anyone help me!

video

how to write a cookie in the head?
how to sent a cookie with password and the user!

superwormy

www.php.net/setcookie

www.php.net/header
http://wp.netscape.com/newsref/std/cookie_spec.html

And you shouldnt' be storing usernames and passwords in cookies. It's not secure. At all.

video

plz explain me the diffirent of cookie which contain user and password, and a cookie normal.
Because when I connect to a site. That site let me see the page index, but when I go to another page I need use my user and my password, is it mean that site use a cookie which contain user and password!
So I want to write a script that connect direct to the page I want to come which cookie I have to write to connect direct to that page!
ex: [url]http://the....site.com/page.php.[/url]
it demand me to enter the password and user!
so how can I write a cookie to connect direct my site to this page!

jpmoriarty

i think it's the transmitting of the cookie thats dangerous if it contains the password - it's not a secure transmission so can be intercepted and used by other people.

if you want people to be able to come back to your site and not have to log in, why not just set a cookie with a value like "authorised user" - the page checks to see if it exists, and if it does then it lets them in.

Thats the basics - you could make it more secure by say having the cookie set with a code (so people couldnt just guess at it).

But if you're going to let people back to your site without asking for a user/pass combination then the chances are that it's not terribly important for it to be secure, so i wouldnt worry about it.

The_Coop

JPMORIARTY, Why were you so unhelpfull. OK, the guy should have posted to the correct forum, but with only 2 posts under his belt, perhaps he was "inexperienced" with forums.

It would have taken just the same time to post a soloution to his problem as it did to post your unhelpful procrastinations. Give him (and us) a break please.

Jeroen_nld

to set a cookie you have to set it before any output is put on screen
so just use setcooke("cookiename","cookievalue",time()+606024);
this wil create a cookie that is named cookiename and has the value cookievalue and will expire in 606024 seconds (1 day)
to read the value from the cookie use $_cookie[cookiename] or $HTTP_COOKIE_VARS[cookiename].

if you want to protect the cookie (eg. if you want to put in passwords or email addresses) try base64_encode the value first

$cookievalue=base64_encode("emailaddress");
setcookie ("cookiename","$cookievalue",time()+606024);

if you want to read the email address back just base64_decode the value

hope this was helpfull

superwormy

base64_encode is not secure at all, it's not encryption, and it shouldn't be used to store usernames and passwords.

anyone using that computer could easily look at all teh cookies on your computer and get your username and password from them.

the safe option would be to store a cookie witha unique ID signed to it, then store the unique ID in the 'user' table ( if you're using mysql ) or a text file.

your table, or data, could look like this:

ID, username, password (md5 hashed), unique_ID, Date_expire

1, KeithP, 5f4dcc3b5aa765d61d8327deb882cf99, asd8976as987gasdg, 2003-03-17

Then, check first if theres a cookie set, next check if the cookies value is equal to a unique_ID in the database, and check if the Date_expire > NOW()

Jeroen_nld

superwormy, you are absolutely right about that.
the reason i want to bas64 encode my email address in a cookie is because some virussen check cookies for email addresses

but you are right about not placing passwords in a cookie this way..

jpmoriarty

JPMORIARTY, Why were you so unhelpfull. OK, the guy should have posted to the correct forum, but with only 2 posts under his belt, perhaps he was "inexperienced" with forums.

It would have taken just the same time to post a soloution to his problem as it did to post your unhelpful procrastinations. Give him (and us) a break please.

hummm... where did that come from? I've been picky in the past about multiple posts, but dont remember being so here....

video

I want to ask a question !
I have an account with user and password in a site. now I want to know the cookie of my account.
how can I do it the fonction ?
curl_seopt()
curl_init
curl_exec()
.....
thanx

superwormy

Um... not sure what you mean...

If you want to see your cookies, you can look wherever your browser stores them. For IE, under Win2k:
C:\Documents and Settings\yourusernamehere\Cookies\

Not sure for anything else, most likely c:\windows\cookies\ or some such.

If you want to set a cookie with PHP, see:
www.php.net/set_cookie

OR:

www.php.net/header TOGETHER WITH: http://wp.netscape.com/newsref/std/cookie_spec.html

superwormy

To build on that... curl functions are for ( shamelessly ripped from: http://curl.haxx.se/ )

Curl is a command line tool for transferring files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Curl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, kerberos, HTTP form based upload, proxies, cookies, user+password authentication, file transfer resume, http proxy tunneling and a busload of other useful tricks.