I am having a big problem...

Namadoor

I have this one log in program for my site, that I have had lots of trouble with, but I fixed them, but now I am getting this one weird problem. When the username and password is entered, it connects to a MySQL Database to check if they are right. If they are right then it is suppost to make a cookie. Now, when the script works okay so the cookie will be made, I always get an incorrect username or password. But then if I were to put a header before the cookie comands, so they don't work, then the same username and password are right.

Here are the codes:

This one always says the username and password are incorrect:

 
if (mysql_num_rows($result) > 0)	{
		$cae = checkvaliduser();
		if ($cae)	{
			setcookie("siteuser", "$username", time()-3600);
		}
		setcookie("siteuser", "$username", time()+3600);
		$validuser = $HTTP_COOKIE_VARS['siteuser'];
		header("Refresh: 0; URL: logedin.php");
	}

(That part is only evaluated if the username and password are correct, but when the cookies are there it won't be correct.)

But then if I add an echo statement before the cookie is set like this:

if (mysql_num_rows($result) > 0)	{
		echo "okay"; //This is the only line different between the two scripts
		$cae = checkvaliduser();
		if ($cae)	{
			setcookie("siteuser", "$username", time()-3600);
		}
		setcookie("siteuser", "$username", time()+3600);
		$validuser = $HTTP_COOKIE_VARS['siteuser'];
		header("Refresh: 0; URL: logedin.php");
	}

Then it gets errors, as there are headers before the cookies are set, but even with the same username and password as before it will return correct.

Why? 😕

yelvington

This is one of those "you need to drink more coffee" moments.

Think carefully about how cookies work.

You send a cookie. The browser stores it.

On some FUTURE interaction, the browser will send the cookie name and value. BUT NOT ON THIS INTERACTION! It's too late.

This does not make sense:

setcookie("siteuser", "$username", time()+3600);
$validuser = $HTTP_COOKIE_VARS['siteuser'];

The cookie variable will be either empty, or will contain junk from some previous cookie-setting event.

Namadoor

Okay, I got that part of it to work but now it is not registering the cookie. I know I have probley asked this before, but I am not getting it. I don't really understand cookies.

My program starts after the username and password are sent from the browser, to the login program, A simple program which calls a function...

<?
Require_Once("functions.php");

login($username, $password);

?>

The login function works like this:

function login($username, $password)	{
	sleep(1);
	$connection = dbconnect();
	if (!$connection)	{
	}

$query = "select * from User 
			where username ='$username'
			and password ='$password' ";
$result = mysql_query("$query");

if (!$result)	{
	echo "<b>ERROR:</b> Could not get query...<br>";
}
if (mysql_num_rows($result) > 0)	{
	//echo "okay";
	$cae = checkvaliduser();
	if ($cae)	{
		setcookie("siteuser", "$username", time()-3600);
	}
	setcookie("siteuser","$username",time()+3600);
	echo "<META HTTP-EQUIV=REFRESH CONTENT=0;URL=logedin.php>";
}
else	{
	echo "<font color=red>That username doesn't exist or the password is incorrect<br>";
}
}

Then, the logged in page looks like this.

<?

Require_Once('functions.php');

$vu = checkvaliduser();

if (!$vu)	{
	echo "IT DIDN'T WORK!";
echo "<META HTTP-EQUIV=REFRESH CONTENT=5;URL=index.php>";
}
else	{
	$validuser = $HTTP_COOKIE_VARS['siteuser'];
	echo "You have been logged in sucsessfully! <br>";
	echo "\$validuser = $validuser";
echo "<META HTTP-EQUIV=REFRESH CONTENT=5;URL=index.php>";
}

?>

It checks to see if the cookie is registered by calling the checkvaliduser function:

function checkvaliduser()	{
	if (isset($HTTP_COOKIE_VARS['siteuser']))	{
		return true;
	}
	else	{
		return false;
	}
}

But the cookie is not registerd! I also commented out that checkvaliduser function to see if it was that that just wasn't working. No luck. What do I have to do to make this stupid program work?

And BTW, thanks for all the help from everyone.

Namadoor

Never mind. I found the problem.