Solved

PHP Cookie

Posted on 2003-11-14
5
372 Views
Last Modified: 2008-03-06
I have a some PHP code I just installed to create a password protection scheme for a site. I downloaded it here: http://www.webworkzware.com/index.php/page/password_protection. The problem is that the script is supposed to set a cookie so that the user does not have to continually log in, but for some reason it will not work and I get an error that says I must set my browser to accept cookies - even though I know it is set to accept all cookies. Below is the code from the access_control.inc that I include in every directory I want to protect. Anyone used this before? I know its a longshot, but I am desperate! Thanks.  



<?
include ("config.inc");
include ("errors.inc");
include ("common.inc");
include ("connect.inc");




while (list($var, $val) = each ($HTTP_GET_VARS))
{
IF ($var == "cookieid")
{
echo ("You can not pass login parameters via GET operations.");
exit();
}
}

reset($HTTP_GET_VARS);




while (list($var, $val) = each ($HTTP_POST_VARS))
{
IF ($var == "cookieid")
{
echo ("You can not pass login parameters via POST operations.");
exit();
}
}

reset($HTTP_POST_VARS);




IF (isset($uid) AND !isset($cookieid))
{
$grabuser = "SELECT recID FROM user WHERE username = '$uid' AND password = '$pwd'";
$result = @mysql_query($grabuser);
sql_query($result, "$errors[03]");

IF (mysql_num_rows($result) == 0)
{
error ("$errors[04]");
include ("login_form.inc");
exit();
}

ELSE
{
$userid = @mysql_result($result,0,"recID");

$cookie_setter = @setcookie ("cookieid", $userid, time()+$maxlifetime);

IF (!$cookie_setter)
{
error ("$errors[05]");
}

ELSE
{
?>
<META HTTP-EQUIV=Refresh CONTENT="2; URL=<? echo ("$PHP_SELF"); ?>">

Please hold one second while we process your login...<br>
If this page does not refresh in 3 seconds, <A HREF="<? echo ("$PHP_SELF"); ?>">click here</a>.
<?
}

}

}


ELSE IF (!isset($uid) AND !isset($cookieid))
{
include ("login_form.inc");
exit();
}


?>
0
Comment
Question by:sundevil67
5 Comments
 
LVL 14

Accepted Solution

by:
ThG earned 25 total points
ID: 9749879

Your script looks quite outdated, maybe it's only supposed to work on older PHP versions. You should try doing this cookies stuff yourself as it's trivial to do. The common way to go is, store username/password in a cookie, encrypting the password with the md5() function. You can compare the sent password by md5()'ing again your local password.
0
 
LVL 11

Assisted Solution

by:Zontar
Zontar earned 25 total points
ID: 9755545
Why not just get and set a cookie variable named something like $_COOKIE["login"] or $_COOKIE["loginid"], or better yet use $_SESSION which will work whether or not the user has cookies turned on in the browser?

Also you can use outbut buffering so that you can echo output, then use header() afterwards. In fact, I wouldn't echo anything unless the login fails, I'd just immediately redirect using header("Location: ...") or else post back to the same page the user logged in from.
0
 
LVL 6

Expert Comment

by:aolXFT
ID: 9760020
That looks like a very badly written script. I personally suggest you forget about it and use PHP's builtin session management.

0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question