Hi, i wrote the page below to verify the user input against the data in the DB,
and set a cookie with the information that the user inputted, every page checks the information in the cookies individually.
The log-in script just confirms that the user is not either already logged in or
entered incorrect account information and acts accordingly.
My problem is that the application neither prints the messages that i designed, or sets a cookie.
I will explain any part of the source at request,
Thanks!.
Code:
[code=php]
<?php
$link=mysql_connect(“localhost”, “nitay_totalnba”, “nitmanmat”);
mysql_select_db(“nitay_totalnba”, $link) or die(mysql_error().”–“.$query);
if($_GET[‘do’]==”disconnect”)
{
setcookie(“name”, NULL, time()-3600, “/”, $_SERVER[‘HTTP_HOST’], 1);
setcookie(“password”, NULL, time()-3600, “/”, $_SERVER[‘HTTP_HOST’], 1);
print(“All the cookies was erased!”);
}
$query=”SELECT ID FROM users WHERE name='”.$_COOKIE[‘name’].”‘ AND password=”.md5($_COOKIE[‘password’]).””;
$result=mysql_query($query);
if($result!==FALSE)
{
print(“You are logged in!, <a href=”/Oleg/Login.php?do=disconnect”>click here to log in with other acount</a>
<br>Click <a href=”/Oleg/Admin.php”>here</a> for the control panel”);
}
elseif(isset($_POST[‘name’]) and isset($_POST[‘password’]))
{
$query=”SELECT ID FROM users WHERE name='”.$_POST[‘name’].”‘ AND password='”.$_POST[‘password’].”‘”;
$result=mysql_query($query, $link);
if($result!=FALSE)
{
setcookie(“name”, NULL, 2147483647, “/”, $_SERVER[‘HTTP_HOST’], 1);
setcookie(“password”, NULL, 2147483647, “/”, $_SERVER[‘HTTP_HOST’], 1);
}
else
{
print(“The details that you have entered are incorrect”);
}
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form method=”post” action=”<?php print($_SERVER[‘PHP_SELF’]); ?>” name=”login”>
<table align=”right” dir=”rtl” width=”50%”>
<tr><td>User name</td><td><input name=”name” type=”text” size=”15″ maxlength=”20″></td></tr>
<tr><td>Password</td><td><input name=”password” type=”password” size=”15″ maxlength=”20″></td></tr>
<tr><td align=”right” dir=”rtl”><input type=”submit” value=”Login” align=”right”></td></tr>
</table>
</form>
</body>
</html>
[code=php]
$result=mysql_query($query);
if($result!==FALSE)
[/code]
I'm not sure what happens when you set a cookie with a value of NULL, but I'd feel better about it if you assigned something else when setting the cookie, even if it's just a place-holder of "1". (I know FALSE indicates that the cookie is to be unset, but I'm not sure about NULL.)[/QUOTE]
...
Based on the way he's using them, i figured they're part of the delete cookie he's trying to use.[/QUOTE]
[code=php]setcookie("password", NULL, 2147483647, "/", $_SERVER['HTTP_HOST'], 1);[/code]
PHP thinks you are trying to delete the cookie and so sends this to the browser:[CODE]Set-Cookie: password=deleted; expires=Thu, 27-Jan-2005 14:52:40 GMT; path=/; domain=localhost; secure[/CODE]
[B]Note:[/B] the cookie date is one year earlier than the current date. Also for argument #6 you are sending [I]'1'[/I] that means the cookie can only be sent over an SSL connection. Is that what you wanted? Do you have an SSL enabled webserver?I do, but i do not really care for it...
I thought that it is some kind of, hmm... encryption of the content.
Thanks!.[/QUOTE]
I'm not sure what happens when you set a cookie with a value of NULL, but I'd feel better about it if you assigned something else when setting the cookie, even if it's just a place-holder of "1". (I know FALSE indicates that the cookie is to be unset, but I'm not sure about NULL.)[/QUOTE]
I think that NULL as value resembles the effect that FALSE takes...[/QUOTE]Read mypost #6 above. It causes the cookie to be deleted.
official[/QUOTE]NULL and FALSE are completely different as can be seen by running the following:
[code=php]var_dump(NULL === FALSE); // returns false[/code]
NULL represents a variable that has no value (i.e. it does not even have a type) whereas FALSE is a boolean literal (a truth value). They are certainly not interchangable, for example you couldn't use: [code=php]while (($file = readdir($dh)) !== null) { // always returns true[/code]
[code=php]
<?php
$link=mysql_connect("localhost", "nitay_totalnba", "nitmanmat");
mysql_select_db("nitay_totalnba", $link) or die(mysql_error()."--".$query);
if($_GET['do']=="disconnect")
{
setcookie("name", FALSE, time()-3600, "/", $_SERVER['HTTP_HOST'], 0);
setcookie("password",FALSE, time()-3600, "/", $_SERVER['HTTP_HOST'], 0);
print("All the cookies was erased!");
}
$query="SELECT ID FROM users WHERE name='".$_COOKIE['name']."' AND password='".md5($_COOKIE['password'])."'";
$result=mysql_query($query, $link) or die(mysql_error()."--".$query);
$row=mysql_fetch_array($result);
mysql_free_result($result);
if($row['0']==1)
{
print("You are already logged in!, <a href="/Oleg/Login.php?do=disconnect">click here to log in with other acount</a>
<br>Click <a href="/Oleg/Admin.php">here</a> for the control panel");
die();
}
elseif(isset($_POST['name']) and isset($_POST['password']))
{
$query="SELECT COUNT(ID) FROM users WHERE name='".$_POST['name']."' AND password='".md5($_POST['password'])."'";
$result=mysql_query($query, $link);
$row=mysql_fetch_array($result);
if($row['0']==1)
{
setcookie("name", $_POST['name'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);
setcookie("password", $_POST['password'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);
print("You are now loged in. <a href="/Oleg/Login.php?do=disconnect">click here to log in with other acount</a>
<br>Click <a href="/Oleg/Admin.php">here</a> for the control panel!");
}
else
{
print("The details that you have entered are incorrect");
}
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form method="post" action="<?php print($_SERVER['PHP_SELF']); ?>" name="login">
<table align="right" dir="rtl" width="50%">
<tr><td>User name</td><td><input name="name" type="text" size="15" maxlength="20"></td></tr>
<tr><td>Password</td><td><input name="password" type="password" size="15" maxlength="20"></td></tr>
<tr><td align="right" dir="rtl"><input type="submit" value="Login" align="right"></td></tr>
</table>
</form>
</body>
</html>
[/code]
Which is weird because chronologically[/QUOTE]You deleted the cookies from the client but they are still active on the server for the duration of the script. If you wish to delete them from the server before the script continues use [I]unset()[/I].
[code=php]unset($_COOKIE['name']);
unset($_COOKIE['password']);[/code]
[code=php]
<?php
$link=mysql_connect("localhost", "nitay_totalnba", "nitmanmat");
mysql_select_db("nitay_totalnba", $link) or die(mysql_error()."--".$query);
if($_GET['do']=="disconnect")
{
unset($_COOKIE['name']);
unset($_COOKIE['password']);
setcookie("name", FALSE, time()-3600, "/", $_SERVER['HTTP_HOST'], 0);
setcookie("password", FALSE, time()-3600, "/", $_SERVER['HTTP_HOST'], 0);
print("All the cookies was erased!");
}
$query="SELECT ID FROM users WHERE name='".$_COOKIE['name']."' AND password='".md5($_COOKIE['password'])."'";
$result=mysql_query($query, $link) or die(mysql_error()."--".$query);
$row=mysql_fetch_array($result);
mysql_free_result($result);
if($row['0']==1)
{
print("You are already logged in!, <a href="/Oleg/Login.php?do=disconnect">click here to log in with other acount</a>
<br>Click <a href="/Oleg/Admin.php">here</a> for the control panel");
die();
}
elseif(isset($_POST['name']) and isset($_POST['password']))
{
$query="SELECT COUNT(ID) FROM users WHERE name='".$_POST['name']."' AND password='".md5($_POST['password'])."'";
$result=mysql_query($query, $link);
$row=mysql_fetch_array($result);
if($row['0']==1)
{
setcookie("name", $_POST['name'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);
setcookie("password", $_POST['password'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);
print("You are now loged in. <a href="/Oleg/Login.php?do=disconnect">click here to log in with other acount</a>
<br>Click <a href="/Oleg/Admin.php">here</a> for the control panel!");
}
else
{
print("The details that you have entered are incorrect");
}
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form method="post" action="<?php print($_SERVER['PHP_SELF']); ?>" name="login">
<table align="right" dir="rtl" width="50%">
<tr><td>User name</td><td><input name="name" type="text" size="15" maxlength="20"></td></tr>
<tr><td>Password</td><td><input name="password" type="password" size="15" maxlength="20"></td></tr>
<tr><td align="right" dir="rtl"><input type="submit" value="Login" align="right"></td></tr>
</table>
</form>
</body>
</html>
[/code]
[code=php]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>TotalNBA-צור מנהל</title>
<script type="text/javascript">
function checkUncheck(n,b){
var c = document.getElementsByName(n);
for(var i=0;i<c.length;i++){
c[i].checked=b
}
}
</script>
</head>
<body>
<?php
$link=mysql_connect("localhost", "nitay_totalnba", "nitmanmat");
mysql_select_db("nitay_totalnba", $link) or die(mysql_error()."--".$query);
$query="SELECT ID FROM users WHERE name='".$_COOKIE['name']."' AND password='".md5($_COOKIE['password'])."'";
$result=mysql_query($query, $link);
$numrow=mysql_num_rows($result);
$row=mysql_fetch_array($result, MYSQL_ASSOC);
mysql_free_result($result);
$query="SELECT COUNT(ID) FROM pri WHERE ID='".$row['ID']."'";
$result=mysql_query($query, $link);
$row2=mysql_fetch_array($result);
mysql_free_result($result);
if($numrow!=1 and $row2['0']!=1)
{
print("you must login before viewing this page <a href=" /Oleg/Login.php">Click here</a>");
die();
}
if($_POST['check']==1 and $_POST['name']!=NULL and $_POST['password']!=NULL and $_POST['email']!=NULL and $_POST['email2']!=NULL)
{//start of main condition
if(strcmp($_POST['email'], $_POST['email2'])!=0)
{
print("The email ddresses that you have entered doesn't match <a href="".$_SERVER['PHP_SELF']."" targe="_BLANK">Return</a>");
die();
}
$query="INSERT INTO pri(";
for($i=0; $i<7; $i++)
{
if(isset($_POST['aut'][$i]))
{
$query=$query."".$_POST['aut'][$i].", ";
}
}
$query=$query."empty) VALUES(";
for($i=0; $i<6; $i++)
{
if(isset($_POST['aut'][$i]))
{
$query=$query."'1', ";
}
}
$query=$query."'1')";
mysql_query($query, $link) or die(mysql_error()."--".$query);
$query="INSERT INTO users(name, password, email) VALUES('".$_POST['name']."', ".md5($_POST['password']).", '".$_POST['email']."')";
$result=mysql_query($query, $link);
mail($_POST['mail'], "You have been granted with special priveleges, TotlaNBA.",
"Uset the details to follow to login into the control panel:/n
User Name:".$_POST['name']."/n Password:".$_POST['password']."/n
Login here: http://opend4u.net/Oleg/Admin.php");
}//end of main condition
elseif($_POST['check']==1)
{
print("please fill out of the fields...");
}
?>
<form method="post" action="<?php print($_SERVER['PHP_SELF']); ?>" name="registration">
<table align="right" dir="rtl" width="50%">
<tr><td>שם משתמש</td><td><input type="text" name="name" maxlength="12" size="15"></td></tr>
<tr><td>סיסמא</td><td><input type="password" name="password" maxlength="20" size="15"></td></tr>
<tr><td>חכתובת דוא"ל</td><td><input type="text" name="email" maxlength="20" size="15"></td></tr>
<tr><td>חזור על כתובת דוא"ל</td><td><input type="text" maxlength="60" size="15" name="email2" size="15"></td></tr>
<tr><td>הרשאות</td></tr>
<tr><td>יצירת תכנים חדשים</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a1"></td><td>פרוייקטים</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a2"></td><td>חדשות וכתבות</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a3"></td><td>טורים אישיים</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a4"></td><td>סיקורי משחקים</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a5"></td><td>תוצאה בזמן אמת</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a6"></td><td>שחקנים</td></tr>
<tr><td><input type="checkbox" name="aut[]" value="a7"></td><td>סקרים</td></tr>
<tr><td><input type="button" onclick="checkUncheck('aut[]',true)" name="checkall" value="Check all"><input type="button" onclick="checkUncheck('aut[]',false)" name="uncheck all" value="Uncheck all"><input type="submit" value="Go!"></td></tr>
</table>
<input type="hidden" value="1" name="check">
</form>
</body>
</html>
[/code]
[code=php]
<?php
$link=mysql_connect("localhost", "nitay_totalnba", "nitmanmat");
mysql_select_db("nitay_totalnba", $link) or die(mysql_error()."--".$query);
if($_GET['do']=="disconnect")
{
unset($_COOKIE['name']);
unset($_COOKIE['password']);
setcookie("name", FALSE, time()-3600, "/", $_SERVER['HTTP_HOST'], 0);
setcookie("password", FALSE, time()-3600, "/", $_SERVER['HTTP_HOST'], 0);
print("All the cookies was erased!");
}
$query="SELECT ID FROM users WHERE name='".$_COOKIE['name']."' AND password='".md5($_COOKIE['password'])."'";
$result=mysql_query($query, $link) or die(mysql_error()."--".$query);
$row=mysql_fetch_array($result);
mysql_free_result($result);
if($row['0']==1)
{
print("You are already logged in!, <a href="/Oleg/Login.php?do=disconnect">click here to log in with other acount</a>
<br>Click <a href="/Oleg/Admin.php">here</a> for the control panel");
die();
}
elseif(isset($_POST['name']) and isset($_POST['password']))
{
$query="SELECT COUNT(ID) FROM users WHERE name='".$_POST['name']."' AND password='".md5($_POST['password'])."'";
$result=mysql_query($query, $link);
$row=mysql_fetch_array($result);
if($row['0']==1)
{
setcookie("name", $_POST['name'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);
setcookie("password", $_POST['password'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);
print("You are now loged in. <a href="/Oleg/Login.php?do=disconnect">click here to log in with other acount</a>
<br>Click <a href="/Oleg/Admin.php">here</a> for the control panel!");
}
else
{
print("The details that you have entered are incorrect");
}
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form method="post" action="<?php print($_SERVER['PHP_SELF']); ?>" name="login">
<table align="right" dir="rtl" width="50%">
<tr><td>User name</td><td><input name="name" type="text" size="15" maxlength="20"></td></tr>
<tr><td>Password</td><td><input name="password" type="password" size="15" maxlength="20"></td></tr>
<tr><td align="right" dir="rtl"><input type="submit" value="Login" align="right"></td></tr>
</table>
</form>
</body>
</html>
[/code]
[code=php]setcookie("name", $_POST['name'], 2147483647, "/", $_SERVER['HTTP_HOST'], 0);[/code]
[/I]That won't set a cookie for me (tested on firefox, not IE). The following will:[code=php]setcookie ('password', $_POST['password'], time()+(60*60*24*30), '/', '', 0);[/code]
can't any domain require this cookie?[/QUOTE]Cookies are not "required" nor requested by a domain; they are sent (and only sent) if the browser chooses to do so. The server cannot ask the client for a cookie (there is no protocol for this) it can only read the cookie if the client was good enough to send it.
0.1.9 — BETA 5.18