Solved

PHP Cookie

Posted on 2003-11-14
5
376 Views
Last Modified: 2008-03-06
I have a some PHP code I just installed to create a password protection scheme for a site. I downloaded it here: http://www.webworkzware.com/index.php/page/password_protection. The problem is that the script is supposed to set a cookie so that the user does not have to continually log in, but for some reason it will not work and I get an error that says I must set my browser to accept cookies - even though I know it is set to accept all cookies. Below is the code from the access_control.inc that I include in every directory I want to protect. Anyone used this before? I know its a longshot, but I am desperate! Thanks.  



<?
include ("config.inc");
include ("errors.inc");
include ("common.inc");
include ("connect.inc");




while (list($var, $val) = each ($HTTP_GET_VARS))
{
IF ($var == "cookieid")
{
echo ("You can not pass login parameters via GET operations.");
exit();
}
}

reset($HTTP_GET_VARS);




while (list($var, $val) = each ($HTTP_POST_VARS))
{
IF ($var == "cookieid")
{
echo ("You can not pass login parameters via POST operations.");
exit();
}
}

reset($HTTP_POST_VARS);




IF (isset($uid) AND !isset($cookieid))
{
$grabuser = "SELECT recID FROM user WHERE username = '$uid' AND password = '$pwd'";
$result = @mysql_query($grabuser);
sql_query($result, "$errors[03]");

IF (mysql_num_rows($result) == 0)
{
error ("$errors[04]");
include ("login_form.inc");
exit();
}

ELSE
{
$userid = @mysql_result($result,0,"recID");

$cookie_setter = @setcookie ("cookieid", $userid, time()+$maxlifetime);

IF (!$cookie_setter)
{
error ("$errors[05]");
}

ELSE
{
?>
<META HTTP-EQUIV=Refresh CONTENT="2; URL=<? echo ("$PHP_SELF"); ?>">

Please hold one second while we process your login...<br>
If this page does not refresh in 3 seconds, <A HREF="<? echo ("$PHP_SELF"); ?>">click here</a>.
<?
}

}

}


ELSE IF (!isset($uid) AND !isset($cookieid))
{
include ("login_form.inc");
exit();
}


?>
0
Comment
Question by:sundevil67
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 14

Accepted Solution

by:
ThG earned 25 total points
ID: 9749879

Your script looks quite outdated, maybe it's only supposed to work on older PHP versions. You should try doing this cookies stuff yourself as it's trivial to do. The common way to go is, store username/password in a cookie, encrypting the password with the md5() function. You can compare the sent password by md5()'ing again your local password.
0
 
LVL 11

Assisted Solution

by:Zontar
Zontar earned 25 total points
ID: 9755545
Why not just get and set a cookie variable named something like $_COOKIE["login"] or $_COOKIE["loginid"], or better yet use $_SESSION which will work whether or not the user has cookies turned on in the browser?

Also you can use outbut buffering so that you can echo output, then use header() afterwards. In fact, I wouldn't echo anything unless the login fails, I'd just immediately redirect using header("Location: ...") or else post back to the same page the user logged in from.
0
 
LVL 6

Expert Comment

by:aolXFT
ID: 9760020
That looks like a very badly written script. I personally suggest you forget about it and use PHP's builtin session management.

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
can i read my emails on lamp ftp 4 70
JSON decode 5 46
how can I see what is posted inside an array to my website? 16 47
Code planning methods/tools? 5 56
Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question