PHP - Cookie Db Issue

I have part of my script that I have used many times in many diffrent applications that works just fine.
But in this use it refuses to set the cookie or do anything besides the redirect for that matter.
// if login is ok then we add a cookie 
  $ip = $_SERVER['REMOTE_ADDR'];
$datem = date("j F Y, g:i a");
mysql_query("UPDATE YBK_Login SET date = '$datem' AND ip = '$ip' WHERE ID = '{{$info['ID']}'")or die(mysql_error()); 

   $_POST['username'] = stripslashes($_POST['username']); 
   $hour = time() + 3600; 
 setcookie('ID_WatsonN', $_POST['username'], 0); 
 setcookie('Key_WatsonN', $_POST['pass'], 0);
 setcookie('UID_WatsonN', $info['ID'], 0);
 setcookie('LOGIN', $info['ID'], time()+3);
 //then redirect them to the members area 
  Header("Location: dashboard.php"); 

I have a question about cookies

I want the cookie to work on all the paths / folders / directorys located in a root path. So say like.. http://www.site.com/members/login.php is the folder which sets the cookie, then this cookie will also work on like.. http://www.site.com/bla/boo/works.php

I'm trying to do:
setcookie(Data1, 'valueofthecookie', '/', '.site.com', 1);

But its not working...

Ok I have my login form and previously I was using $_SESSION untill I learned this removes data when browser is closed. Someone said to me to use cookies but I have no clue where to begin on setting a cookie or reading information from it.

Can anyone point me to a tutorial on cookies?

Hey PHPFreaks!

I have a problem with my login script, because when i login it sets a cookie and it all works. But when i got redirected and refresh the page, my script turns an error which says i'm not logged in? how come?

This is what finds the cookie and redirects me

Code: [Select]
if(!isset($_SESSION['auth']) && !isset($_COOKIE['authcookie'])) {
        $_SESSION['ERROR'] = 7;
        header('location: index.php?login');
    }

i want to store the nickname of the user as a cookie..
somthing like set cookie name=nickname,value=smarty,expires after 1 week
i know cookies are stored against domain names.
what happens when another person logs in the same computer, with different login, and his nickname is diff
how does the cookie get handled, and how does the right nickname flash against the right persons login id...

hello,

I am trying to setup a simple password protected site with a cookie so that users that have entered the password wont have to enter it again for 1 month. so I have a simple index.php page with the passowrd field on it in the root directory. then my site is in a sub directory /cms/ and the index.php page there checks for the $_POST value to set the cookie and let the user continue on.

Like this:
<?php 
//check if user has entered password and needs cookie set
if(isset($_POST['fpass']) && !isset($_COOKIE['fpass'])) setcookielive('fpass', $_POST['fpass'], strtotime( '+1 Month' ));



function setcookielive($name, $value='', $expire=0, $path='', $domain='', $secure=false, $httponly=false) {
    //set a cookie as usual, but ALSO add it to $_COOKIE so the current page load has access
    $_COOKIE[$name] = $value;
    return setcookie($name,$value,$expire,$path,$domain,$secure,$httponly);
}



defined( '_VALID_MOS' ) or die( 'Restricted access' );

//check if user has not entered password
if (!isset($_COOKIE['fpass']) || $_COOKIE['fpass'] == "") header('location: http://www.example.com');
//check if the user has a cookie set but is on a new session
if (isset($_COOKIE['fpass']) && !isset($_POST['fpass'])) header('location: http://www.example.com/disclaimer.php');

...
The disclaimer.php page is actually the default landing page that users need to start on (after entering a password that is).

Couple of problems:
This just loops back to the disclaimer page how do I send the user to the disclaimer page at the beginning of each session even if the Cookie is set
thanks for any help

I see all over the web that I should tie a session cookie to an ip to help stop some XSS session stealing, but I can't find HOW to do this anywhere. Can someone post some example code?

Thanks!

What I want is to let visitors select a county they want to search in.
And when the choice is made - all ads, news, info that is shown is from the chosen county.

What I'm trying to say here, is that when a location is set, visitors don't need to set the location again. But they can change it all the time.

I belive this is done by setting a cookie with PHP. But don't know how.

Can anyone point me in the right direction?

Hi All,

I have a secure website which always checks the cookies is not expired and the session id is set.
When someone doesn't browse for the period of the cookie it will expire however the session id stays valid
until he logout. A lot of people don't logout so the pages will still be accessable for them or others who use
their pc.

Is there a way to destroy the session id when the cookies expires?

Marco

How to get the cookie value,when we login for a website,also how to access the site by using the cookie values?

Ok I have NEVER had problem like this before.

First of all, I am not that great with cookies or headers. But I know how to set cookies & sessions & how to use them.

Any way, this is the most important feature & page on my app. Its for the register page, it sets a cookie that is needed to prevent fraud.

I did the development of this script on my local server & this is my first time testing it on a real server.

My issue is, I keep getting the damn headers already sent error;

Code: [Select]
Warning: Cannot modify header information - headers already sent by (output started at /../../..//mysite.com/admin/includes/linkmysql.php:2) in /../../../mysite.com/reg.php on line 36
I literally tried everything. I completely rewrote the page to work around this. I cannot stress enough how important this cookie is.

I dont udnerstand. The php is b4 all the html, etc etc. There should be no other "headers being sent".

Heres the code;

<?php


require_once 'is_email.php';

$result = is_email(@$email, true, true);
if (isset($_POST['register_clicked']) && $_POST['register_clicked']==1)
{
$uname = $_POST['uname'];
$upasswd = $_POST['passwd'];
$email = $_POST['email'];




if (!(strlen($uname) > 0 && strlen($uname) < 31))
echo '<td colspan="3" align="center" class="FormError"> USERNAME length must be between 1 and 30! </td>';
else if (!(strlen($upasswd) > 0 && strlen($upasswd) < 41))
echo '<td colspan="3" align="center" class="FormError"> PASSWORD length must be between 1 and 30! </td>';
else if ($upasswd != $_POST['passwdconf'])
echo '<td colspan="3" align="center" class="FormError"> PASSWORD doesn\'t match! </td>';


else if (!is_email($email)) echo "<td colspan='3' align='center' class='FormError'>{$email} is not a valid email address! (result code $result)</td>";
else
{
include_once('admin/includes/linkmysql.php');
include('admin/includes/func.php');
if (!newuser($uname, $upasswd, $email))
echo "<td colspan='3' align='center' class='FormError'>Username already in use!</td>";

else
{
echo '<strong><font color="black">Registration Completed!</font></strong>';
$value = "no-delete";
setcookie("Muffins", $value, mktime (0, 0, 0, 12, 31, 2015));

#if (isset($_POST['autologin']))
#{

add_login($uname);
$_SESSION['login_name'] = $uname; 
?>
<!--<script language="javascript" type="text/javascript">
window.location.href = "index.php?a=home";
</script> -->
<?php
}
}
}

?>
                    <?php
if (isset($_COOKIE['Muffins']))
{
Header ('Location: http://mysite.com/index.php?a=noreg');
}

?>

line 36 is obviously the line with the setcookie. I have no idea why it is referencing the include file, it has two lines of code that defines the mysql connections.

This code is at the top of the page, before all the HTML etc. NO reason why it should be giving me header errors rigght!?? Im having the same issue with another page. I ban users thru setting a value in a mysql table, when the "system" notices the ban value is set, it redirects them to an account banned page using a header. BUT ITS THE SAME ******** THING!!!!!

NEVER in my YEARS of coding have I ran into such AN ANNOYING & SENSELESS ISSUE!

Sorry I am just SO frustrated, due to this I have not worked on this in days I pretty much gave up. I cannot launch this site that I have been working on for years without this working.

THANK YOU FOR ALL YOUR HELP!!! Much appreciated.

Hello all,

I am extremely new with php, I just started learning it this week. I am tryin to make a secure login page that uses cookies for authentication. The problem I am having is that I cannot seem to get it to detect or read the set cookie properly. I want it to detect if its the correct username in the cookie and if so, allow to see the page, and if now, then return to the login screen.

The login screen is login.html, which directs the person to the php script login.php. That should in turn show them a message page and some short info, as well as a link to their control panel (index.php) . The problem is that even if i skip the login I can still reach the control panel (index.php) with or without the cookie.

Here is my code (please be gentle this is my first week with php):

login.html:
Code: [Select]
<html>
<head>
<Title>Admin Login</Title>
</head>
<body>
<center>
<br>
<br>
<br>
<br>
<img src="pk.png">
<form action="login.php" method="post">
<br>
Username: <input type="text" name="username" /><br>
Password:  <input type="text" name="password" /><br>
<input type="submit" value="Login" />
</form>
</center>





</body>
</html>
login.php:
Code: [Select]
<?php

// Print a cookie
//echo $_COOKIE["auth"];

// A way to view all cookies
//print_r($_COOKIE);

//global $verified;

$verified=NULL;
global $cookie;
$cookie=$HTTP_COOKIE_VARS['auth'];

if($_COOKIE["auth"] = "Verified_Power" )
{
echo "You have been verified as PowerHouse. <br><br>";
$verified="TRUE";
}
else if($_COOKIE["auth"] = "Verified_Thor")
{
echo "it's actually thor!<br><br>";
$verified="FALSE";
}
else
{
echo "Bad Chookie";
$verified="FALSE";
exit();
}


?>
<html>
<head>

<Title>Login Info</Title>
</head>
<body>
<center>
<img src="pk.png">
<br>
<br>
<br>
Hello <?php echo($username); ?>!<br />


<?php //header("Cache-Control:no-cache");






$msgfile = "messages.txt";
$msgf = fopen( $msgfile, "r");
$msgsize = filesize( $msgfile );
if( $msgsize <= 0)
{
$msg=NULL;
}
else
{
$msg = fread( $msgf, $msgsize);
fclose($msgf);
}



If( $username == "PowerHouse" )
{
If( $password == "test")
{
//read logon file
$powerlogfile="Admin_Checkin/logs/powerlogon.txt";
$logfile = fopen( $powerlogfile, "r");
$logfilesize = filesize ( $powerlogfile );
$logcountpower = fread( $logfile, $logfilesize );
$logcountpower++;
fclose($logfile);
//open file for writing
$logfile = fopen($powerlogfile, "w");
fwrite( $logfile, $logcountpower);

fclose($logfile);
echo("You are logged in. <br><br>");
echo("It is you master! <br><br>");
if( $msg == NULL )
{
echo("No New Messages<br><br><br>");
}
else
{
echo("You have a message: <br>");
echo "$msg <br><br><br>";
}

echo "Click <a href='" . "/Admin_Checkin/14795" . "'>Here</a> To access your control panel.<br><br><br>";  
echo "You have logged in $logcountpower times.";

//open logfile to write to 
$logfile=fopen("Admin_Checkin/logs/powerlog.html", "a");
//write the time of access
$time=date("H:i:s: dS F");
fwrite($logfile, "<b>Time of access:</b> $time<br>");
//write users ip
if( $REMOTE_ADDR != NULL )
{
fwrite($logfile, "<b>IP Address:</b> $REMOTE_ADDR <br>");
}
//write users forwarding url
if( $HTTP_REFERER != NULL)
{
fwrite($logfile, "<b>Referer:</b> $HTTP_REFERER <br>");
}
//write users browser info
fwrite($logfile, "<b>Browser Info:</b> $HTTP_USER_AGENT <hr><br>");

setcookie("auth","Verified_Power", time()+3600);
//header("Location:login.php"); exit();

//setcookie('login', $_REQUEST['username'].','.md5($_REQUEST['username'].$secret_word));




}
else if( $password != "test" )
{
$pwfail++;
echo("<hr>You have entered the wrong password, PowerHouse. <br>");
}
}
else if($username == "ThorSummoner")
{
If( $password == "test")
{
//read logon file
$thorlogfile="Admin_Checkin/logs/thorlogon.txt";
$logfile = fopen( $thorlogfile, "r");
$logfilesize = filesize ( $thorlogfile );
$logcountthor = fread( $logfile, $logfilesize );
$logcountthor++;
fclose($logfile);
//open file for writing
$logfile = fopen($thorlogfile, "w");
fwrite( $logfile, $logcountthor);

fclose($logfile);
echo("You are logged in. <br><br>");
echo("This is the Admin Portal Welcome Screen. <br><br>");
if( $logcountthor == 1)
{
echo "This is your first visit, yay! <br><br>";
}
//echo "$msg <br> <br>";

if( $msg == NULL )
{
echo("No New Messages<br><br><br>");

}
else
{
echo("You have a message: <br>");
echo "$msg <br><br><br>";
}

echo "Click <a href='" . "/Admin_Checkin/atfg4gc" . "'>Here</a> To access your control panel.<br><br><br>";  
echo "You have logged in $logcountthor times.";

//open logfile to write to 
$logfile=fopen("Admin_Checkin/logs/thorlog.html", "a");
//write the time of access
$time=date("H:i:s: dS F");
fwrite($logfile, "<b>Time of access:</b> $time<br>");
//write users ip
if( $REMOTE_ADDR != NULL )
{
fwrite($logfile, "<b>IP Address:</b> $REMOTE_ADDR <br>");
}
//write users forwarding url
if( $HTTP_REFERER != NULL)
{
fwrite($logfile, "<b>Referer:</b> $HTTP_REFERER <br>");
}
//write users browser info
fwrite($logfile, "<b>Browser Info:</b> $HTTP_USER_AGENT <hr><br>");

setcookie("auth","Verified_Thor", time()+3600);

}
else if( $password != "test" )
{
$pwfail++;
echo("You have entered the wrong password, ThorSummoner. <br>");
}

}
else if($username !== "PowerHouse" && $username !=="ThorSummoner")
{
echo("Who are you?");
}




?>
</center>
</body>
</html>

index.php
Code: [Select]
<?php


global $verified;
echo ($verified);

If( $verified == "TRUE" )
{
echo "You are verified";
}
else if( $verified != "TRUE" )
{
echo "You should not be here";
}
else if( $verified = NULL )
{
echo "Nulled out";
}
$cookie=$HTTP_COOKIE_VARS['auth'];

If( $cookie != "Verified_Power")
{
echo "No Cookie, or not correct cookie";
}

// A way to view all cookies
//print_r($_COOKIE);


?>
<html>
<head>
<Title>Power's Control Panel
</Title>
</head>
<body>
This is my control panel <BR>

test<br>
</body>
</html>
Any help would be greatly appreciated! Remember I am new so I am sure my code is poorly written. Please be polite.

Hey guys I'm pretty new to both PHP and Javascript. I think my problem is a PHP one, not a Javascript one. But it involves both. I'm trying to delete a cookie by clicking a link.

I call the javascript function like so:


if (isset($_COOKIE["active"]))
{
     echo "<a href='addpost.php'>Add Post</a>
     <a href onClick='eraseCookie()'>Log Out</a>";
}

And the function looks like this:

Code: [Select]
function eraseCookie() {
        <?php
        setcookie(active, 0, time()-3600); 
        echo "It works";
        ?>
}
The function doesn't delete the cookie and doesn't echo "It works". Like I said this could be a Javascript error, not a PHP one, but I have to start somewhere. Can someone tell me what I'm doing wrong?

Hello,
My latest issue is with a login page I am trying to set a cookie for. I have deduced that it it pulling my info out of my database correctly. It does not give any errors for username or password when they are entered correctly but when I get to the end of the script where I would like to set a cookie and redirect to a new page it just stays on the same page and appears as if it is loading but nothing happens.

After I stop the browser and attempt to reload the page it gives me an error saying the page cannot be displayed.

Do I need to specify anything before I can have the following code work or is it that it is clashing somewhere else along the way?
Code: [Select]

<?php
else 
{ 
// if login good set cookie
$_POST['username'] = stripslashes($_POST['username']);   
$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour); 
setcookie(Key_my_site, $_POST['pass'], $hour); 
//then redirect them to the members area 
header("Location: http://example.com/");
die();
}  
?>

If I remove this code and simply leave the redirect as shown above, it works. But that defeats the purpose of the script as on the redirected page there has to be a cookie set to display it.

Any help would be appreciated

Hello,

I am new to this forum and joined in hope I could get some help in relation to some PHP problems I have stumbled across within my work. I am currently working on an online store I am building from scratch. I have already built the basic system behind it and am now starting to implement a more user friendly design to it with JS validation, stylesheets and imaging layout.

I have however come across a COOKIE problem with my login script. The purpose behind it is to only allow users into an area if they have logged in and declared cookies. I declare the cookies with 'setcookie()' then try and retrieve them with '$_COOKIE['firstname'];'.

However since implementing my new design layout it has stopped being able to retrieve the cookies. Here is some of the script. I would greatly appreciate any help given ...

Login.php
Code: [Select]
<?php
//Validating input details and executing mysql query
if ($username && $pass)
{
mysql_connect("$dhost","$dname","$dpass"); //Connection to mysql server
@mysql_select_db("$dbase") or die ("Unable To Select Database!"); //Connection to stated database
$query = "SELECT firstname, lastname, username FROM userdata WHERE password=SHA('$pass')"; //Retrieves firstname and lastname for username and password combination
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result,MYSQL_NUM); //Return a record, if applicable
if ($row) {
setcookie('firstname', $row[0], time()+3600);
setcookie('lastname', $row[1], time()+3600);
setcookie('username', $row[2], time()+3600); //Set the cookies
echo "<p class='Body-error-P'><span class='Body-text-T'>Login successful. If you are not redirected in 15 seconds click <A HREF='./index.php'>here</A></span></p>";
print "<meta HTTP-EQUIV='REFRESH' content='5 url=./index.php'>";
} else { //no record matched the query
echo "<p class='Body-error-P'><span class='Body-text-T'>The username and password you entered are not valid.</span></p>";
}
mysql_close(); //close database connection
}
}

Index.php
Code: [Select]
<?php
include_once ("config.php");
if(isset($_COOKIE['firstname'])) //if not cookie present, redirect the user
{
echo "<p class='Body-text-P'><span class='Body-text2-T'>You are now logged in, <b>".$_COOKIE['firstname'].' '.$_COOKIE['firstname']."</b></span</p>";
} else {
echo '<p class="Body-text-P"><span class="Body-text-T">You are not logged in at this current time. Please login or register.</span</p>';
}
?>
Let me know if you need anymore coding...