20 replies to this topic

[welton122]

hi all,

i can anyone help me, i am unsure when this code will not set a cookie. Can anyone see why?

<?php


if (isset($_POST['cookie'])) {


$id = $_POST['cookie'];


// correct username and password so set cookie 

   setcookie("user_id", "$id", time()+3600);


   

// redirect

    echo "<meta http-equiv=\"refresh\" content=\"1; URL=index.php\">";

}


?>


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 

<html> 


<head> 

   <title>Jake Welton</title>    

   <link rel="stylesheet" href="style.css" type="text/css" media="screen" /> 

   <meta http-equiv="content-type" content="text/html; charset=utf-8" />    

</head> 


<body> 


   <?php 


   require_once('header.php'); 

    

   $user = $_POST['username']; 

   $pass = $_POST['password']; 

    

   // Initialize an error array 

   $errors = array(); 

    

   // Check for a username 

   if (empty($user)) { 

      $errors[] = 'You forgot to enter your username.'; 

   } else { 

      $username = mysqli_real_escape_string($dbc, trim($user)); 

   } 

    

   // Check for a password 

   if (empty($pass)) { 

      $errors[] = 'You forgot to enter your password.'; 

   } else { 

      $password = mysqli_real_escape_string($dbc, trim($pass)); 

   } 

    

   // if a username and password have both been entered 

   if (empty($errors)) { 

    

   //---------------------------------------------------------------------------------------------------------- 

   $realPass = SHA1($password); 

   $sql = "SELECT * FROM `users` WHERE username='$username' AND password='$realPass'"; 

   

   $result = mysqli_query($dbc, $sql); 

    

   if(mysqli_num_rows($result) == 0) { 

    die('

	<p style="text-align: center; font-size: 25px;"><br>Incorrect username or password</p>

	<br>

		<center>

		<form action="login.php" method="POST">

		<fieldset style="width:500px; height: 170px;">

		<legend>

		  Please login or register  

		</legend><br>

		Username: <input type="text" name="username">

		<br><br>

		Password: <input type="password" name="password"> 

		<br><br><br>

		<input type="hidden" name="submitted" value="TRUE">

		<input style="font-family:Arial, Helvetica, sans-serif;color:#6294A8;font-size:12px; height: 25px; width: 100px" type="submit" value="Login" name="login">

		<div style="text-align: right;">

		<a href="reset_password.php">Forgotten Password</a>

		        

		        

		        

		        

		        

		        

		        

		        

		     

		<a href="register.php">Register   </a>

		</div>

		</fieldset>

		</form>

		</center>

		<br><br><br><br>

	'); 

  } else { 

    // If we're here, the login was correct, now we want the UserID? 

    $row = mysqli_fetch_assoc($result); 

    $userID = $row['user_id']; 

	

	// display welcome message 

    echo "<p style=\"text-align: center; font-size: 25px;\"><br>Hello $username</p>";

   

   echo "

   <form action=\"login.php\" method=\"POST\">

   <input type=\"hidden\" name=\"cookie\" value=\"$userID\">

   </form>

   <meta http-equiv=\"refresh\" content=\"1; URL=login.php\">

   ";

   

   }	

	// if a username or password was not entered

	} else {

	

	echo '<br>

	<p style="margin-left: 350px;" class="error">The following error(s) occurred:<br /><br>';

		foreach ($errors as $msg) { // Print each error.

			echo " - $msg<br />\n";

		}

	echo '<br>

	<center>

		<form action="login.php" method="POST">

		<fieldset style="width:500px; height: 170px;">

		<legend>

		  Please login or register  

		</legend><br>

		Username: <input type="text" name="username">

		<br><br>

		Password: <input type="password" name="password"> 

		<br><br><br>

		<input type="hidden" name="submitted" value="TRUE">

		<input style="font-family:Arial, Helvetica, sans-serif;color:#6294A8;font-size:12px; height: 25px; width: 100px" type="submit" value="Login" name="login">

		<div style="text-align: right;">

		<a href="reset_password.php">Forgotten Password</a>

		        

		        

		        

		        

		        

		        

		        

		        

		     

		<a href="register.php">Register   </a>

		</div>

		</fieldset>

		</form>

		</center>

		<br><br><br><br>';	

	}



	require_once('footer.php');

	?>

	

	

</body>


</html>

Many Thanks,
J

[so1i]

Try without quotes around the ' $id '.

[welton122]

I have tried removing the quotes but that hasn't worked, anymore ideas?

[Alexander]

You may wish to add the domain and path settings to setcookie. Also check if setcookie() returns FALSE:

setcookie(....) or exit('setcookie failed');

[zeroradius]

so1i is right about the quotes whether it fixed the problem or not you need to leave them off. Is the data for sure being set for $_POST['cookie'] ? (Is the redirect you have running?)

[Alexander]

zeroradius said:

so1i is right about the quotes

They do absolutely nothing, the lexical parser forms the same hash tables with or without them for context.

If setcookie does NOT return false, then it is the client that is blocking the cookie.

[welton122]

i have set my browser set to ask me when a cookie is wanting to be set. but when i do this it says nothing meaning the cookie is not even trying to be set.

EDIT: i will tell you when i am having problems, i have had some code working. But when i upload it to the server it says "cannot modify header information" so i was trying to get it to send to cookie first.

can anyone help me with editing this code (the code shown below) so that it does this?

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 

<html> 


<head> 

   <title>Jake Welton</title>    

   <link rel="stylesheet" href="style.css" type="text/css" media="screen" /> 

   <meta http-equiv="content-type" content="text/html; charset=utf-8" />    

</head> 


<body> 


   <?php 


   require_once('header.php'); 

    

   $user = $_POST['username']; 

   $pass = $_POST['password']; 

    

   // Initialize an error array 

   $errors = array(); 

    

   // Check for a username 

   if (empty($user)) { 

      $errors[] = 'You forgot to enter your username.'; 

   } else { 

      $username = mysqli_real_escape_string($dbc, trim($user)); 

   } 

    

   // Check for a password 

   if (empty($pass)) { 

      $errors[] = 'You forgot to enter your password.'; 

   } else { 

      $password = mysqli_real_escape_string($dbc, trim($pass)); 

   } 

    

   // if a username and password have both been entered 

   if (empty($errors)) { 

    

   //---------------------------------------------------------------------------------------------------------- 

   $realPass = SHA1($password); 

   $sql = "SELECT * FROM `users` WHERE username='$username' AND password='$realPass'"; 

   

   $result = mysqli_query($dbc, $sql); 

    

   if(mysqli_num_rows($result) == 0) { 

    die('

	<p style="text-align: center; font-size: 25px;"><br>Incorrect username or password</p>

	<br>

		<center>

		<form action="login.php" method="POST">

		<fieldset style="width:500px; height: 170px;">

		<legend>

		  Please login or register  

		</legend><br>

		Username: <input type="text" name="username">

		<br><br>

		Password: <input type="password" name="password"> 

		<br><br><br>

		<input type="hidden" name="submitted" value="TRUE">

		<input style="font-family:Arial, Helvetica, sans-serif;color:#6294A8;font-size:12px; height: 25px; width: 100px" type="submit" value="Login" name="login">

		<div style="text-align: right;">

		<a href="reset_password.php">Forgotten Password</a>

		        

		        

		        

		        

		        

		        

		        

		        

		     

		<a href="register.php">Register   </a>

		</div>

		</fieldset>

		</form>

		</center>

		<br><br><br><br>

	'); 

  } else { 

    // If we're here, the login was correct, now we want the UserID? 

    $row = mysqli_fetch_assoc($result); 

    $userID = $row['user_id']; 

	

	 // correct username and password so set cookie 

   setcookie("user_id", $userID, time()+3600);

	

	// display welcome message 

    echo "<p style=\"text-align: center; font-size: 25px;\"><br>Hello $username</p> 

   <meta http-equiv=\"refresh\" content=\"1; URL=index.php\">";

   }	

	// if a username or password was not entered

	} else {

	

	echo '<br>

	<p style="margin-left: 350px;" class="error">The following error(s) occurred:<br /><br>';

		foreach ($errors as $msg) { // Print each error.

			echo " - $msg<br />\n";

		}

	echo '<br>

	<center>

		<form action="login.php" method="POST">

		<fieldset style="width:500px; height: 170px;">

		<legend>

		  Please login or register  

		</legend><br>

		Username: <input type="text" name="username">

		<br><br>

		Password: <input type="password" name="password"> 

		<br><br><br>

		<input type="hidden" name="submitted" value="TRUE">

		<input style="font-family:Arial, Helvetica, sans-serif;color:#6294A8;font-size:12px; height: 25px; width: 100px" type="submit" value="Login" name="login">

		<div style="text-align: right;">

		<a href="reset_password.php">Forgotten Password</a>

		        

		        

		        

		        

		        

		        

		        

		        

		     

		<a href="register.php">Register   </a>

		</div>

		</fieldset>

		</form>

		</center>

		<br><br><br><br>';	

	}



	require_once('footer.php');

	?>

	

	

</body>


</html>

Thanks

[Alexander]

Look at the proper parameters for setcookie and set them (domain and path as mentioned):
PHP: setcookie - Manual

If it returns true and no cookie is set, then your server is faulting in sending it to the client.

Try using header() instead to set and redirect:

header("Set-Cookie: user_id=$id; path=/");
header("Location: index.php");

[welton122]

thanks, i think that has worked, how do i give this cookie a name though, because it is used on many pages to select information about the user?? i need to give it a name and a value.

[Alexander]

I did hand it a name and value in my example: user_id=$id is name=value, you would call that example by using $_COOKIE['user_id'];

[welton122]

thanks i have now got that working. I have just one more question, it may seem abit simple but how do i remove the cookie (so that the user can log out) ??

[Alexander]

You would use the same method, add the expiry parameter to a prior date than now and no value:

header("Set-Cookie: user_id=; path=/; expires Mon, 09-Dec-2002 13:46:00 GMT");