function write($id, $sess_data)
{
  global $sess_save_path;

  $sess_file = "$sess_save_path/sess_$id";
  if ($fp = @fopen($sess_file, "w")) {
    $return = fwrite($fp, $sess_data);
    fclose($fp);
    return $return;
  } else {
    return(false);
  }

}

function destroy($id)
{
  global $sess_save_path;

  $sess_file = "$sess_save_path/sess_$id";
  return(@unlink($sess_file));
}

function gc($maxlifetime)
{
  global $sess_save_path;

  foreach (glob("$sess_save_path/sess_*") as $filename) {
    if (filemtime($filename) + $maxlifetime < time()) {
      @unlink($filename);
    }
  }
  return true;
}

session_set_save_handler("open", "close", "read", "write", "destroy", "gc");

session_start();

?>

The script above doesn't appear to be throwing any errors, and I can login like normal but it doesn't seem to be saving the sessions at all. So I still have to login to each separate domain.

Any ideas?

Thanks,
Ace

Am currently trying to develop a SaaS, where each user gets their own subdomain with their application. Am wondering, though, with installation and subsequent updates: What is the best way to initiate an installation? The project is currently in a git repository. Is it better to simply pull the master branch per installation; or is zipping up the master branch, copying it to the new subdomain, then running the installation a better (secure?) method? What is the best way to initiate an update of code? If using the git repo, hat would deal with updated code, but not updated MySQL tables. Should the user be allowed to choose to update (so much like W$, a popup shows up that says there's an update; user can choose to update or ignore); or should all updates be forced (such as at a certain time)? I haven't seen much online with my searches, but I may be blind at this point. Any thoughts/comments appreciated!  

Hello.

I currently have a site that registered members can login in to and view the member only pages.  Eventually I will  be adding paypal code to purchase products.

I use Session with an IF statement  for all my members pages.  Would it be beneficial at all to have cookies created for the users with setcookie?  Or is this just a security risk waiting to happen?

hello

i use the fallowing code for my login page but it gives me the fallowing error i was wondering what is the problem? (line 179 is the setcookie)
by the way it doesn't set the cookie
any help would be appreciated
error:
Quote

Warning: Cannot modify header information - headers already sent by (output started at /home2/sportsh9/public_html/test/login_acc.php:6) in /home2/sportsh9/public_html/test/login_acc.php on line 179


my code:
                        <?
                        include_once('functions.php');
                        


function cleanQuery($string)
{
  if(get_magic_quotes_gpc())  // prevents duplicate backslashes
  {
    $string = stripslashes($string);
  }
  $badWords = "(delete)|(update)|(union)|(insert)|(drop)|(http)|(--)";
  $string = eregi_replace($badWords, "", $string);
  if (phpversion() >= '4.3.0')
  {
    $string = mysql_real_escape_string($string);
  }
  else
  {
    $string = mysql_escape_string($string);
  }
  return $string;
}

if (isset($_COOKIE['scmuser'])) {
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php\">";
}else{
if ($_POST['username']) {
//did they supply a password and username
$username=cleanQuery($_POST['username']);
$password=cleanQuery($_POST['password']);
if ($password==NULL || $username==NULL) {
?>

<p align="center">
      <font color="#FF0000">Username or password wasn't supplied!</font><form action="login_acc.php" method="POST">
        <table style="border:1px solid #FFFFFF;" width="90%" align="center">
          <tr>
            <td align="center">Username:&nbsp; </td>
            <td align="center">
            <input type="text" size="20" maxlength="25" name="username" /></td>
          </tr>
          <tr>
            <td align="center">Password:&nbsp; </td>
            <td align="center">
            <input type="password" size="20" maxlength="25" name="password" /></td>
          </tr>
          <tr>
            <td align="center" colspan="2">
            <input type="submit" value="Login"/> </td>
          </tr>
          <tr>
            <td align="center" colspan="2">
            <a href="register.php">Register</a> - <a href="forgetpass.php">Forgot Your Password?</a>
            </td>
          </tr>
        </table>
      </form>

<?
}else{

$query = mysql_query("SELECT username,password FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($query);
if($data['password'] != $password) {
?>


<p align="center">
      <font color="#FF0000">The supplied login was incorrect</font><form action="login_acc.php" method="POST">
        <table style="border:1px solid #FFFFFF;" width="90%" align="center">
          <tr>
            <td align="center">Username:&nbsp; </td>
            <td align="center">
            <input type="text" size="20" maxlength="25" name="username" /></td>
          </tr>
          <tr>
            <td align="center">Password:&nbsp; </td>
            <td align="center">
            <input type="password" size="20" maxlength="25" name="password" /></td>
          </tr>
          <tr>
            <td align="center" colspan="2">
            <input type="submit" value="Login"/> </td>
          </tr>
          <tr>
            <td align="center" colspan="2">
            <a href="register.php">Register</a> - <a href="forgetpass.php">Forgot Your Password?</a>
            </td>
          </tr>
        </table>
      </form>


<?
}else{


$query = mysql_query("SELECT username,password FROM users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
setcookie("scmuser", "$username", time()+3600);
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php\">";
}
}
}
}
?>

thank you

when a user logs in the cookie isnt being set. am i doing it wrong?


if(empty($error))
    {
        $query = $link->query("SELECT *
                        FROM ".TBL_PREFIX."users
                        WHERE u_username = '$username'
                        AND u_password = '".asf_hash($password)."'")
                        or die(print_link_error());
        $row = $query->fetchAll();
        $num_rows = $query->rowCount();
        
        if($num_rows == 1)
        {
            if($row[0]['u_confirmed'] == 1)
            {
                setcookie('uid', $row[0]['u_uid'], time() + $session_length); // this cookie isnt being set
                echo 1;
            }
            else
            {
                $error = 'You Need To Activate Your Account';
            }
        }
        else
        {
            if(!$error)
            {
                echo $lang->incorrect_login_details;
            }
        }
    }


im doing a print_r on all cookies and it doesnt appear in the list.
$session_length is set at 99999999

I am aiming to use setcookie to refresh the expiry of a cookie on EVERY page request.

Is this slow? I'm sure I can design things so i don't need to reset it on every page request, but if it isn't a big deal then I'll do it.

Is setcookie slow?

 

I tried many ways but unable to pass sessions to virtual subdomains on my site..

I edited ihi.ini file and included
Code: [Select]
session.cookie_domain = .mydomain.com

I like to add that session is active on my main domain for www.mydomain.com only.. So how do I pass sessions for WWW to other subdomains ?

Thanks n Advance

I am working on a login script and I am using cookies for the first time.  I have it something like this:

<?php
if (correct user/pass entered)
 - set user/pass cookies
?>

<html>
<?php
if (user/pass cookies are set)
  {echo 'you are logged in';}
else
  {echo 'you are NOT logged in';}
?>
</html>

The problem is that if I enter a valid username and password, and the cookies are set, then I get the message 'you are NOT logged in' unless I leave the page then return to it, or if I refresh, in which case I get the message 'you are logged in'.

Its almost as though I cannot use the cookies until I navigate away from the page on which they were set.  Am I doing something wrong, or is this the way it works?

I hate header errors... I can never figure them out, im getting this error;

Warning: Cannot modify header information - headers already sent by (output started at /home/damnpeti/public_html/restrict2.php:6) in /home/damnpeti/public_html/restrict2.php on line 62

Code:
<?php
$testDB = mysql_connect('localhost', $db_user, $db_pwd);
mysql_select_db ($db_name);
if (!$testDB) {
    die('Could not connect: ' . mysql_error());
}

$surfer_ip = $_SERVER["REMOTE_ADDR"];

$str_sql = "select * from ".$db_table." where ipaddress='".$surfer_ip."'";
$result = mysql_query($str_sql);
if ($row = mysql_fetch_assoc($result)) {
    $blocked_time = strtotime($row['blocked_time']);
    if($blocked_time != 0) 
    {
        $current_time = time();
        if($current_time - $blocked_time > 3600*24) //24 hours past
        {
            $str_sql = "delete from ".$db_table." where ipaddress='".$surfer_ip."'"; 
            mysql_query($str_sql); 
            $str_sql = "insert into ".$db_table." (ipaddress, surf_index) values('".$surfer_ip."', 1)";
            mysql_query($str_sql);   
        }
        else
        {
            die ("<center><div class='errors'>You have accessed this page too many times. To regain access, purchase a license or wait 24 hours.</div></center>");
        }
    }  
    else
    {
        if($row['surf_index'] < 2)
        {
            $str_sql = "update ".$db_table." set surf_index=surf_index+1 where ipaddress='".$surfer_ip."'";
            mysql_query($str_sql);
        }
        else
        {
            $str_sql = "update ".$db_table." set blocked_time='".date ("Y-m-d H:i:s")."' where ipaddress='".$surfer_ip."'";
            mysql_query($str_sql); 
            die ("<center><div class='errors'>You have accessed this page too many times. To regain access, purchase a license or wait 24 hours.</div></center>");
        }
        
    }
}
else
{
    $str_sql = "insert into ".$db_table." (ipaddress, surf_index) values('".$surfer_ip."', 1)";
    mysql_query($str_sql);
}
if(!isset($_COOKIE['surf_no']))
    setCookie('surf_no', '1'); 
else
    setCookie('surf_no', $_COOKIE['surf_no']+1);

if ($_COOKIE['surf_no'] > 2)
    die("<center><div class='errors'>You have accessed this page too many times. To regain access, purchase a license or wait 24 hours.</div></center>");
include 'http://damnitpetitions.com/cut/index3.php';

?>

Line 62 is
if ($_COOKIE['surf_no'] > 2)

I know it has something to do with the cookie... but Idk? I need the include there. If there include isnt where its at, the script is worthless.

I'm stumped on this one. New to sessions and cookies. When somebody logs out, the browser goes to logout.php. It logs them out, but the page shows this error:
 
Warning: setcookie() expects parameter 3 to be long, string given in /data/21/2/40/160/2040975/user/2235577/htdocs/logout.php on line 23
you are now logged out.

Code: [Select]
<?php 

session_start();

if(!($_SESSION[id])){

$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_server['PHP_SELF']);

// check for trailing slash

if ((subst($url, -1) == '/') OR (substr($url, -1) == '\\') ){

$url = substr($url, 0, -1);
}

$url .= '/index.php';
header("Location: $url");
exit();

} else { 
$_SESSION = array();
session_destroy();
setcookie ('PHPSESSID'. '', time()-300, '/', '', 0);
}

$page_title ='logged out!';

echo ' you are now logged out';

I just did a huge import from an app I have been working on. No issues except for this.

I uploaded & imported all files & databases from my wampserver (localhost, local server) to my main online server.

Before I continue with the problem, I have to give you info on how the files work.

I am using a "controller" to view the files. Meaning, from index.php, I call all the files. For example, instead of mysite.com/register.php, its mysite.com/index.php?page=register.

The index defines the doctype & html tags etc.

The other files that are called through index.php are just pure php code, it does not contain the head & body tags etc.

So, the issue is , when the surfer submits a form, i need to set a cookie. this cookie is VERY important.
I cannot get it to work. I am getting the header warnings after submit

Of course, this is to be expected. But I tried it on my local server, & it worked. I am not very familiar with cookies, this is a side of PHP i never really even touched. I know almost everything but that.  So the php code is before the html code on the page, so I figured it was worth a shot.
Im guessing the problem here is, since the code being outputted as index.php code + the form page code. So the cookie is being set after the html tags.

How can I fix this? I need it to work thru the controller. I cannot just make it a single file, all files on the site needs to be thru this controller, otherwise it will mess everything up.

Ino I could just add the code from index.php plus the form page code & just run the php code before all of the html tags, but like I said it has to be called thru index.php.

I appreciate your replies, & I hope you guys dont think im an idiot & can understand my question, im terrible with words!