1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to set and check for a cookie?

Discussion in 'PHP' started by Airwalk Enterprise, Inc, Mar 24, 2011.

  1. #1
    So it seems I have a working registration/login script, basic, I know. I've been told that session_regenerate_id(); will set a cookie that is secure. Is this true? Have I done it right? is the script as a whole secure? How can I make it secure?

    My main question is how to create an if statement on the navigation bar that will display either the log in button (if user not logged in) or a logout button (if the user is logged in). And the same for register account/viewaccount.

    Here is my script:

    <?php

    include($_SERVER["DOCUMENT_ROOT"]."/community/database.php");

    session_start();
    $name = $_POST['name'];
    $password = md5($_POST['password']);

    $query = "SELECT * from community WHERE name='$name' and password='$password'";

    $result = mysql_query($query);

    if (mysql_num_rows($result) != 1) {

    include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-head.php");
    echo "<div class=\"advertise\">I need to have you tested for dementia! Please try again with the correct Name &amp; Password combination.</div>";
    include($_SERVER["DOCUMENT_ROOT"]."/community/login.php");
    include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-foot.php");

    } else {

    session_regenerate_id();
    $boo=mysql_fetch_assoc($result);
    $_SESSION['SESS_MEMBER_ID']=$boo['name'];

    session_write_close();
    header("location: http://www.airwalk-design.com/community/");
    exit();

    }

    ?>
     
    Airwalk Enterprise, Inc, Mar 24, 2011 IP
  2. bledileka

    bledileka Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #2
    what you have used are sessions, not cookies.
    Setting a cookie :
     setcookie($cookiename,$cookievalue); //you can google it to specify expirations, timing ect.
    Code (markup):
    Check if cookie exists :
     if (isset($_COOKIE[$cookiename]) && ($_COOKIE[$cookiename]==$cookievalue)) { echo "User logged in";} else { echo "Not logged in ";} 
    Code (markup):
    Checking sessions :
     if (isset($_SESSION['SESS_MEMBER_ID']) && ($_SESSION['SESS_MEMBER_ID']!="")) { echo "User logged in";} else {echo "Not logged in";}
    Code (markup):
     
    bledileka, Mar 24, 2011 IP
  3. Airwalk Enterprise, Inc

    Airwalk Enterprise, Inc Peon

    Messages:
    126
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Right, well the session came in the script I used. Should I leave it and check for sessions instead?
     
    Airwalk Enterprise, Inc, Mar 24, 2011 IP
  4. bledileka

    bledileka Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Well i think its best using only sessions. When user closes the browser the session will expire automatically, so no need to worrie. personaly i do use only sessions for login scripts.
     
    bledileka, Mar 24, 2011 IP
  5. Airwalk Enterprise, Inc

    Airwalk Enterprise, Inc Peon

    Messages:
    126
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5

    I just can't get this to work. I must be doing something seriously wrong. I've set the cookie when the user logs in successfully. here:

    <?php

    include($_SERVER["DOCUMENT_ROOT"]."/community/database.php");

    session_start();
    $name = $_POST['name'];
    $password = md5($_POST['password']);

    $query = "SELECT * from community WHERE name='$name' and password='$password'";

    $result = mysql_query($query);

    if (mysql_num_rows($result) != 1) {

    include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-head.php");
    echo "<div class=\"advertise\">I need to have you tested for dementia! Please try again with the correct Name &amp; Password combination.</div>";
    include($_SERVER["DOCUMENT_ROOT"]."/community/login.php");
    include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-foot.php");

    } else {

    setcookie($name, $value, time()+3600*24);
    header("location: http://www.airwalk-design.com/community/");

    }

    ?>

    And then in the menu bar which is sitewide I have :

    <?php

    if (isset($_COOKIE[$name]))
    echo "<a href=\"http://www.airwalk-design.com/community/view-account/\" id=\"navigation\">View Account</a> - <a //href=\"http://www.airwalk-design.com/community/logout/\" id=\"navigation\">Logout</a></h1> \"$name\"" . $_COOKIE[$name] . "!<br />";
    else
    echo "<a href=\"http://www.airwalk-design.com/community/create-account/\" id=\"navigation\">Register Account</a> - <a //href=\"http://www.airwalk-design.com/community/login/\" id=\"navigation\">Log Into Account</a></h1>";

    ?>
     
    Airwalk Enterprise, Inc, Mar 24, 2011 IP
  6. bledileka

    bledileka Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    i think you shoud place a static cookie name, not dynameic coz you have no way to know wich user has logged in this way.
    So when you set the cookie place the name example : setcookie("USERNAME", $name, time()+3600*24); where $name is the value of your cookie.
    and when you check the cookie you know what to check for : if (isset($_COOKIE['USERNAME'])) ....
     
    bledileka, Mar 24, 2011 IP
  7. Airwalk Enterprise, Inc

    Airwalk Enterprise, Inc Peon

    Messages:
    126
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Nope, it insists on always displaying the 2nd echo (the else one). I know it's logged in because I've done MySQL queries and retrieved my own data :(
     
    Airwalk Enterprise, Inc, Mar 24, 2011 IP
  8. bledileka

    bledileka Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #8
    hmmm, well try to clear all cache and saved cookies and sessions andfstart over.
    This code shoud work :
    
    <?php
    include($_SERVER["DOCUMENT_ROOT"]."/community/database.php");
    session_start();
    $name = $_POST['name'];
    $password = md5($_POST['password']);
    $query = "SELECT * from community WHERE name='$name' and password='$password'";
    $result = mysql_query($query);
    if (mysql_num_rows($result) != 1) {
    include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-head.php");
    echo "<div class=\"advertise\">I need to have you tested for dementia! Please try again with the correct Name &amp; Password combination.</div>";
    include($_SERVER["DOCUMENT_ROOT"]."/community/login.php");
    include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-foot.php");
    } else {
    setcookie('username', $name, time()+3600*24);
    header("location: http://www.airwalk-design.com/community/");
    }
    ?>
    <?php
    if (isset($_COOKIE['username'])) {
    echo "<a href=\"http://www.airwalk-design.com/community/view-account/\" id=\"navigation\">View Account</a> - <a //href=\"http://www.airwalk-design.com/community/logout/\" id=\"navigation\">Logout</a></h1> \"$name\"" . $_COOKIE['username'] . "!<br />";
    } else {
    echo "<a href=\"http://www.airwalk-design.com/community/create-account/\" id=\"navigation\">Register Account</a> - <a //href=\"http://www.airwalk-design.com/community/login/\" id=\"navigation\">Log Into Account</a></h1>";
    }
    ?> 
    
    Code (markup):
     
    bledileka, Mar 24, 2011 IP
  9. Airwalk Enterprise, Inc

    Airwalk Enterprise, Inc Peon

    Messages:
    126
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    I literally erased all browser data and then C&P'd what you wrote, nada.

    First bit into /community/confirm/index.php
    2nd into /community/main-navigation.php which is included on all /community pages

    From my understanding, it sets the cookie upon successfully logging in, which then causes the menu navigation to display the view account and logout text instead of register account and log in? But if the else statement doesn't occur due to incorrect log in, it won't set and just displays the log in error?
     
    Airwalk Enterprise, Inc, Mar 24, 2011 IP
  10. bledileka

    bledileka Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #10
    ok then take it step by step, be sure that if (mysql_num_rows($result) != 1) { } is veryfied or not. Maybe you have diffrent accounts with the same credentials while doing tests so make it
    if (mysql_num_rows($result) == 0) { 
    Code (markup):
    ... to be sure that there is no user at all with those credentials. But anywyas this shoudnt be the problem. It seems you cannot read cookies.
    The else from the first parte does that, sets the cookie if user is found on db then makes the header location.
    After another test place somthing like this somwhere on your script to see if you are able to read cookies :
     if (isset($_COOKIE)){ var_dump($_COOKIE);} else { echo "there are no cookies stored";}
    Code (markup):
    This way you can check if any cookie is stored or setcookie is not working at all.
     
    bledileka, Mar 24, 2011 IP
  11. Airwalk Enterprise, Inc

    Airwalk Enterprise, Inc Peon

    Messages:
    126
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #11
    I changed that (even though I only have one user in my database which is me), and added the other bit, and it returned this:

    array(7) { ["__switchTo5x"]=> string(2) "61" ["__utmz"]=> string(92) "187783096.1300969141.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=airwalk design" ["PHPSESSID"]=> string(26) "fegpmtghocrhq6s0j0qlqdutp2" ["__unam"]=> string(30) "6087161-12ee7cdb2c6-1ec7cb8-11" ["__utma"]=> string(54) "187783096.577011627.1300969141.1300969141.1300969141.1" ["__utmc"]=> string(9) "187783096" ["__utmb"]=> string(26) "187783096.11.10.1300969141" }
     
    Airwalk Enterprise, Inc, Mar 24, 2011 IP
  12. bledileka

    bledileka Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #12
    well it seems that the cookie is not setted at all, you shoud see a value like this : ["username"]=> string(x) "usernamehere"
    maybe its a webserver configuration problem that doesn allows cookie storing :S i just did a similar test and the script works. Try using sessions instead, it would be much easier.
     
    bledileka, Mar 24, 2011 IP
  13. Airwalk Enterprise, Inc

    Airwalk Enterprise, Inc Peon

    Messages:
    126
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #13
    I'll have to query that with them later then. I did try sessions and aways got the same result. Could you do me a full example of it?
     
    Airwalk Enterprise, Inc, Mar 24, 2011 IP
  14. bledileka

    bledileka Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #14
    its pretty simple just replace $_COOKIE with session anyways here is your code :
    
    <?php
    if (!isset($_SESSION)) { session_start();}
    include($_SERVER["DOCUMENT_ROOT"]."/community/database.php");
    #check if is a post 
    if (isset($_POST['name']) && ($_POST['name']!="")) {
    $name = $_POST['name'];
    $password = md5($_POST['password']);
    $query = "SELECT * from community WHERE name='$name' and password='$password'";
    $result = mysql_query($query);
    if (mysql_num_rows($result) != 1) {
    include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-head.php");
    echo "<div class=\"advertise\">I need to have you tested for dementia! Please try again with the correct Name &amp; Password combination.</div>";
    include($_SERVER["DOCUMENT_ROOT"]."/community/login.php");
    include($_SERVER["DOCUMENT_ROOT"]."/community/dontmove-foot.php");
    } else {
    	$_SESSION['username'] = $name;
    	header("location: http://www.airwalk-design.com/community/");
    }
    }
    ?>
    code to check if session exists :
    <?php
    if (isset($_SESSION['username'])) {
    echo "<a href=\"http://www.airwalk-design.com/community/view-account/\" id=\"navigation\">View Account</a> - <a //href=\"http://www.airwalk-design.com/community/logout/\" id=\"navigation\">Logout</a></h1>" . $_SESSION['username'] . "!<br />";
    } else {
    echo "<a href=\"http://www.airwalk-design.com/community/create-account/\" id=\"navigation\">Register Account</a> - <a //href=\"http://www.airwalk-design.com/community/login/\" id=\"navigation\">Log Into Account</a></h1>";
    }
    ?>
    
    Code (markup):
     
    bledileka, Mar 24, 2011 IP
  15. Airwalk Enterprise, Inc

    Airwalk Enterprise, Inc Peon

    Messages:
    126
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #15
    Same result :(
     
    Airwalk Enterprise, Inc, Mar 24, 2011 IP
  16. Airwalk Enterprise, Inc

    Airwalk Enterprise, Inc Peon

    Messages:
    126
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #16
    I contacted my host, they said cookies and sessions are enabled too, I really don't understand it :(
     
    Airwalk Enterprise, Inc, Mar 24, 2011 IP
  17. bledileka

    bledileka Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #17
    :S man i dont know what else to say :) the problem might be somewhere else. This code is working for me, so i guess is a webserver problem if you cannot save sessions and cookies. Try it somwhere else to be sure you dont get the same result, and then talk to your hosting provider.
     
    bledileka, Mar 24, 2011 IP
  18. victa

    victa Peon

    Messages:
    400
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #18
    i also strongly suggest to use session and the code from bledileka should do the work. if it's not, check your php.ini setting. is the session save path configured properly?
     
    victa, Mar 24, 2011 IP
  19. Airwalk Enterprise, Inc

    Airwalk Enterprise, Inc Peon

    Messages:
    126
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #19
    not sure what that means, but I'm not allowed access to the php.ini file

    whats literally the most basic way to test this somewhere else?
     
    Airwalk Enterprise, Inc, Mar 24, 2011 IP
  20. bledileka

    bledileka Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #20
    well i'd suggest you use a local webserver, its very easy and useful. Use XAMPP or WAMP for full installation so it will become more easy for you to start doing tests.
     
    bledileka, Mar 24, 2011 IP