|
PHP - Send Cookies Securely
Hello,
I am trying to implement a remember me feature on my site, but am having problems doing so securely. I would like the cookies that remember your info to be sent securely over ssl, but the problem is all of my pages are http. I do not want to force everyone to be https because it is not needed. Is there a way to tell php to check for the cookies via ssl even though the page request was http? Thank you! weee Similar TutorialsI have had a load of people who are silly enought to forget their username and or password so wish to add in the option for them to save their details in a cookie, and break my number one rule, never to use them!!! can anyone suggest how i can do this so it is stored safely like most websites do it. Hi All, I have a simple question. I have built log in control panels and have always used session id to follow through getting the username and password from the database and then checking each page that the user and password match using session using the sessio id held in a temp database. I have been informed that this is not as secure as I once thought. I am looking at using cookies and have found the code for how to set up and delete a cookie. The simple question is this how to you pass the cookie to another page once you are loged in and retain it until you have loged out. If the user clicks on a button once loged in to a page where they need to insert new details or update some information and then return to the main control panel. Any help would be great and if not have a great day even if it is raining as it is in England I want to know How to send cookies to another site Hey, I know this questions get asked a lot but here is a different version of it. What is a simple and secure method for storing data/passwords? I know there is a lot of debate in this subject but I run a browser game off my server and just want the data to be encrypted. is this good enough or is this easy to crack? Code: [Select] <?php $password = 'abcdefg'; $salt = 'whateversecrethash'; $pw_hash = md5($salt.$password); ?> or I just found this tutorial is this up to date and actually a good method? http://webhole.net/2010/10/30/php-password-encryption-with-salt/ I have users becoming members and allowed them to upload their own photos. But when they try to upload 5MB photos, it takes time to upload the photo, and sometimes server gives a timeout error. I have searched and found javascripts that uploads to the server but I have noticed that it has security problems. So how do you let users to upload photos ? This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=348558.0 I have a site where I want another user that has a password fills out a form & it then downloads to my server. I want them to be able to then download that file from my site at the same time the form is submitted. I've tried adding this code to the bottom of the php file that the form points to but it just displays the file on the screen instead of downloading to the user's computer.
<?php
$file = '/site/downloadfile';
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
}
?>
if I put the same code in a separate file it works perfectly but i don't want to add another file if i can help it. Any help appreciated
HI All, Currently when my users log into my site i store their user level in a session. This allows admins to see more than normal users. I am worried that it would be very easy for someone to amend the session and give themselves admin rights. I am asking for advice on best practice for setting the user level of the logged in user. Where would you suggest i store this information so that only admins see the admin stuff. My navbar has a PHP if test running against $_SESSION['user_level'] and only admins see the admin panal. I am working on a phpmailer script that sends an order confirmation email to the customer AND the client at the same time. If I have the customer email and client email set both to the originating domain's email addresses (myname@myserver.com), then it sends fine. However, if I try to send to an outside mail server (eg. someone@gmail.com), I get the following errors: Code: [Select] SMTP -> FROM SERVER:220 myserver.com ESMTP Exim 4.63 Sat, 18 Sep 2010 15:08:21 -0700 SMTP -> FROM SERVER: 250 myserver.com Hello localhost [127.0.0.1] 250-SIZE 52428800 250-PIPELINING 250-AUTH LOGIN PLAIN 250-STARTTLS 250 HELP SMTP -> FROM SERVER:250 OK SMTP -> FROM SERVER:250 Accepted SMTP -> FROM SERVER: SMTP -> ERROR: RCPT not accepted from server: SMTP Error: The following recipients failed: someone@gmail.com Message could not be sent. Mailer Error: SMTP Error: The following recipients failed: someone@gmail.com SMTP server error: I'm not sure what's going on here. Any SMTP or phpmailer geniuses here that can shed some light on what needs to happen here for this to send to any address? Hi, I'm trying to setup a quick PHP script that will grab the email from the url (see below) and after inserting into MySQL db - which is working fine - the script will complete two additional tasks: 1. send that same captured email out to a external db as in shown via http://domain1.com/insert.php?email=$lead (example), but then send to a DIFFERENT source - the originator of the lead - a portback acknowledgement using Header (sending the status and email to http://domain2.com/check.php?e=$lead&s=$status for their records). See the code below: ------------------------- Code: [Select] $lead = $_REQUEST['e_mail']; // will grab email from posted url string and assign to local variable $result = mysql_query($command); // this is just to execute the MySQL insert which works just fine but included here to explain validation below // Create API Call string to insert lead into iContact folder $requestURL = "http://domain1.com/insert.php?email=$lead"; // Execute API Call to CAKE $xml = simplexml_load_file($requestURL) or die("feed not loading"); if ($result) { $status = 1; // mark lead as sucess // send postback on lead status header("Location: http://domain2.com/check.php?e=$lead&s=$status"); } -------- Problem: I'm getting all sorts of errors with the simplexml_load_file() function and can't figure out why it won't work. Any input appreciated as this the only way I know how to pass the lead onward and then inform/update the other party of receipt of information. thanks! Hello all, I hope someone can shed some light/point me in the right direction. I have a site that allows you to search for a customer then view and change their detail. page 1 has a search box for name entry. page 2 displays all the matches retrieved from a db table that match. The user selects which customer is the correct 1 and sets a cookie containing the selected customers unique id. page 3 allows changing of the customers details. now the problem I have: If a user navigates to page 3 and has a customers details on page for viewing all is well. If they open a new tab (leaving page 3 open on first tab) and go to page 1, search for another customer, page 2 select another customer (which overwrites cookie) then to page 3. They now have two tabs open on page 3 both displaying different customer details. If they return to the first tab and change some detail, when they save it actually updates the users details that corrispond to the second tab. I know this is because the cookie has been changed that holds the unique id that is required for the update query. How can I prevent this? I've looked at sessions but it would seem the same issue would excist. Am I wrong? Many Thanks I hope I made sense. I'm trying to write a script that allows the user to select their personal settings for the site. They can pick the color of their background, link color, link hover color and the header color. the first file is supposed to use the defaults, blue for the links, orange for the link hover color red for the background and blue for the header. the second file is supposed to configure the cookie variables to store the values entered by the user and the third file i'm supposed to modify the internal stylesheet to utilize the values stored in the session variables. I tried to set each of the values in file two but i think i messed it up. I dont know how to modify the stylesheet to accept and change to the values of the cookies...Please help here are the files file1.php Code: [Select] <?php //Handle the form if it has been submitted: if (isset($_POST['background_color'], $_POST['link_color'], $_POST['link_hover_color'], $_POST['header_color'])){ //send the cookies: setcookie('background_color', $_POST['background_color'], time()+10000000); setcookie('link_color', $_POST['link_color'], time()+10000000); setcookie('link_hover_color', $_POST['link_hover_color'], time()+10000000); setcookie('header_color', $_POST['header_color'], time()=10000000); //Message to be printed later: $msg = '<p>Your settings have been entered! Click <a href="file2.php">here</a> to see them in action.</p>'; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>File1</title> <style type="text/css"> <!-- These are the styles the session (if it exists) should configure --> a:link {color:blue;} a:hover {color:orange;} body {background-color:red} h1 {color:blue; text-align:center;} </style> </head> <body> <?php //if the cookies were sent print a message if (isset($msg)){ print $msg; } ?> <div><p>Please complete this form to configure the appearance of this website:</p> <form action="File2.php" method="post"> <select name="background_color"> <option value="">Background Color</option> <option value="FF6600">Orange</option> <option value="CC00CC">Purple</option> <option value="FFFF00">Yellow</option> <option value="00FF00">Green</option> <option value="FF0066">Pink</option> <option value="000099">Blue</option> </select> <select name="link_color"> <option value="">Link Color</option> <option value="FF6600">Orange</option> <option value="CC00CC">Purple</option> <option value="FFFF00">Yellow</option> <option value="00FF00">Green</option> <option value="FF0066">Pink</option> <option value="000099">Blue</option> </select> <select name="link_hover_color"> <option value="">Link Hover Color</option> <option value="FF6600">Orange</option> <option value="CC00CC">Purple</option> <option value="FFFF00">Yellow</option> <option value="00FF00">Green</option> <option value="FF0066">Pink</option> <option value="000099">Blue</option> </select> <select name="header_color"> <option value="">Header Color</option> <option value="FF6600">Orange</option> <option value="CC00CC">Purple</option> <option value="FFFF00">Yellow</option> <option value="00FF00">Green</option> <option value="FF0066">Pink</option> <option value="000099">Blue</option> </select> <input type="submit" name="submit" value="Configure!" /> </form> </div> </body> </html> file2.php Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>File2</title> </head> <body> <div> <?php include('file1.php'); //check for a background color if (isset($_COOKIE['background_color'])){ print "\body: #" . htmlentities($_COOKIE['background_color']) . ";\n"; }else{ print "\body: #c00"; } //check for a link_color if (isset($_COOKIE['link_color'])){ print "\a:link: #" . htmlentities($_COOKIE['link_color']) . ";\n"; }else{ print "\a:link: #00f"; } //check for a link_hover color: if (isset($_COOKIE['link_hover_color'])){ print "a\:hover: #" . htmlentities($_COOKIE['link_hover_color']) . ";\n"; } //Check for a header color if (isset($_COOKIE['header_color'])){ print "\h1: #" . htmlentities($_COOKIE['header_color']). ";\n"; } ?> Your settings have been updated. <a href="File3.php">Click here</a> to continue. <br /><br /> </div> </body> </html> file3.php Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>File3</title> <style type="text/css"> <!-- These are the styles the session should configure --> a:link {color:blue;} a:hover {color:orange;} body {background-color:red} h1 {color:blue; text-align:center;} </style> </head> <body> <div> <h1>Welcome to YOUR pretty website</h1> <a href = "File1.php">Click here</a> to go back and start over!</a> </div> </body> </html> I'm pretty sure i did in file2 what i was supposed to do in file3 im totally confused The code below is the only part of my script failing and I have no clue why. I even tried setting the TestCookie for 352 days. What boggles my mind is that this code used to work and is now failing. Has something changed? $value = "wtf"; setcookie("TestCookie",$value, time()+3600*24); setcookie("user", $name1, time()+14400); setcookie("userid", $uid1, time()+14400); setcookie("coid", $coid1, time()+14400); setcookie("login", "yes", time()+14400); setcookie("status", $status1, time()+14400); When a user logs in it sets a cookie with their user id and sets the time they choose(either a session cookie or a cookie lasting one year for users who wish to stay logged in). when they select to stay logged in forever and close the browser the next time they open it, it tells them they arent logged in. however when they go to a new page they appear to be logged in. What i dont understand is why they have to go to a new page for it to say they are logged in. Here is the code which runs everytime the site is load if (isset($_COOKIE['uid'])) { $user->setup($_COOKIE['uid']); } user setup basically selects their info from the database and sets their username and other info to variables. Anyone know a better way to do this? Im trying to use the following code; if($login_Remember) { /* Check if Remember Me was set */ setcookie('login_ID', $row['ID'], time()+3600 * 24 * 30); setcookie('login_Name', $row['Name'], time()+3600 * 24 * 30); setcookie('login_Access', $row['Value'], time()+3600 * 24 * 30); } header("Location: index.php"); When i try to use it, the only cookie thats registered is the bottom on "login_Access". None of the others are. I have tried everything but nothings working. I dont get any error messages. Using PHP v5.3.3 on IIS Please help. Thanks i'm trying to set a cookie value to a result from a query, but its not working. all of the other cookies are being set, except for one. any ideas why? <?php //Checks if there is a login cookie if(isset($_COOKIE['ID_forum'])) //if there is, it logs you in and directs you to the members page { $username = $_COOKIE['ID_forum']; $pass = $_COOKIE['Key_forum']; $user_level = $_COOKIE['Forum_level']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: index.php"); } } } if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die(' <h2> You did not fill in all of the fields</h2> <p<a href="login.php">Return to login page</a> '); } // checks it against the database $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die(' <h2> That user does not exist in our database.<br/> </h2> <p<a href="login.php">Return to login page</a> '); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = mysql_real_escape_string($_POST['pass']); $info['password'] = mysql_real_escape_string($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die(' <h2> Incorrect password, please try again</h2> <p<a href="login.php">Return to login page</a> '); } else { $_POST['username'] = mysql_real_escape_string($_POST['username']); $_POST['user_level'] = mysql_real_escape_string($_POST['user_level']); $hour = time() + 3600; setcookie(ID_forum, $_POST['username'], $hour); setcookie(Key_forum, $_POST['pass'], $hour); setcookie(Forum_level, $_POST['user_level'], $hour); //this cookie is not being set setcookie(test, 'test cookie', $hour); // testing that cookie is being set - this works header("Location: index.php"); $query2 = mysql_query("SELECT * FROM users WHERE username = ".$_POST['username'])or die(mysql_error()); setcookie(Level_forum, $query2['user_level'], $hour); } } } else { // if they are not logged in ?> //form code is here. i have not included it to save space <?php } ?> Thanks This has been driving me crazy for hours! I am trying to set a cookie: setcookie("username", $_POST['user']); And for a while it wasn't working, then it started randomly working. Now, when I try to use if(isset($_COOKIE['username'])) PHP is saying the cookie does not exist. PLEASE help! Thanks. Okay im having a problem with cookies so if anyone can help i would be grateful. When you login you can choose how long to stay in for. For testing purposes the choices a Forever 1 Hour 1 Day Never Based on your choice i am setting the cookie expiration as follows: if ($_POST['remember_me'] == '1') { setcookie('remember', time() + 99999999999999); } elseif ($_POST['remember_me'] == '3600') { setcookie('remember', time() + 3600); } elseif ($_POST['remember_me'] == '84600') { setcookie('remember', time() + 84600); } elseif ($_POST['remember_me'] == '0') { setcookie('remember'); } echo $_COOKIE['remember']; } Then for testing I am echoing the cookie at the head of the document: echo "Cookie: " . @$_COOKIE['remember']; The problem is that when the browser is closed the cookie is gone. Only the last option "never" is set as a session cookie which means the others should stay active even when the browser is closed shouldnt they? Anything i have missed here? Hey Everyone, I just have a quick question. I have a page that has set a cookie called email_success with the value "yes". I now need some code so that when the user goes to a download page, it checks for the cookie and if there is no cookie it redirects to another page. But if there is the cookie it displays the download page. I tried i few things but didn't work. Can anyone help me please!! Thanks George |
|||||||