Hi, I’m trying to design a login system using a session cookie to determine if a user is logged in or not, and am having a problem where the $_COOKIE[‘cookiename’] variable isn’t set according to subsequent pages. Here’s the code for the page that sets the cookie.
[code=php]
<?php
//set $_POST and $_GET to actual variables
require(“../includes/set.inc”);
/*
if this is the result of a login, verify credentials.
*/
if (isset($username)) {
mysql_connect(‘localhost’,’username’,’password’) or die (“Couldn’t connect to database: ” . mysql_error());
mysql_select_db(‘rewater’) or die (“Couldn’t select database.”);
$query = “select * from users where login=’$username’;”;
$result = mysql_query($query) or die (“Query failed: ” . mysql_error());
$array = mysql_fetch_array($result);
$loggedin = false;
if (isset($password)) {
if (crypt($password,”rw”) == $array[“password”]) {
$loggedin = true;
} else {
$err = “badpass”;
}
}
mysql_free_result($result);
if ($loggedin == true) {
//create a cookie’s session data
$cookiedata = generateData();
//set the cookie
setcookie(“cookiename”,$username.”::”.$cookiedata);
//update database entry
$query = “UPDATE users SET sessiondata='”.$cookiedata.”‘ WHERE login='”.$username.”‘;”;
mysql_query($query) or die (“Query failed: ” . mysql_error());
//proceed to the logged in page
header(“Location: page2.php”);
}
}
if (isset($err) && $err != “”) {
echo “Error: “;
if ($err == “badpass”) {
echo “Bad username/password combination. n”;
} else if ($err == “nologin”) {
echo “Your login cookie has expired. Please login again.”;
} else if ($err == “nocookie”) {
echo “No login cookie exists. If you are sure you are logged in, check you have cookies enabled.”;
} else if ($err == “logout”) {
echo “Logged out successfully.”;
}
}
function generateData($nSize=24) {
// Randomize
mt_srand ((double) microtime() * 1000000);
for ($i=1; $i<=$nSize; $i++) {
$nRandom = mt_rand(1,30);
if ($nRandom <= 10) {
// Uppercase letters
$sessionID .= chr(mt_rand(65,90));
} elseif ($nRandom <= 20) {
$sessionID .= mt_rand(0,9);
} else {
// Lowercase letters
$sessionID .= chr(mt_rand(97,122));
}
}
return $sessionID;
}
?>
<form action=”login.php” METHOD=”POST”>
Username: <input type=”text” name=”username”><BR>
Password: <input type=”password” name=”password”><BR>
<input type=”submit” value=”Submit”>
</FORM>
And the code that checks the cookie data against what’s in the database is as follows:
[code=php]<?php
if (isset($_COOKIE[“cookiename”])) {
//get data out of cookie (stored as plaintext) and ensure it is right.
$checkstring = explode(“::”,$_COOKIE[“cookiename”]);
//open/read database entry.
mysql_connect(‘localhost’,’username’,’password’) or die (“Couldn’t connect to database: ” . mysql_error());
mysql_select_db(‘rewater’) or die (“Couldn’t select database.”);
$query = “SELECT sessiondata FROM users WHERE login='”.$checkstring[0].”‘;”;
$result = mysql_query($query);
$array = mysql_fetch_array($result);
if ($array[“sessiondata”] != $checkstring[1]) {
//cookie data doesn’t match – back to login page.
header(“Location: ../login/login.php?err=nologin”);
}
mysql_free_result($result);
mysql_close();
} else {
//return to login page if no cookie exists.
header(“Location: ../login/login.php?err=nocookie”);
}
?>
Theoretically this should all work – I’ve used much the exact same code before, and it has worked. The problem I’m getting is that the $_COOKIE[“cookiename”] variable doesn’t appear to be set. Checking the cookies in Firefox shows the call to setcookie() is working and putting the right data in there in the right places. Also checking the database shows that the session data is being updated, and doing an “echo” tracewrite immediately after the cookie is set also shows that the cookie is there. It is when it goes to the next and subsequent pages, and verifies it that the cookie can’t be found. Putting an “echo ‘cookie is ‘.$
Any tips/suggestions/ideas?
PHP is version 4.4.0.
Thanks, Chris. ?