Cookies not working on server

tdors

I have some code that works on my machine where I do testing and then also on the server that I host them on. I had to re-install the server last weekend because the motherboard crashed. Now whenever I try to send cookies from it, they just don't send. It's the only thing that I can think of as to why my login page doesn't allow the person to login. I think that if it was an SQL problem, it sould have said that my login information was wrong, so I've narrowed it down to the cookies. This does work on my coding machine and had worked before I re-did the server and hadn't changed any of the code since. I've included the code below which can also be found under the login link at http://24.123.93.234/programs/hamradio/index.php . Any help is greatly appreated!

==============CODE BELOW========

<?php

Script 7.1 - login.php

if (isset($_POST['submit'])) { // Handle the form

require_once ('./connect2mysql.php'); // Connect to the db.

// Create a function for escaping the data.
function escape_data ($data) {
	global $dbc; // Need the connection.
	if (ini_get('magic_quotes_gpc')) {
		$data = stripslashes($data);
	}
	return mysql_real_escape_string($data, $dbc);
} // End of function.

$message = NULL; // Create an empty new variable.

// Check for a username.
if (empty($_POST['username'])) {
	$u = FALSE;
	$message .= '<p>You forgot to enter your username!</p>';
} else {
	$u = escape_data($_POST['username']);
}

// Check for a password.
if (empty($_POST['password'])) {
	$p = FALSE;
	$message .= '<p>You forgot to enter your password!</p>';
} else {
	$p = escape_data($_POST['password']);
}

if ($u && $p) { // If everything's OK.

	// Retrieve the user_id and first_name for that username/password combination.
	$query = "SELECT login_id, callsign, access_level, assigned_county FROM users WHERE login_id='$u' AND userpass=PASSWORD('$p')";		
	$result = @mysql_query ($query); // Run the query.
	$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.

	if ($row) { // A record was pulled from the database.

			// Set the cookies & redirect.
			setcookie ('callsign', $row[1], time()+3600, '/', '', 0);
			setcookie ('login_id', $row[0], time()+3600, '/', '', 0);
			setcookie ('access_level', $row[2], time()+3600, '/', '', 0);
			setcookie ('assigned_county', $row[3], time()+3600, '/', '', 0);
			header ("Location:  [url]http://[/url]" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php");
			exit(); // Quit the script.

	} else { // No record matched the query.
		$message = '<p>The username and password entered do not match those on file.</p>'; 
	}

	mysql_close(); // Close the database connection.

} else {
	$message .= '<p>Please try again.</p>';		
}

} // End of the main Submit conditional.

// Set the page title and include the HTML header.
$page_title = 'Login Page';
include ('include/p_header.inc.php');

// Print the error message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset><legend>Enter your information in the form below:</legend>

<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>

<?php
include ('include/p_footer.inc.php'); // Include the HTML footer.
?>

tdors

In addition, server info can be found at http://24.123.93.234/sqltesting/phpinfo.php

AstroTeg

If I remember correctly, the @ before a function call tells PHP to not show warnings. So...

 $result = @mysql_query ($query); // Run the query.

Will not show you any warnings if this query worked or not. I'd pull the "@" out and run it again and see if you get any errors. I'd also echo the query and put it in phpMyAdmin or some tool which allows you to execute the query and view the result set. Make sure the query is working before you try toubleshooting the cookies. The cookie code looks ok at first glance - although I might have missed something.

After verifying your query is working and its bringing data back, check your browser's cookie collection and make sure you're getting a ok (Mozilla makes this pretty easy to do with its cookie manager).

If you find you're getting a cookie, its possible your login code has issues...

LordShryku

To add to AstroTeg's point of error_reporting. With a mysql query, always use [man]mysql_error[/man] to get the error coming directly from mysql.

$result = mysql_query($query) or die(mysql_error());

And it never hurts to throw an error_reporting(E_ALL); at the top of the script

tdors

It can't be the SQL query because it works fine on the development machine I run. I also copy the data file from my dev. machine to the server so I have an exact match of the SQL data.

tdors

Also, I took out the @ and I did not get any error message.

tdors

And I forgot to add. If I put in an invalid username/password combination, it sends back "UserID/Password not found". If I put in a correct combination, it returns me back to the home page which it would if the cookie didn't go.

AstroTeg

Ok. So we're 100% sure its not your query. The next thing to look at is are you getting cookies in the browser? Make sure you're getting a cookie. If you're not, then you have a problem with your cookie code.

tdors

It can't be the browser, I've used the same machine to view the code from my dev server and it works for the dev server but not the host server. I have also tried to access the page from other machines which would also not get the cookies using IE 6.0. The development machine is windows XP, the host server is Windows 2000 Advanced Server. Any idea?

tdors

Still Haven't found an answer. I reinstalled the server and my dev machine from scratch. The server is Windows 2K, the dev machine Windows XP. I've turned on IE to alert me when cookies are being recieved. Installed from scratch with no alterations, the dev machine works and sends me a cookie, but the server won't send the cookie. The previous server was Windows 2003 and worked. I can't upgrade to it again because I have a Legal copy of 2000. On the dev machine, IE alerts me to receiving the cookies but from the server, it does not. I do also know that it is not a mySQL installation or configuration problem because I duplicated the databases, installed each the same way AND the site is getting mySQL information for the footer when it gets the total number of nets and member logs. I guess the only differences between the dev and the server is that the dev machine is XP, the server is 2000 and the dev machine is running IIS 5.1 and the server is running IIS 5.0. Could that be the difference?

Thanks for all your help.

Todd