setting cookies and retrieving them

Anon

Ok this is what I am trying to do:

I want to authorize a username and password to a mysqldatabase (in a htmlform, in a page clalled login.php). After the submit button is hit a new page should open and read: login failed when the incorrect username and pass were entered and login succesfull when it has been done right and at that same time set a cookie on the userspc with the username and passw (encrypted) in there and set it for an hour.

Now when a user wants to view a certain page (the page needed to login for) before that page is displayed i want to check wether the user is logged in, hence the cookie and if so let him pass to his specific personalized page, if not send to the login page.

Now there is one problem, I have read several codes on how to do this but none of them where clear or worked.
How do i code this and what should go where. I use php4 and the datablocks.net host.

Help is needed 🙂 thx in advance.

babak

do you send the cookies before you write out to the browser or not.

Otherwise it is as simple as they have described in the http://php.net/setcookie

Good luck
//babak

Anon

I want the cookie set only when the login is succesfull, so on submit the database check is done and when all is ok, the cookie will be set

Anon

OK what you can do is after the user enters his login name and login password on the login page the user hits submit... then call another page... ie login.php which will check against a database to see if it's a valid login...

If (Valid) then you create the cookie..

  SetCookie("CookieName", "comparisonvalue", time()+123);

//time is in seconds... so put it for an hour in seconds.....

Else
//send user back to login
header ("Location: login.html");

NOTE: you can only set a cookie BEFORE anything else is outputed to the screen..MEANING... don't have before setting the cookie or any echo's anywhere...

Now to check if valid on any other page....

The cookie name will be available as a variable...so for in my example... it's

$CookieName... so now to check if the cookie has the right info then you could simply check by doing...

if ($CookieName == "comparisonvalue")
yadda yadda yadda
else
header ("location: login.html");

Ok i think that should get you on your way... I may have missed or skipped some stuff but if all else fails... post and post again

Anon

err where is says

Anon

err where is says ...MEANING dont have...

is ...MEANING don't have html tags....etc..

Anon

Hope I can figure it out, this check thing stuff isn't my strongsuit.

Wouldn't by any chance have some more code i could work with....this is ....uhm....a lot of figuring out i'm afraid.....but I'll give it a shot...

Thx for the fast reply 🙂

Anon

If you get stuck...just post here again... I'll check back if time permits.

rooseboom

i have now got as comparisionvalue:

if ($DFOLogin=="$row["Password"]==$Password")

but then I get this error:

Parse error: parse error, expecting T_STRING' orT_VARIABLE' or `T_NUM_STRING' in /usr/home/sites/blabla.php on line 2

This is the cookie I try to set:

SetCookie("DFOLogin", "$row["Password"]==$Password", 0, "/");

I want it to timeout on browserclose

What am i doing wrong?

Anon

For the setcookie, set the value as $pw or something, and then define $pw before setting the cookie, don't try to set a value like that.

To time out on browser close, just don't set a time value.

Anon

OK I have done that and this is what I try to do..I am calling the page where it checks wether the cookie present, if not go to login, if so go on
This is the check:

<?php
if ($cookiename=="$pw")
{
header ("location: proceed.htm");
}
else
{
header ("location: login.php");
}
?>

But this gives a parse error...am i blind cause I can't seem to find the error

I have tried several versions...to figure out the error but can't find it....once it seemed to go but it then just showed the proceed.htm, while the login wasn't even done, so no cookie had been set

Help plz (and thanks for the replies so far)

babak

What is $pw and $cookiename?
//babak

Anon

This is the code I use:

control.php:

<?php
if ($DFOLogin=="$pw")
{
header ("location: access.htm");
else
{
header ("location: login.php");
}}
?>

<head>
<title>Name of page</title>
</head>
<body bgcolor ="#999999">
<font face ="Arial" size="1" color="#000000">
<center>
<BR>
Please enter your username and password to login:
<BR><BR>
<font color="#FFFFFF" face ="Arial" size="1">
<form method=post action="logincheck.php">
<TABLE BORDER=0 WIDTH=300>
<td width=50><font color="#000000" size ="1">Username:</td><font color="#000000" size ="1"><td width=150><input type="text" name="username" size=20></font></td><tr>
<td width=50><font color="#000000" size ="1">Password:</td><td width=150><font color="#000000" size ="1"><input type="password" name="Password" size=20></font></td><TR ALIGN=LEFT VALIGN=TOP></table><BR>
<TABLE BORDER=0 WIDTH=300>
<td width=100></td><td><input type="submit" name="submit" value="Log In">
<input type="Reset" name="reset" value="Reset"></td>
</table></form>
</font>
</center>
</body>

logincheck.php:

<?php
mysql_connect("localhost", "hostusername", "hostpassword") or die ("cant connect");
mysql_select_db("databasename") or die ("cant change");
$result=mysql_query("SELECT * FROM members WHERE name='$username'") or die ("cant do it");
$row=mysql_fetch_array($result);
{
if ($row["Password"]==$Password)
{
$pw=($row["Password"]==$Password);
SetCookie("DFOLogin", "$pw", 0, "/");
header ("location: access.htm");
}
else
header ("location: login.php");
}

This is the code I use
When someone hits the login button in the menu it will fetch the control.php. There it should check wether the cookie is there and if so continue to the access.htm
If not it should go to the login.php and users have to fill out the loginform. On submit it goes to logincheck.php which checks the username and password on the database, if correct: set cookie and continue to access.htm. If not: back to login.php

But somewhere I have gone wrong....just don't know where

Thx for the help

babak

Have you considered using session variables instead of cookie?

It is much harder to furge.

Take a look at http://php.net/session_start

//babak

Anon

Uhm...gonna read it but I do think it could work this way....just can't find the error in my code (sure it is there)

Can anybody tell me

Anon

I found one thing:

<?php
if ($DFOLogin=="$pw")
{
header ("location: access.htm");
}
else
{
header ("location: login.php");
}
?>
This is the first thing I found...the {} were wrong BUT more importantly...since $DFOLogin is never set and $pw isn't either they are both equal and therfor it is accepted.
GGRRR now how to deal with this

Anon

Man you seem to be making this complicated, heres an system for you.

connect.inc is just your general db connection file. Which seemed to be fine from what I could see of the 6pt text.
I've even included the md5 encryption stuff for you 🙂

To add users... (assuming the HTML is correct)
<?php

$encpw=md5($password);
include ("connect.inc");

$query = "INSERT INTO table_name (real_name,user_name,password,level) VALUES ('$real_name','$user_name','$encpw','$level');";
$result = mysql_query($query);

mysql_close();
?>

Then to login from that and set a cookie...

Firstly check if the cookie is present, if so ignore the login form, if not present the form...

<?php
$encpw=md5($password);
if ($general_access == "lv1") {include "http://www.site.com/memberindex.htm";}
else {
if ($submit) {
include "connect.inc";
$result=mysql_query("select * from table_name where user_name='$user_name'",$db)
or die ("User Doesnt Exist!");
while ($row=mysql_fetch_array($result)) {
if ($row["password"] == $encpw) {include "setcookie.inc";}
else {echo "Incorrect information entered, please re-enter information";
die ("Wrong information entered!");}
}
}
include "login_form.inc";
}
?>

setcookie.inc..

<?php
setcookie ('general_access', 'lv1', time()+10800); header("Location: http://www.site.com/memberindex.htm");exit;}
?>

ie if the cookie is then set, the person must have logged in, so reload the page to the correct site, which they will be returned to without logging in for the next 3 hours.

loginform.inc is just another html form.

Hope this helps, its not that complex, just remember to make sure that the db has enough row spaces, for example, the password, whatever the length, is turned into 1 32bit md5 hash, setting varchar(8) therefore messes it up, I know!