Menu
Community /Pin to ProfileBookmark
@NogDogJan 27.2006 — #I'm not sure what happens when you set a cookie with a value of NULL, but I'd feel better about it if you assigned something else when setting the cookie, even if it's just a place-holder of "1". (I know FALSE indicates that the cookie is to be unset, but I'm not sure about NULL.)
Maybe you could count the # of records the user has, instead of getting the ID. Then if that count is 1, he's good.
Based on the way he's using them, i figured they're part of the delete cookie he's trying to use.Give cookies a value other than null. Also how can you use them in the subsequent query if they are empty. @NogDogJan 27.2006 — #
The first pair, yes, the second pair I *think* are supposed to be setting (especially since the expiration time is in 2038).I do, but i do not really care for it...
I thought that it is some kind of, hmm... encryption of the content.
Thanks!.
encryption of packets provides it does.
for greater network security, ease of mind.
I think that NULL as value resembles the effect that FALSE takes...
That's just the method that Zend suggest...Yup i saw it...
Just wanted to note that it's as official as using FALSE...
Just offered by another party...
I referred to this specific scenario...
Here is revised code:
My only problem is that i receive two separate messages together when trying to disconnect after successfully logging in...
i receive the following message:
[QOUTE]
All the cookies was erased!You are already logged in!, click here to log in with other account
Click here for the control panel
[/QUOTE]
Which is weird because chronologically, I first delete the cookies, if the user choose so.
And only afterwards i see if the user already have valid cookies and then notify him that he is already logged in.
So theoretically, when i check whether the cookies are valid or not they are no longer exists. Any ideas why can it happen?, is it because the cookie termination applies starting with the next header?.
Code:
Thanks!!!.
I have another problem with another script related to the login script...
I'll try to solve it by my self, if I'll fail i will specify it in this thread, hoping you'll help me.
After i "successfully erased all cookies" and refreshed the page, i receive a message that still says that I'm "already logged in!".
Any ideas?.
Also i need to refresh every page several times before it recognizes the new cookies, even if i loaded it after the cookies were set, or applies the removal of certain cookies...
Any help is highly appreciated.
http://www.opend4u.net/Oleg/Login.php
Admin
openup
http://www.opend4u.net/Oleg/NewUser.php hey, the problem's that you're deleting the cookies and then trying to read them. cookie's don't get written to your system until the script has completed execution. So yes, in this case, they're still being read even though you're telling it to delete them. Ow, so that's why all the forums has this redirect page every time i inquire an action which evolves settingsremoving cookies... Thanks Chazz!
notice the absence of a cookie(It is a whole separate page and it is loaded after the cookie is createdremoved by Login.php):
http://www.opend4u.net/Oleg/NewUser.php
Code:
Bumpiest...
Any ideas why NewUser.php doesn't recognizes the cookie immediately and ahas a short break before fresh setremoved cookie take effect?.
I've posted the source several times before in this thread, Here sis the code that is currently running on the server:
A cookie without a defined host to be called by might be annoying for the user...
As it will appear as an advertising spyware cookie in most of the spyware removers, and will load to the mainframe while the user surfing in other sites then mine, Might also cause problems at the processing of the script if the web page uses the cookies
named the same as mine.
My cookies work just fine, Just don't come into force immediately...
I will try this modification and let you know if there any results, technically, both should work. Your cookies don't work in firefox I'm afraid. Also a cookie will only be sent to the domain that set it. All that you are doing is putting an additional sub-domain restriction on the cookie. Can you explain your comments about spyware because they make no sense to me? If the dub domain is unset or set to NULL can't any domain require this cookie?.
This type of cookies usually called 'Advertising', which means that more them one domain can claim the cookie(two or more unrelated domains).
Uninformed assumptions such as yours lead to mass hysteria, paranoia and dustbin journalism!
Problems with my login script.
Hi, i wrote the page below to verify the user input against the data in the DB,
and set a cookie with the information that the user inputted, every page checks the information in the cookies individually.
The log-in script just confirms that the user is not either already logged in or
entered incorrect account information and acts accordingly.
My problem is that the application neither prints the messages that i designed, or sets a cookie.
I will explain any part of the source at request,
Thanks!.
Code:
[code=php]
<?php
$link=mysql_connect(“localhost”, “nitay_totalnba”, “nitmanmat”);
mysql_select_db(“nitay_totalnba”, $link) or die(mysql_error().”–“.$query);
if($_GET[‘do’]==”disconnect”)
{
setcookie(“name”, NULL, time()-3600, “/”, $_SERVER[‘HTTP_HOST’], 1);
setcookie(“password”, NULL, time()-3600, “/”, $_SERVER[‘HTTP_HOST’], 1);
print(“All the cookies was erased!”);
}
$query=”SELECT ID FROM users WHERE name='”.$_COOKIE[‘name’].”‘ AND password=”.md5($_COOKIE[‘password’]).””;
$result=mysql_query($query);
if($result!==FALSE)
{
print(“You are logged in!, <a href=”/Oleg/Login.php?do=disconnect”>click here to log in with other acount</a>
<br>Click <a href=”/Oleg/Admin.php”>here</a> for the control panel”);
}
elseif(isset($_POST[‘name’]) and isset($_POST[‘password’]))
{
$query=”SELECT ID FROM users WHERE name='”.$_POST[‘name’].”‘ AND password='”.$_POST[‘password’].”‘”;
$result=mysql_query($query, $link);
if($result!=FALSE)
{
setcookie(“name”, NULL, 2147483647, “/”, $_SERVER[‘HTTP_HOST’], 1);
setcookie(“password”, NULL, 2147483647, “/”, $_SERVER[‘HTTP_HOST’], 1);
}
else
{
print(“The details that you have entered are incorrect”);
}
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form method=”post” action=”<?php print($_SERVER[‘PHP_SELF’]); ?>” name=”login”>
<table align=”right” dir=”rtl” width=”50%”>
<tr><td>User name</td><td><input name=”name” type=”text” size=”15″ maxlength=”20″></td></tr>
<tr><td>Password</td><td><input name=”password” type=”password” size=”15″ maxlength=”20″></td></tr>
<tr><td align=”right” dir=”rtl”><input type=”submit” value=”Login” align=”right”></td></tr>
</table>
</form>
</body>
</html>
Sign in
to post a comment26 Comments(s) ↴
0
@NogDogJan 27.2006 — #reply?
0
@chazzyJan 27.2006 — #try to do this part differently, that's my first intuition:[code=php]
$result=mysql_query($query);
if($result!==FALSE)
[/code]Maybe you could count the # of records the user has, instead of getting the ID. Then if that count is 1, he's good.
I'm not sure what happens when you set a cookie with a value of NULL, but I'd feel better about it if you assigned something else when setting the cookie, even if it's just a place-holder of "1". (I know FALSE indicates that the cookie is to be unset, but I'm not sure about NULL.)[/QUOTE]
Based on the way he's using them, i figured they're part of the delete cookie he's trying to use.
reply?
0
@bokehJan 27.2006 — #reply?
0
@NogDogJan 27.2006 — #...
Based on the way he's using them, i figured they're part of the delete cookie he's trying to use.[/QUOTE]
The first pair, yes, the second pair I *think* are supposed to be setting (especially since the expiration time is in 2038).
reply?
0
@bokehJan 27.2006 — #if you sends this:[code=php]setcookie("password", NULL, 2147483647, "/", $_SERVER['HTTP_HOST'], 1);[/code] PHP thinks you are trying to delete the cookie and so sends this to the browser:[CODE]Set-Cookie: password=deleted; expires=Thu, 27-Jan-2005 14:52:40 GMT; path=/; domain=localhost; secure[/CODE] [B]Note:[/B] the cookie date is one year earlier than the current date. Also for argument #6 you are sending [I]'1'[/I] that means the cookie can only be sent over an SSL connection. Is that what you wanted? Do you have an SSL enabled webserver?reply?
0
@HellgYauthorJan 27.2006 — #I thought that it is some kind of, hmm... encryption of the content.
Thanks!.
reply?
0
@chazzyJan 27.2006 — #I do, but i do not really care for it...
I thought that it is some kind of, hmm... encryption of the content.
Thanks!.[/QUOTE]
encryption of packets provides it does.
for greater network security, ease of mind.
reply?
0
@HellgYauthorJan 27.2006 — #I'm not sure what happens when you set a cookie with a value of NULL, but I'd feel better about it if you assigned something else when setting the cookie, even if it's just a place-holder of "1". (I know FALSE indicates that the cookie is to be unset, but I'm not sure about NULL.)[/QUOTE]
I think that NULL as value resembles the effect that FALSE takes...
That's just the method that Zend suggest...
reply?
0
@bokehJan 27.2006 — #I think that NULL as value resembles the effect that FALSE takes...[/QUOTE]Read mypost #6 above. It causes the cookie to be deleted.
reply?
0
@HellgYauthorJan 27.2006 — #Just wanted to note that it's as official as using FALSE...
Just offered by another party...
reply?
0
@bokehJan 27.2006 — #official[/QUOTE]NULL and FALSE are completely different as can be seen by running the following:
[code=php]var_dump(NULL === FALSE); // returns false[/code] NULL represents a variable that has no value (i.e. it does not even have a type) whereas FALSE is a boolean literal (a truth value). They are certainly not interchangable, for example you couldn't use: [code=php]while (($file = readdir($dh)) !== null) { // always returns true[/code]reply?
0
@HellgYauthorJan 27.2006 — #Hmm, I referred to this specific scenario...
Here is revised code:
My only problem is that i receive two separate messages together when trying to disconnect after successfully logging in...
i receive the following message:
[QOUTE]
All the cookies was erased!You are already logged in!, click here to log in with other account
Click here for the control panel
[/QUOTE]
Which is weird because chronologically, I first delete the cookies, if the user choose so.
And only afterwards i see if the user already have valid cookies and then notify him that he is already logged in.
So theoretically, when i check whether the cookies are valid or not they are no longer exists. Any ideas why can it happen?, is it because the cookie termination applies starting with the next header?.
Code:
[code=php]
<?php
$link=mysql_connect("localhost", "nitay_totalnba", "nitmanmat");
mysql_select_db("nitay_totalnba", $link) or die(mysql_error()."--".$query);
if($_GET['do']=="disconnect")
{
setcookie("name", FALSE, time()-3600, "/", $_SERVER['HTTP_HOST'], 0);
setcookie("password",FALSE, time()-3600, "/", $_SERVER['HTTP_HOST'], 0);
print("All the cookies was erased!");
}
$query="SELECT ID FROM users WHERE name='".$_COOKIE['name']."' AND password='".md5($_COOKIE['password'])."'";
$result=mysql_query($query, $link) or die(mysql_error()."--".$query);
$row=mysql_fetch_array($result);
mysql_free_result($result);
if($row['0']==1)
{
print("You are already logged in!, <a href="/Oleg/Login.php?do=disconnect">click here to log in with other acount</a>
<br>Click <a href="/Oleg/Admin.php">here</a> for the control panel");
die();
}
elseif(isset($_POST['name']) and isset($_POST['password']))
{
$query="SELECT COUNT(ID) FROM users WHERE name='".$_POST['name']."' AND password='".md5($_POST['password'])."'";
$result=mysql_query($query, $link);
$row=mysql_fetch_array($result);
if($row['0']==1)
{
setcookie("name", $_POST['name'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);
setcookie("password", $_POST['password'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);
print("You are now loged in. <a href="/Oleg/Login.php?do=disconnect">click here to log in with other acount</a>
<br>Click <a href="/Oleg/Admin.php">here</a> for the control panel!");
}
else
{
print("The details that you have entered are incorrect");
}
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form method="post" action="<?php print($_SERVER['PHP_SELF']); ?>" name="login">
<table align="right" dir="rtl" width="50%">
<tr><td>User name</td><td><input name="name" type="text" size="15" maxlength="20"></td></tr>
<tr><td>Password</td><td><input name="password" type="password" size="15" maxlength="20"></td></tr>
<tr><td align="right" dir="rtl"><input type="submit" value="Login" align="right"></td></tr>
</table>
</form>
</body>
</html>
[/code]reply?
0
@bokehJan 27.2006 — #Which is weird because chronologically[/QUOTE]You deleted the cookies from the client but they are still active on the server for the duration of the script. If you wish to delete them from the server before the script continues use [I]unset()[/I].
[code=php]unset($_COOKIE['name']);
unset($_COOKIE['password']);[/code]reply?
0
@HellgYauthorJan 28.2006 — #I have another problem with another script related to the login script...
I'll try to solve it by my self, if I'll fail i will specify it in this thread, hoping you'll help me.
reply?
0
@HellgYauthorJan 28.2006 — #Here is the code I'm currently using:[code=php]
<?php
$link=mysql_connect("localhost", "nitay_totalnba", "nitmanmat");
mysql_select_db("nitay_totalnba", $link) or die(mysql_error()."--".$query);
if($_GET['do']=="disconnect")
{
unset($_COOKIE['name']);
unset($_COOKIE['password']);
setcookie("name", FALSE, time()-3600, "/", $_SERVER['HTTP_HOST'], 0);
setcookie("password", FALSE, time()-3600, "/", $_SERVER['HTTP_HOST'], 0);
print("All the cookies was erased!");
}
$query="SELECT ID FROM users WHERE name='".$_COOKIE['name']."' AND password='".md5($_COOKIE['password'])."'";
$result=mysql_query($query, $link) or die(mysql_error()."--".$query);
$row=mysql_fetch_array($result);
mysql_free_result($result);
if($row['0']==1)
{
print("You are already logged in!, <a href="/Oleg/Login.php?do=disconnect">click here to log in with other acount</a>
<br>Click <a href="/Oleg/Admin.php">here</a> for the control panel");
die();
}
elseif(isset($_POST['name']) and isset($_POST['password']))
{
$query="SELECT COUNT(ID) FROM users WHERE name='".$_POST['name']."' AND password='".md5($_POST['password'])."'";
$result=mysql_query($query, $link);
$row=mysql_fetch_array($result);
if($row['0']==1)
{
setcookie("name", $_POST['name'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);
setcookie("password", $_POST['password'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);
print("You are now loged in. <a href="/Oleg/Login.php?do=disconnect">click here to log in with other acount</a>
<br>Click <a href="/Oleg/Admin.php">here</a> for the control panel!");
}
else
{
print("The details that you have entered are incorrect");
}
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form method="post" action="<?php print($_SERVER['PHP_SELF']); ?>" name="login">
<table align="right" dir="rtl" width="50%">
<tr><td>User name</td><td><input name="name" type="text" size="15" maxlength="20"></td></tr>
<tr><td>Password</td><td><input name="password" type="password" size="15" maxlength="20"></td></tr>
<tr><td align="right" dir="rtl"><input type="submit" value="Login" align="right"></td></tr>
</table>
</form>
</body>
</html>
[/code]After i "successfully erased all cookies" and refreshed the page, i receive a message that still says that I'm "already logged in!".
Any ideas?.
Also i need to refresh every page several times before it recognizes the new cookies, even if i loaded it after the cookies were set, or applies the removal of certain cookies...
Any help is highly appreciated.
Admin
openup
reply?
0
@chazzyJan 28.2006 — #reply?
0
@HellgYauthorJan 28.2006 — #reply?
0
@HellgYauthorJan 28.2006 — #The following page must be reloaded several times before it can read a fresh cookie or notice the absence of a cookie(It is a whole separate page and it is loaded after the cookie is createdremoved by Login.php):
Code:
[code=php]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>TotalNBA-צור מנהל</title>
<script type="text/javascript">
function checkUncheck(n,b){
var c = document.getElementsByName(n);
for(var i=0;i<c.length;i++){
c[i].checked=b
}
}
</script>
</head>
<body>
<?php
$link=mysql_connect("localhost", "nitay_totalnba", "nitmanmat");
mysql_select_db("nitay_totalnba", $link) or die(mysql_error()."--".$query);
$query="SELECT ID FROM users WHERE name='".$_COOKIE['name']."' AND password='".md5($_COOKIE['password'])."'";
$result=mysql_query($query, $link);
$numrow=mysql_num_rows($result);
$row=mysql_fetch_array($result, MYSQL_ASSOC);
mysql_free_result($result);
$query="SELECT COUNT(ID) FROM pri WHERE ID='".$row['ID']."'";
$result=mysql_query($query, $link);
$row2=mysql_fetch_array($result);
mysql_free_result($result);
if($numrow!=1 and $row2['0']!=1)
{
print("you must login before viewing this page <a href=" /Oleg/Login.php">Click here</a>");
die();
}
if($_POST['check']==1 and $_POST['name']!=NULL and $_POST['password']!=NULL and $_POST['email']!=NULL and $_POST['email2']!=NULL)
{//start of main condition
if(strcmp($_POST['email'], $_POST['email2'])!=0)
{
print("The email ddresses that you have entered doesn't match <a href="".$_SERVER['PHP_SELF']."" targe="_BLANK">Return</a>");
die();
}
$query="INSERT INTO pri(";
for($i=0; $i<7; $i++)
{
if(isset($_POST['aut'][$i]))
{
$query=$query."".$_POST['aut'][$i].", ";
}
}
$query=$query."empty) VALUES(";
for($i=0; $i<6; $i++)
{
if(isset($_POST['aut'][$i]))
{
$query=$query."'1', ";
}
}
$query=$query."'1')";
mysql_query($query, $link) or die(mysql_error()."--".$query);
$query="INSERT INTO users(name, password, email) VALUES('".$_POST['name']."', ".md5($_POST['password']).", '".$_POST['email']."')";
$result=mysql_query($query, $link);
mail($_POST['mail'], "You have been granted with special priveleges, TotlaNBA.",
"Uset the details to follow to login into the control panel:/n
User Name:".$_POST['name']."/n Password:".$_POST['password']."/n
Login here: http://opend4u.net/Oleg/Admin.php");
}//end of main condition
elseif($_POST['check']==1)
{
print("please fill out of the fields...");
}
?>
<form method="post" action="<?php print($_SERVER['PHP_SELF']); ?>" name="registration">
<table align="right" dir="rtl" width="50%">
<tr><td>שם משתמש</td><td><input type="text" name="name" maxlength="12" size="15"></td></tr>
<tr><td>סיסמא</td><td><input type="password" name="password" maxlength="20" size="15"></td></tr>
<tr><td>חכתובת דוא"ל</td><td><input type="text" name="email" maxlength="20" size="15"></td></tr>
<tr><td>חזור על כתובת דוא"ל</td><td><input type="text" maxlength="60" size="15" name="email2" size="15"></td></tr>
<tr><td>הרשאות</td></tr>
<tr><td>יצירת תכנים חדשים</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a1"></td><td>פרוייקטים</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a2"></td><td>חדשות וכתבות</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a3"></td><td>טורים אישיים</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a4"></td><td>סיקורי משחקים</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a5"></td><td>תוצאה בזמן אמת</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a6"></td><td>שחקנים</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a7"></td><td>סקרים</td></tr>
<tr><td><input type="button" onclick="checkUncheck('aut[]',true)" name="checkall" value="Check all"><input type="button" onclick="checkUncheck('aut[]',false)" name="uncheck all" value="Uncheck all"><input type="submit" value="Go!"></td></tr>
</table>
<input type="hidden" value="1" name="check">
</form>
</body>
</html>
[/code]reply?
0
@HellgYauthorJan 29.2006 — #Any ideas why NewUser.php doesn't recognizes the cookie immediately and ahas a short break before fresh setremoved cookie take effect?.
reply?
0
@HellgYauthorJan 29.2006 — #Of course..I've posted the source several times before in this thread, Here sis the code that is currently running on the server:
[code=php]
<?php
$link=mysql_connect("localhost", "nitay_totalnba", "nitmanmat");
mysql_select_db("nitay_totalnba", $link) or die(mysql_error()."--".$query);
if($_GET['do']=="disconnect")
{
unset($_COOKIE['name']);
unset($_COOKIE['password']);
setcookie("name", FALSE, time()-3600, "/", $_SERVER['HTTP_HOST'], 0);
setcookie("password", FALSE, time()-3600, "/", $_SERVER['HTTP_HOST'], 0);
print("All the cookies was erased!");
}
$query="SELECT ID FROM users WHERE name='".$_COOKIE['name']."' AND password='".md5($_COOKIE['password'])."'";
$result=mysql_query($query, $link) or die(mysql_error()."--".$query);
$row=mysql_fetch_array($result);
mysql_free_result($result);
if($row['0']==1)
{
print("You are already logged in!, <a href="/Oleg/Login.php?do=disconnect">click here to log in with other acount</a>
<br>Click <a href="/Oleg/Admin.php">here</a> for the control panel");
die();
}
elseif(isset($_POST['name']) and isset($_POST['password']))
{
$query="SELECT COUNT(ID) FROM users WHERE name='".$_POST['name']."' AND password='".md5($_POST['password'])."'";
$result=mysql_query($query, $link);
$row=mysql_fetch_array($result);
if($row['0']==1)
{
setcookie("name", $_POST['name'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);
setcookie("password", $_POST['password'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);
print("You are now loged in. <a href="/Oleg/Login.php?do=disconnect">click here to log in with other acount</a>
<br>Click <a href="/Oleg/Admin.php">here</a> for the control panel!");
}
else
{
print("The details that you have entered are incorrect");
}
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form method="post" action="<?php print($_SERVER['PHP_SELF']); ?>" name="login">
<table align="right" dir="rtl" width="50%">
<tr><td>User name</td><td><input name="name" type="text" size="15" maxlength="20"></td></tr>
<tr><td>Password</td><td><input name="password" type="password" size="15" maxlength="20"></td></tr>
<tr><td align="right" dir="rtl"><input type="submit" value="Login" align="right"></td></tr>
</table>
</form>
</body>
</html>
[/code]reply?
0
@bokehJan 29.2006 — #[I][code=php]setcookie("name", $_POST['name'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);[/code] [/I]That won't set a cookie for me (tested on firefox, not IE). The following will:[code=php]setcookie ('password', $_POST['password'], time()+(60*60*24*30), '/', '', 0);[/code]reply?
0
@HellgYauthorJan 29.2006 — #As it will appear as an advertising spyware cookie in most of the spyware removers, and will load to the mainframe while the user surfing in other sites then mine, Might also cause problems at the processing of the script if the web page uses the cookies
named the same as mine.
My cookies work just fine, Just don't come into force immediately...
I will try this modification and let you know if there any results, technically, both should work.
reply?
0
@bokehJan 29.2006 — #reply?
0
@HellgYauthorJan 30.2006 — #This type of cookies usually called 'Advertising', which means that more them one domain can claim the cookie(two or more unrelated domains).
reply?
0
@bokehJan 30.2006 — #I thought that was what you were getting at. Well the answer is no they cant. Argument #4 is for limiting to a sub directory and argument #5 is for limiting to a sub domain. Browsers will only return cookies to the source zone although some have even tighter security.can't any domain require this cookie?[/QUOTE]Cookies are not "required" nor requested by a domain; they are sent (and only sent) if the browser chooses to do so. The server cannot ask the client for a cookie (there is no protocol for this) it can only read the cookie if the client was good enough to send it.
Uninformed assumptions such as yours lead to mass hysteria, paranoia and dustbin journalism!
reply?