odd cookie problem

Runnion

Hey all,

I've been pouring over this script for hours now. Can anyone see a reason why this would set the appropriate cookies on one machine, and not set them from the server? I know the appropriate "if" statement is taking place and that the mysql_query is pulling the right data. In fact the header(Location: yaddayadda) is working, so it's not a matter of sending header info after text info.

I'm boggled...

<?php
ob_start();
error_reporting (E_ALL);

include("includes/connection.php");

if($submitlogin == "true" && $username !="" && $password != "")
{
$query = "SELECT * FROM users WHERE username = '" . $_POST['username'] ."';";
$recordset = mysql_query($query, $connection);
$row = mysql_fetch_array($recordset, MYSQL_ASSOC);

	if (($row['username'] == $username) && ($row['password'] == base64_encode($password)))
	{
// start a session and store the username, password and userID from the users database.
			if ($rememberme == "on")
			{
			$expire = (time() + 630720000);		
			setcookie("username", $username, $expire);
			setcookie("password", base64_encode($password), $expire);
			setcookie("userID", $row['userID'], $expire);		
			header("Location: index.php?thisisfuckintwisted=true");
			}
			else
			{
			setcookie("username", $username);
			setcookie("password", base64_encode($password));
			setcookie("userID", $row['userID']);		
			header("Location: index.php");
			}
		}
// failed login attempt, head back to index
		else
		{
		$location = "Location: index.php?login=failed";
		header($location);
		}
	}
// form never submitted, head back to index
	else
	{
	header("Location: index.php");
	}
?>

nemonoman

set the appropriate cookies on one machine, and not set them from the server

Can you elaborate? You're saying the code set the cookies on User A's PC, but not on User B? Is that what you mean?

Runnion

Not quite. When I use my own server (testing server) this works great, but when I upload it to my ISP's server to make it go live, it fails to put the cookies.

planetsim

Try just setting the one cookie

Runnion

It won't set a cookie even if I put the

setcookie($name, $value, $expire);

on the first line of the page.

planetsim

Most likely an error should come if it doesnt work. IF there is what is it.

It could be to do that an error before it has occured and it cant output it cos of output before it already

Runnion

But then wouldn't the error_reporting(EALL) be enough to get it to print the error?

planetsim

Well then i missed that bit in your code sorry. I now ask something else are you sure your even in the right bit to have the cookie set.

When i search for errors in ifs i just give them a number. SO i know which if i am working with. You should do that so you know if the cookie is not setting or you just going to the wrong page.

Runnion

I added a queryline to the header url so that it was index.php?thisisweird=true if the right bit got executed to set the cookies. so that's out. at first i thought there must be something inherantly bad with my code. glad to see that you can't see something obvious either. 🙂

nemonoman

Well, I'll come clean. I could never get setcookie to work right. I dug around and found I wasn't alone. Someone suggested this approach: use a META tag, first thing you send to the page, to set the cookie. Send it right after <!doctype html public "-//W3C//DTD HTML 4.0 //EN"> and before <html>

Here's the function I use:

function docookie($name, $data, $exp) {
        $cookie ='<META HTTP-EQUIV="Set-Cookie" CONTENT="'."$name=$data";
        if ($exp > 0) {

        $d=date("l, d-M-Y H:i:s ", $exp);
         $d = "expires =".$d." GMT ";
        $cookie  .= ";$d";
    }
    $cookie  .= "\">\n";
    echo $cookie;}

Runnion

I figured it out. Somewhere between 4.2.1 and 4.2.3 the operation of ob_start() changed. It no long buffers the header() function, but it does buffer the cookie function. Since cookies have to be the first headers, the setcookie() function was never even getting called. it was getting buffered.

I got around it like this....

<?php
ob_start();
include("includes/connection.php");

if($submitlogin == "true" && $username !="" && $password != "")
{
$query = "SELECT * FROM users WHERE username = '" . $username ."';";
$recordset = mysql_query($query, $connection);
$row = mysql_fetch_array($recordset, MYSQL_ASSOC);

	if (($row['username'] == $username) && ($row['password'] == base64_encode($password)))
	{
// start a session and store the username, password and userID from the users database.
			if ($rememberme == "on")
			{
			$expire = (time() + 630720000);		
			setcookie("username", $username, $expire);
			setcookie("password", base64_encode($password), $expire);
			setcookie("userID", $row['userID'], $expire);
			print "<SCRIPT LANGUAGE=\"JavaScript\">window.location=\"index.php\";</script>;";
			}
			else
			{
			setcookie("username", $username);
			setcookie("password", base64_encode($password));
			setcookie("userID", $row['userID']);
			print "<SCRIPT LANGUAGE=\"JavaScript\">window.location=\"index.php\";</script>;";			
			}
		}
// failed login attempt, head back to index
		else
		{
		$location = "Location: index.php?login=failed";
		header($location);
		}
	}
// form never submitted, head back to index
	else
	{
	header("Location: index.php");
	}
?>

😃