cookie prob

alexzzz

I m very much a newbie to php...but I dont understand why this script doesnt work... After i type in a correct username and password the page just reloads and looks the same again with empty fields for pass and username...Nothing happens..

anyone have an idea what could be wrong?

and is there a way that i can check if the cookie is set?

<? 


if($login == "Login") 
{ 
include("db_connection/db_connect.php"); 
$query = "select * from auth where user_name = '$user' and password = '$pass'"; 
$result = mysql_query($query, $db); 
if(mysql_affected_rows() != 0) 
{ 
setcookie("user[]", $user); 
setcookie("user[]", $pass); 
Header('Location: $PHP_SELF?login=0'); 
echo "cookie is set";
} 
else 
{ 
Header('Location: $PHP_SELF?error=no%20good&login=0'); 
} 

} 


if(!isset($HTTPS_COOKIE_VARS["user"])) 
{ 
echo $error."<br>"; 
?> 
<form action="<?$PHP_SELF?>" method=post> 
user: <input type=text name=user><br> 
pass: <input type=text name=pass><br> 
<input type=submit name=login value=Login> 
</form> 
<? 
} 
else 
{ 
echo "Welcome"; 
} 
?>

Kudose

From a quick glance, I see that you are redirecting yourself before you display your success message and making yourself vunerable to SQL injection attacks.

You should also set your cookies like this:

setcookie("ui[user]", $user, time()+3600);
setcookie("ui[pass]", $pass, time()+3600);

Check it like this:

if($_COOKIE['ui']){
     foreach($_COOKIE['ui'] as $name=>$val){
          echo $name." :: ".$val."<br>";
     }
} else {
echo "No Cookie Set.";
}

Just my 2 cents...

phil_j_poore

use

$_COOKIE["user"]

rather than

$HTTPS_COOKIE_VARS["user"]

also it is better practice if you identified which was user and which was pass in the cookie e.g......

setcookie("user[user]", $user); 
setcookie("user[pass]", $pass);

if it still doesnt work post again with more details......