understanding cookie concept

mikefn

Hi all,

I have problems with understanding cookie function in php.
Here's the story of my case:
login.php --> client.php
For example I have a login page called login.php
That page will ask for user name and password.
After the user login, it will goto client.php.
Inside client.php, it includes the menu.php that can pass the user to many other page, such as:
client_invoice1.php
client_invoice2.php
client_invoice3,php
client_history.php
When each of the pages above being called, I pass the variables name and password along.
So it wil be like:
client_invoice1.php?name=urlencode($name)&password=urlencode($password)
I want to set the limit time, if the user is being idle for 10 minutes, then it will redirect to login page (login.php).
I know the code something like:
setcookie("Name", $name. time() + 600);
setcookie("Password". $password. time() + 600);
Now, should I include those codes above in every single file?
If it's expires, does it know by itself where to redirect to or should I make codes to handle that like:
<?php
if ($name) {
// rest of the codes
...
}
else {
header("Location: login.php");
}
?>
I think I have a logic problems with understanding cookie.
Thanks in advance for any help

th3void

One possible solution is to create a header file (header.php) or a functions file (functions.php) and put your validation code in there, and then include it on every page.

For example, make a function checkAuth() in functions.php with something like this...

function checkAuth()
{
if (isset($_COOKIE["name"]))
{
setcookie("name", $name, time() + 600);
setcookie("password", $password, time() + 600);
}
else
{
header("Location: login.php");
}
}

Then, on the top of every page where you need to be logged in...

include("functions.php");
checkAuth();

You'd have to call the function before ANY output however, even <html>, or else you'll get "headers already sent".

keith73

Originally posted by mikefn
Hi all,

I have problems with understanding cookie function in php.
Here's the story of my case:
login.php --> client.php
For example I have a login page called login.php
That page will ask for user name and password.
After the user login, it will goto client.php.
Inside client.php, it includes the menu.php that can pass the user to many other page, such as:
client_invoice1.php
client_invoice2.php
client_invoice3,php
client_history.php
When each of the pages above being called, I pass the variables name and password along.
So it wil be like:
client_invoice1.php?name=urlencode($name)&password=urlencode($password)
I want to set the limit time, if the user is being idle for 10 minutes, then it will redirect to login page (login.php).
I know the code something like:
setcookie("Name", $name. time() + 600);
setcookie("Password". $password. time() + 600);
Now, should I include those codes above in every single file?
If it's expires, does it know by itself where to redirect to or should I make codes to handle that like:
<?php
if ($name) {
// rest of the codes
...
}
else {
header("Location: login.php");
}
?>
I think I have a logic problems with understanding cookie.
Thanks in advance for any help

passing those params in the url defeats the purpose of having cookies. You should set the cookies at login, then check for the existence of the cookie on each of the following pages. If the cookie does not exist, redirect back to the login form.
when they login, and you have verified the user/pass combo, set the cookies:

setcookie("username",$username,time() + 600,"/","domainname");
setcookie("password",$password,time() + 600,"/","domainname");

then on each page after, first check that the cookies exist:

if( isset($_COOKIE['username']) && isset($_COOKIE['password']) ){
	//cookies exist, do something herehere.
} else {
	//cookies don't exist, do something here
}//

the cookie saves you from having to pass those params in the url string
even better, sessions allow you to just pass the session id (cookie or url) and you can store whatever data you want in the session.

keith

mikefn

Thanks guys!!!

Now, if I set "username" to cookies, I don't need to pass the variable again from page to page using urlencode, right?
I just called page without "?var=urlencode($var).
Am I correct?
Thanks.

Mike FN

th3void

You got it. It sure is nice not needing to pass stuff around with links ;p