PHP - Cookie Array

i want to store the nickname of the user as a cookie..
somthing like set cookie name=nickname,value=smarty,expires after 1 week
i know cookies are stored against domain names.
what happens when another person logs in the same computer, with different login, and his nickname is diff
how does the cookie get handled, and how does the right nickname flash against the right persons login id...

I have a question about cookies

I want the cookie to work on all the paths / folders / directorys located in a root path. So say like.. http://www.site.com/members/login.php is the folder which sets the cookie, then this cookie will also work on like.. http://www.site.com/bla/boo/works.php

I'm trying to do:
setcookie(Data1, 'valueofthecookie', '/', '.site.com', 1);

But its not working...

Ok I have my login form and previously I was using $_SESSION untill I learned this removes data when browser is closed. Someone said to me to use cookies but I have no clue where to begin on setting a cookie or reading information from it.

Can anyone point me to a tutorial on cookies?

if a user clicks ?hide=1 or ?hide=2

it
does

Code: [Select]
if (isset($_GET['hide'])){
$id = intval($_GET['hide']);
setcookie('hide', ''.$id.'',time()+32000000);
header('Location: index.php');
exit;
}
How do I make it so if they click ?hide=1 it ad's 1, but what if they do ?hide=2 also? it would need to be 1,2  not just 2.

I'm not really sure if this is a cookie problem but that's all I could think of. I have a web site that users have to log into. I have seen that when I log out of my account and log into my test account my main user name will still show on the welcome page unless I let the computer sit for a bit or if I clear recent history. This happens in all the main browsers. I have also started having a problem where if I update something in my database it shows up in MySQL right away but can take a while to show up on the web page unless i clear the history. Not sure what code to post to give you an idea so if you want to see something let me know and I will put it up.

Thank you

Hello All

    I wrote a tiny piece of cookie code (to set and record cookies and hits) that works pretty well but seems to have a bug in it that I cannot figure out. First, here is the code:

Code: [Select]
<?php
$my_cookie = (isset($_COOKIE['my_cookie'])) ? true : false;

$countFile = "./data/count.txt";
$cookieFile = "./data/cookie.txt";

$dateTime = date('Y-m-d\,H:i:s\,U\,T\,O\G\M\T');
$remoteIPAddress .= $_SERVER['REMOTE_ADDR'];
$remoteUserAgent .= $_SERVER['HTTP_USER_AGENT'];

$cookieVal = $dateTime;
$cookieVal .= ",";
$cookieVal .= $remoteIPAddress;
$cookieVal .= ",";
$cookieVal .= $remoteUserAgent;
$cookieVal .= "\r\n";

    if(!$my_cookie){
     // read the visit counter
     $countHandle = fopen($countFile, 'r');
     $visitCount = intval(trim(@fread($countHandle, filesize($countFile))));
     fclose($countHandle);

     // incremenet the visit counter
     $visitCount++;

// write the new visit count and cookie value to their respective files
     $countHandle = fopen($countFile, 'w');
     $cookieHandle = fopen($cookieFile, "a+b");

if(!preg_match('/bot/',$remoteUserAgent)){
     fwrite($countHandle, $visitCount);
     fwrite($cookieHandle, $cookieVal);
     }

     fclose($countHandle);
     fclose($cookieHandle);

     setcookie("my_cookie", $cookieVal, time()+31556926);
    }
    else{
     // read the visit counter
     $countHandle = fopen($countFile, 'r');
     $visitCount = fread($countHandle, filesize($countFile));
     fclose($countHandle);
    }
?>

What is happening is that sometimes, not every time, but, sometimes my cookie.txt count gets a 0 (zero) written back to it and I can't figure out why. Can anybody see anything in there that would have this effect? Like I said, it only gets zeroed out from time to time.

Thanks to all for taking the time to read.   

Can you send a cookie through ajax?  Will it still be read by the browser?

Hi again all,

I wondered if anyone could help again (sorry).  I have one single page which I would like to record a cookie when the user hits submit. The next time the user visits the site, I want it to recall the cookie and put the value in the textbox on the page. I think I have it storing the cookie (not sure though), but I am having trouble getting it to recall in the text box.  I wondered if someone could look at this code and see where I am going wrong or help with what I need to add.  New to PHP so having trouble getting my head around things.  Thanks in advance.

Code: [Select]
<? setcookie('user',$userName,(time()+60*60*24*30) ); ?>
<style type="text/css">


<!--
body,td,th {
color: #FFFFFF;
}
body {
background-color: #000000;
}
.style1 {font-family: Verdana, Arial, Helvetica, sans-serif}
-->


</style><form id="form1" name="form1" method="post" action="">
  <label>
  <div align="center" class="style1"><strong>My Timetable Search</strong><br />
    <br />
    Enter Network User ID:<br />
    <input type="text" name="txtUserID" id="txtUserID"  value=""/>
  </div>
  <p align="center">
    <label>
    <input type="submit" name="cmdGo" id="cmdGo" value="Show Timetable" onclick="setcookie('user',$userName,(time()+60*60*24*30);"/>
    </label>
    <br />
  </p>
  <hr />
</form>
<div align="center">
  <?php


$userName = $_POST["txtUserID"];
$hostname = "xxxxx";
$dbuser = "xxxxx";
$dbpassword = "xxxxxx";
$dbname = "xxxxx";
$LessonCount = 0;

     $db_link=mysql_connect($hostname, $dbuser, $dbpassword)
     or die("Unable to connect to the server!");

     mysql_select_db($dbname)
     or die("Unable to connect to the database");

        $fields_array=array();
        $num_fields=0;
        $num_row=0;
       

$sql= "SELECT core.UserID, wstt.Period, wstt.Lesson, wstt.Staff, wstt.Room FROM wstt INNER JOIN core ON wstt.Adno = core.Adno WHERE core.UserID='$userName'";


    

// find position of "FROM" in query
        $fpos=strpos($sql, 'from');

        // get string starting from the first word after "FROM"
        $strfrom=substr($sql, $fpos+5, 50);

        // Find position of the first space after the first word in the string
        $Opos=strpos($strfrom,' ');

        //Get table name. If query pull data from more then one table only first table name will be read.
        $table=substr($strfrom, 0,$Opos);

           // Get result from query
            $result=mysql_query($sql);
            $num_row=mysql_numrows($result);

            print('<html>');
            print('<head><title>');
  print('Timetable for'.$userName.'</title>');
            print('<link rel="stylesheet" href="style.css">');

            print("</head>");
            print('<body><br>');
print('<h3>Timetable for: '.$userName.'</h3>');
print('<div align="center"');


            if($num_row >0)
            {
                    //Get number of fields in query
                    $num_fields=mysql_num_fields($result);

         

           # get column metadata
            $i = 1;

             //Set table width 10% for each column
            $width=10 * $num_fields;

           // print('<br><table width='.$width.'% align="center" border=1> padding=0<tr>');
print('<br><table width='.$width.'% border="1" cellpadding="0" cellspacing="0" bordercolor="#000066"<tr>');
            print('<tr><th colspan='.$num_fields.'>Timetable List</th></tr>');




             while ($i < $num_fields)
             {

              //Get fields (columns) names
            $meta = mysql_fetch_field($result);

            $fields_array[]=$meta->name;

           //Display column headers in upper case
       print('<th><b>'.strtoupper($fields_array[$i]).'</b></th>');

                    $i=$i+1;
                    }

            print('</tr>');
                


                   //Get values for each row and column
                while($row=mysql_fetch_row($result))
                {
                 print('<tr>');
 
  
 
 
//SET TO 1 TO HIDE USERNAME
                        for($i=1; $i<$num_fields; $i++)
                        {

                        //Display values for each row and column
                        print('<td>'.$row[$i].'</td>');



                        }


//START
if ($LessonCount ==4) {
print('<tr>');
print('<td colspan="4"><div align="center">-----------------------------------------------------</td></tr>');
$LessonCount=0;
}else {
($LessonCount = $LessonCount+1);
}


//STOP


                print('</tr>');
                }


    }


print('</div>');


    ?>
</div>

Hello

A few days back I searched for a (very) easy php login script, basicly just to show hidden content that's not for everyone.
This is the script I found (and it works):

<?php
$username = "Username";
$password = "Password";
$randomword = "one";

if (isset($_COOKIE['MyLoginPage'])) {
   if ($_COOKIE['MyLoginPage'] == md5($password.$randomword)) {
?>
<?php 
include 'projecten_.php';
$name = "0";
?>
<?php
      exit;
   } else {
      echo "<p>Bad cookie. Clear please clear them out and try to login again.</p>";
      exit;
   }
}

if (isset($_GET['p']) && $_GET['p'] == "login") {
   if ($_POST['name'] != $username) {
      echo "<p>Sorry, that username does not match. Use your browser back button to go back and try again.</p>";
      exit;
   } else if ($_POST['pass'] != $password) {
      echo "<p>Sorry, that password does not match. Use your browser back button to go back and try again.</p>";
      exit;
   } else if ($_POST['name'] == $username && $_POST['pass'] == $password) {
      setcookie('MyLoginPage', md5($_POST['pass'].$randomword));
      header("Location: $_SERVER[PHP_SELF]");
   } else {
      echo "<p>Sorry, you could not be logged in at this time. Refresh the page and try again.</p>";
   }
}
?>
<body style="background:url(images/repeat.gif) repeat-x #0a0a09; height:106px; margin:0px; padding:0px; text-align: center;">
<div style="margin-left: auto; margin-right: auto; position: relative; top: 120px; width: 250px; text-align: left; line-height: 28px;">
<img src="images/zenze.png" alt="Zenze" style="position: absolute; top: -100px; left: -375px;" />
<h5 style=" font-weight: none; font-size: 18px; font-family: verdana; margin: 0px; margin-bottom: 20px; color: #96ff00">Login</h5>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>?p=login" method="post">
<label><input type="text" name="name" id="name" /><span style="color: #999999; font-size: 12px; font-family:verdana"> Name</span></label><br />
<label><input type="password" name="pass" id="pass" /><span style="color: #999999; font-size: 12px; font-family:verdana"> Password</span></label><br />
<input type="submit" id="submit" value="Login" style="margin-top: 10px;" /></form>
</div>

</body>

The only problem is, there is no log out fuction. I see this script works with cookies and I gave it a try, and I ended up with nothing but errors.

Does anyone one has an idea to how a logout script would look like for this script?

Thanks in advance,

Crow

I see all over the web that I should tie a session cookie to an ip to help stop some XSS session stealing, but I can't find HOW to do this anywhere. Can someone post some example code?

Thanks!

Hello all,

I am extremely new with php, I just started learning it this week. I am tryin to make a secure login page that uses cookies for authentication. The problem I am having is that I cannot seem to get it to detect or read the set cookie properly. I want it to detect if its the correct username in the cookie and if so, allow to see the page, and if now, then return to the login screen.

The login screen is login.html, which directs the person to the php script login.php. That should in turn show them a message page and some short info, as well as a link to their control panel (index.php) . The problem is that even if i skip the login I can still reach the control panel (index.php) with or without the cookie.

Here is my code (please be gentle this is my first week with php):

login.html:
Code: [Select]
<html>
<head>
<Title>Admin Login</Title>
</head>
<body>
<center>
<br>
<br>
<br>
<br>
<img src="pk.png">
<form action="login.php" method="post">
<br>
Username: <input type="text" name="username" /><br>
Password:  <input type="text" name="password" /><br>
<input type="submit" value="Login" />
</form>
</center>





</body>
</html>
login.php:
Code: [Select]
<?php

// Print a cookie
//echo $_COOKIE["auth"];

// A way to view all cookies
//print_r($_COOKIE);

//global $verified;

$verified=NULL;
global $cookie;
$cookie=$HTTP_COOKIE_VARS['auth'];

if($_COOKIE["auth"] = "Verified_Power" )
{
echo "You have been verified as PowerHouse. <br><br>";
$verified="TRUE";
}
else if($_COOKIE["auth"] = "Verified_Thor")
{
echo "it's actually thor!<br><br>";
$verified="FALSE";
}
else
{
echo "Bad Chookie";
$verified="FALSE";
exit();
}


?>
<html>
<head>

<Title>Login Info</Title>
</head>
<body>
<center>
<img src="pk.png">
<br>
<br>
<br>
Hello <?php echo($username); ?>!<br />


<?php //header("Cache-Control:no-cache");






$msgfile = "messages.txt";
$msgf = fopen( $msgfile, "r");
$msgsize = filesize( $msgfile );
if( $msgsize <= 0)
{
$msg=NULL;
}
else
{
$msg = fread( $msgf, $msgsize);
fclose($msgf);
}



If( $username == "PowerHouse" )
{
If( $password == "test")
{
//read logon file
$powerlogfile="Admin_Checkin/logs/powerlogon.txt";
$logfile = fopen( $powerlogfile, "r");
$logfilesize = filesize ( $powerlogfile );
$logcountpower = fread( $logfile, $logfilesize );
$logcountpower++;
fclose($logfile);
//open file for writing
$logfile = fopen($powerlogfile, "w");
fwrite( $logfile, $logcountpower);

fclose($logfile);
echo("You are logged in. <br><br>");
echo("It is you master! <br><br>");
if( $msg == NULL )
{
echo("No New Messages<br><br><br>");
}
else
{
echo("You have a message: <br>");
echo "$msg <br><br><br>";
}

echo "Click <a href='" . "/Admin_Checkin/14795" . "'>Here</a> To access your control panel.<br><br><br>";  
echo "You have logged in $logcountpower times.";

//open logfile to write to 
$logfile=fopen("Admin_Checkin/logs/powerlog.html", "a");
//write the time of access
$time=date("H:i:s: dS F");
fwrite($logfile, "<b>Time of access:</b> $time<br>");
//write users ip
if( $REMOTE_ADDR != NULL )
{
fwrite($logfile, "<b>IP Address:</b> $REMOTE_ADDR <br>");
}
//write users forwarding url
if( $HTTP_REFERER != NULL)
{
fwrite($logfile, "<b>Referer:</b> $HTTP_REFERER <br>");
}
//write users browser info
fwrite($logfile, "<b>Browser Info:</b> $HTTP_USER_AGENT <hr><br>");

setcookie("auth","Verified_Power", time()+3600);
//header("Location:login.php"); exit();

//setcookie('login', $_REQUEST['username'].','.md5($_REQUEST['username'].$secret_word));




}
else if( $password != "test" )
{
$pwfail++;
echo("<hr>You have entered the wrong password, PowerHouse. <br>");
}
}
else if($username == "ThorSummoner")
{
If( $password == "test")
{
//read logon file
$thorlogfile="Admin_Checkin/logs/thorlogon.txt";
$logfile = fopen( $thorlogfile, "r");
$logfilesize = filesize ( $thorlogfile );
$logcountthor = fread( $logfile, $logfilesize );
$logcountthor++;
fclose($logfile);
//open file for writing
$logfile = fopen($thorlogfile, "w");
fwrite( $logfile, $logcountthor);

fclose($logfile);
echo("You are logged in. <br><br>");
echo("This is the Admin Portal Welcome Screen. <br><br>");
if( $logcountthor == 1)
{
echo "This is your first visit, yay! <br><br>";
}
//echo "$msg <br> <br>";

if( $msg == NULL )
{
echo("No New Messages<br><br><br>");

}
else
{
echo("You have a message: <br>");
echo "$msg <br><br><br>";
}

echo "Click <a href='" . "/Admin_Checkin/atfg4gc" . "'>Here</a> To access your control panel.<br><br><br>";  
echo "You have logged in $logcountthor times.";

//open logfile to write to 
$logfile=fopen("Admin_Checkin/logs/thorlog.html", "a");
//write the time of access
$time=date("H:i:s: dS F");
fwrite($logfile, "<b>Time of access:</b> $time<br>");
//write users ip
if( $REMOTE_ADDR != NULL )
{
fwrite($logfile, "<b>IP Address:</b> $REMOTE_ADDR <br>");
}
//write users forwarding url
if( $HTTP_REFERER != NULL)
{
fwrite($logfile, "<b>Referer:</b> $HTTP_REFERER <br>");
}
//write users browser info
fwrite($logfile, "<b>Browser Info:</b> $HTTP_USER_AGENT <hr><br>");

setcookie("auth","Verified_Thor", time()+3600);

}
else if( $password != "test" )
{
$pwfail++;
echo("You have entered the wrong password, ThorSummoner. <br>");
}

}
else if($username !== "PowerHouse" && $username !=="ThorSummoner")
{
echo("Who are you?");
}




?>
</center>
</body>
</html>

index.php
Code: [Select]
<?php


global $verified;
echo ($verified);

If( $verified == "TRUE" )
{
echo "You are verified";
}
else if( $verified != "TRUE" )
{
echo "You should not be here";
}
else if( $verified = NULL )
{
echo "Nulled out";
}
$cookie=$HTTP_COOKIE_VARS['auth'];

If( $cookie != "Verified_Power")
{
echo "No Cookie, or not correct cookie";
}

// A way to view all cookies
//print_r($_COOKIE);


?>
<html>
<head>
<Title>Power's Control Panel
</Title>
</head>
<body>
This is my control panel <BR>

test<br>
</body>
</html>
Any help would be greatly appreciated! Remember I am new so I am sure my code is poorly written. Please be polite.

hello,

I am trying to setup a simple password protected site with a cookie so that users that have entered the password wont have to enter it again for 1 month. so I have a simple index.php page with the passowrd field on it in the root directory. then my site is in a sub directory /cms/ and the index.php page there checks for the $_POST value to set the cookie and let the user continue on.

Like this:
<?php 
//check if user has entered password and needs cookie set
if(isset($_POST['fpass']) && !isset($_COOKIE['fpass'])) setcookielive('fpass', $_POST['fpass'], strtotime( '+1 Month' ));



function setcookielive($name, $value='', $expire=0, $path='', $domain='', $secure=false, $httponly=false) {
    //set a cookie as usual, but ALSO add it to $_COOKIE so the current page load has access
    $_COOKIE[$name] = $value;
    return setcookie($name,$value,$expire,$path,$domain,$secure,$httponly);
}



defined( '_VALID_MOS' ) or die( 'Restricted access' );

//check if user has not entered password
if (!isset($_COOKIE['fpass']) || $_COOKIE['fpass'] == "") header('location: http://www.example.com');
//check if the user has a cookie set but is on a new session
if (isset($_COOKIE['fpass']) && !isset($_POST['fpass'])) header('location: http://www.example.com/disclaimer.php');

...
The disclaimer.php page is actually the default landing page that users need to start on (after entering a password that is).

Couple of problems:
This just loops back to the disclaimer page how do I send the user to the disclaimer page at the beginning of each session even if the Cookie is set
thanks for any help

Hi All,

I have a secure website which always checks the cookies is not expired and the session id is set.
When someone doesn't browse for the period of the cookie it will expire however the session id stays valid
until he logout. A lot of people don't logout so the pages will still be accessable for them or others who use
their pc.

Is there a way to destroy the session id when the cookies expires?

Marco

Hello,

I am new to this forum and joined in hope I could get some help in relation to some PHP problems I have stumbled across within my work. I am currently working on an online store I am building from scratch. I have already built the basic system behind it and am now starting to implement a more user friendly design to it with JS validation, stylesheets and imaging layout.

I have however come across a COOKIE problem with my login script. The purpose behind it is to only allow users into an area if they have logged in and declared cookies. I declare the cookies with 'setcookie()' then try and retrieve them with '$_COOKIE['firstname'];'.

However since implementing my new design layout it has stopped being able to retrieve the cookies. Here is some of the script. I would greatly appreciate any help given ...

Login.php
Code: [Select]
<?php
//Validating input details and executing mysql query
if ($username && $pass)
{
mysql_connect("$dhost","$dname","$dpass"); //Connection to mysql server
@mysql_select_db("$dbase") or die ("Unable To Select Database!"); //Connection to stated database
$query = "SELECT firstname, lastname, username FROM userdata WHERE password=SHA('$pass')"; //Retrieves firstname and lastname for username and password combination
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result,MYSQL_NUM); //Return a record, if applicable
if ($row) {
setcookie('firstname', $row[0], time()+3600);
setcookie('lastname', $row[1], time()+3600);
setcookie('username', $row[2], time()+3600); //Set the cookies
echo "<p class='Body-error-P'><span class='Body-text-T'>Login successful. If you are not redirected in 15 seconds click <A HREF='./index.php'>here</A></span></p>";
print "<meta HTTP-EQUIV='REFRESH' content='5 url=./index.php'>";
} else { //no record matched the query
echo "<p class='Body-error-P'><span class='Body-text-T'>The username and password you entered are not valid.</span></p>";
}
mysql_close(); //close database connection
}
}

Index.php
Code: [Select]
<?php
include_once ("config.php");
if(isset($_COOKIE['firstname'])) //if not cookie present, redirect the user
{
echo "<p class='Body-text-P'><span class='Body-text2-T'>You are now logged in, <b>".$_COOKIE['firstname'].' '.$_COOKIE['firstname']."</b></span</p>";
} else {
echo '<p class="Body-text-P"><span class="Body-text-T">You are not logged in at this current time. Please login or register.</span</p>';
}
?>
Let me know if you need anymore coding...

How can I use a cookie to pull data from my db. Right now I have it set up to pull data from a session variable, but I need it to be able to display data from both since I am implementing a remember me checkbox on my login.

Current Code:


 $q = mysql_query("SELECT `firstname`, `lastname`, `firstname`, `lastname`, `email`, `entrepreneur`, `investor`, `companyname`, `companywebsite`, `founder`, `phone`, `address`, `city`, `state`, `zipcode`, `country`, `development`, `capitalamount`, `companydo`, `founderbuilt`, `understand`, `competition`, `money`, `demo`, `incorporation`, `companynameinv`, `phoneinv`, `addressinv`, `cityinv`, `stateinv`, `zipcodeinv`, `countryinv`, `angel`, `vc`, `capital` FROM `users` WHERE username=  '" . $_SESSION['username'] . "'");
 
 $r = mysql_fetch_assoc($q);
 

if (!isset ($_GET['u'])&&($_SESSION['username'])||($_COOKIE['username']))
{
       
        echo "blahblah"