cookies are a dirty word (login / out)

Vampirev

more issues... grr cookies are a dirty word

I swear i had this working to other day but cant find my backups..

anyways you need to login twice to stay logged in and you need to logout twice to lougout... even tried ctrl f5 to refresh still need 2 do it twice either way... is there anything here sticking out saying...MORON! change this to...

cheers
vamps


<?php 
ob_start(); 


// connect to the mysql server 
$dbcnx = @mysql_connect("localhost", "7777", "77777");
if (!$dbcnx)
{
print("unable to connect to database");
exit();
}
else 
{
mysql_select_db("onstage");
}



if ($_COOKIE['loggedin'])
{
//print logout form
?>
<form name="logout" action="logout.php">
<table class="form">
<tr>
<td align="center">
You are currently logged in as <?Print($_COOKIE['name']);?></td></tr>
<tr>
<td>
<input type="submit" value="Logout" class="form"><br><br>
<a href="http://onstageshirts.com.au/dev">Return</a>
</td>
</tr>
</table>
</form>
<?
}
else  // otherwise show login form
{
if ($foo == "bar")
{


$sql = "select * from Control where login ='".$_POST['username']."' and rawpass = '".$_POST['password']."';";  

$qry = mysql_query($sql)  

or die ("Could not match data because ".mysql_error());  

$num_rows = mysql_num_rows($qry); 


if ($num_rows <= 0) 
{  

?>
<!--login form-->
<link rel="stylesheet" href="data.css" type="text/css">
<form name="loginform"action="login.php" method="post">
<table cellpadding="2" cellspacing="0" class="formtext">
<tr>
<td colspan="3" align="center"><font color="red">Username or Password Invalid</font></td>
</tr>
<input type="hidden" name="foo" value="bar">
<tr><td align="right">Login Name :</td>
<td colspan="2"><input type="text" name="username" size="18" class="form"></td>
</tr>
<tr>
<td align="right">Password :</td>
<td colspan="2"><input type="text" name="password" class="form" size="18"></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="checkbox" name="remember"> Remember Me <input type="submit" value="Login" class="form"></td>
</tr>
<tr>
<td colspan ="3" align="center"><a href="recover.php">Forgotten Password</a></td>
</tr>
</table>
</form>
<!-- end login form -->
<?
} 
else
{  

setcookie("loggedin", "TRUE", time()+(3600 * 24));  


// finds clients name and sets cookie accordingly
$sql = "select * from Control where rawpass ='$password'";


$result=mysql_query($sql)
or die (mysql_error());

while($row=mysql_fetch_array($result))
{
$name = ($row['name']);
$clientid = ($row['clientid']);
}

setcookie("name", "$name");  

setcookie("id", "$clientid");  

?>
<link rel="stylesheet" href="data.css" type="text/css">
<?
Print("You are now logged in!<br>click <a href=\"http://onstageshirts.com.au/dev\">Here</a> to continue");  

} 
}
else
{
?>
<link rel="stylesheet" href="data.css" type="text/css">
<form name="loginform"action="login.php" method="post">
<table cellpadding="2" cellspacing="0" class="formtext">
<input type="hidden" name="foo" value="bar">
<tr><td align="right">Login Name :</td>
<td colspan="2"><input type="text" name="username" size="18" class="form"></td>
</tr>
<tr>
<td align="right">Password :</td>
<td colspan="2"><input type="text" name="password" class="form" size="18"></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="checkbox" name="remember"> Remember Me <input type="submit" value="Login" class="form"></td>
</tr>
<tr>
<td colspan ="3" align="center"><a href="recover.php">Forgotten Password</a></td>
</tr>
</table>
</form>
<?
}
}

ob_end_flush(); 
?>

logout


<?

//destroy cookies 
setcookie("loggedin", "", time()-(3600 * 24));   

setcookie("name", "", time()-(3600 * 24)); 
setcookie("id", "", time()-(3600 * 24));  

unset($_COOKIE['loggedin'], $_COOKIE['name'], $_COOKIE['id']);


Print("You are now logged out.<br>");  

?> 
Click <a href="http://www.onstageshirts.com.au/dev">here</a> to return

halojoy

🙂
I see a common mistakes from most Newbies:

They pack one page so full of stuff and functions
that in the end nobody can have any overview of what is happening.
And makes testing and debugging a nightmare.

It takes an experieced php programmer, to make it simple!
If you did see my php pages, you would be surprised!
Sometimes is only like 300 bytes long .......

It is better to have main controlling php very simple.
just testing the flow of what is to happen.
Then include smaller blocks from separate pages.

Take your login.php
could be something like this:

<?php // login.php
ob_start();
include 'dbconnect.php';

// test logindata?
if ( $_POST['loginsubmit'] ) {
include 'testlogindata.php';
}

if ( $_COOKIE['loggedin'] ) {
include 'logoutform.php';
}
// otherwise show login form
else {
include 'loginform.php';
}

ob_end_flush();
?>

I guess you see what I mean.
🙂

Drakla

You're also setting cookies with different parameters. You set the logged in one with an expire time, and the other two without making them session only cookies. Also try setting to cookie path to "/" and remember that a cookie set for http://mydomain.com WON'T work on http://www.mydomain.com UNLESS you specify the domain as ".mydomain.com" with the precedding full stop.

Vampirev

cheers guys,

coudl you give an example of setting a cookie so it will work with both www and without?

cheers
vamps

Drakla

setcookie('somecookie', 'somevalue', time() + 86400 * 30, '/', '.mydomain.co.uk');

Vampirev

changed to logout now it wont kill the cookies...also changed login to set cookies same except +

suggestions?


<?

//destroy cookies 
setcookie('loggedin', "", time() - 3600 * 24, '/', '.onstageshirts.com.au');
setcookie('name', "", time() - 3600 * 24, '/', '.onstageshirts.com.au');
setcookie('id', "", time() - 3600 * 24, '/', '.onstageshirts.com.au');
unset($_COOKIE['loggedin'], $_COOKIE['name'], $_COOKIE['id']);


Print("You are now logged out.<br>");  

?> 
Click <a href="http://www.onstageshirts.com.au/dev">here</a> to return

Vampirev

okies going for the neater approaching using includes etc.

given a form in a seperate file... if used included what do i tell it to target?

ie could someone give me a dummy sample of one of the files that are included if using this model

thanks again...im slowly starting to get the hang of this


<?php // login.php 
ob_start(); 
include 'dbconnect.php'; 

// test logindata? 
if ( $_POST['loginsubmit'] ) { 
include 'testlogindata.php'; 
} 

if ( $_COOKIE['loggedin'] ) { 
include 'logoutform.php'; 
} 
// otherwise show login form 
else { 
include 'loginform.php'; 
} 

ob_end_flush(); 
?>

halojoy

<?php

// connect to the mysql server  

$dbcnx = @mysql_connect("localhost", "7777", "77777"); 
if (!$dbcnx) { 
print("unable to connect to database"); 
exit(); 
} 
else  { 
mysql_select_db("onstage"); 
}

?>

this is simply that part from your first post, where db connect is done

This you save as 'dbconnect.php'
Then this can be included into your main 'login.php' ( or any other page, that need db )

same you can do with other parts:
login form
logout form

Good luck

Vampirev

kewl kewl,

go that part

ie i created a file caled logoutform.php

which is included as long as a cookie does not exist.

problem im getting is the cookies wont go away 🙂

heres the code

(I also assume any included files conating forms shoudl have the action="<?=$PHP_self ?>" set?)


<form name="logout" action="<?=$PHP_self ?>" method="post">
<table class="form">
<tr>
<td align="center">
You are currently logged in as <?Print($_COOKIE['name']);?></td></tr>
<tr>
<td>
<input type="submit" value="Logout" class="form"><br><br>
<a href="http://onstageshirts.com.au/dev">Return</a>
</td>
</tr>
</table>
</form>

<?
//destroy cookies 
if ($logout)
{
setcookie('loggedin', "", time() - 3600 * 24, '/', '.onstageshirts.com.au');
setcookie('name', "", time() - 3600 * 24, '/', '.onstageshirts.com.au');
setcookie('id', "", time() - 3600 * 24, '/', '.onstageshirts.com.au');
unset($_COOKIE['loggedin'], $_COOKIE['name'], $_COOKIE['id']);

Print("You are now logged out.<br>");  

?> 
Click <a href="http://www.onstageshirts.com.au/dev">here</a> to return
<?
}
?>

thanks again for your patience

damns n00bs 😛

halojoy

yes,
that is usual, to set action=PHP_SELF

an included page is seen by server as a bit of main page (the page that did include)
so if login.php includes 'login_form.php'
then PHP_SELF will be 'login.php'

This way you get a lot of small 'boxes', modules or blocks
that can be used whenever they are needed

mostly these small parts, are put into a separate folder: includes
so is included, but only if needed, by
using path:
include 'includes/dbconnect.php';

Vampirev

eg a login form?

is it possible to get an included file to set a cookie?

i guess it would be hard as it needs to be before anything else is set..

also

heres the go for now...

cant seem to figure it out i think its all kinda working..just doesnt seem to set the logged in cookie.

I can login with the user / pass and its getting through... wrong user / pass gets the sorry wrong user etc error...not sure what the hell is going on

you can see the demo here:-

http://faction306.com/form/home.php

username: test
pass: test

MAIN PAGE

ob_start(); 
// CONNECT TO MAIN DATABASE
include("cnxt.php");

// SET COOKIES
if ($_POST['cookies'] == "ok"){
include("setcookies.php");
}

// TEST LOGIN DATA
if ($_POST['in'] == "in"){
include("testlogin.php");
}



// IF COOKIE EXISTS YOU ARE LOGGED IN SO SHOW LOGOUT
if ($_COOKIE['loggedin']){
include("logoutform.php");
}

//OTHERWISE SHOW MAIN LOGIN FORM
else {
include("loginform.php");
}

//DESTROYS COOKIES
if ($_POST['logout']){
include("destroy.php");
}

ob_end_flush();

<form name="loginform"action="<?=$PHP_self ?>" method="post">
<input type="hidden" name="in" value="in">
<table cellpadding="2" cellspacing="0" class="formtext">
<tr><td align="right">Login Name :</td>
<td colspan="2"><input type="text" name="username" size="18" class="form"></td>
</tr>
<tr>
<td align="right">Password :</td>
<td colspan="2"><input type="text" name="password" class="form" size="18"></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="checkbox" name="remember"> Remember Me <input type="submit" value="Login" class="form"></td>
</tr>
<tr>
<td colspan ="3" align="center"><a href="recover.php">Forgotten Password</a></td>
</tr>
</table>
</form>

LOGOUT FORM

<form name="logout" action="<?=$PHP_self ?>" method="post">
<table class="form">
<tr>
<td align="center">
You are currently logged in as <?Print($_COOKIE['name']);?></td></tr>
<tr>
<td>
<input type="submit" value="Logout" class="form"><br><br>
<a href="http://onstageshirts.com.au/dev">Return</a>
</td>
</tr>
</table>
</form>

TESTLOGIN

ob_start(); 

$sql = "select * from Control where login ='".$_POST['username']."' and rawpass = '".$_POST['password']."';";  

$qry = mysql_query($sql)  

or die ("Could not match data because ".mysql_error());  

$num_rows = mysql_num_rows($qry); 


if ($num_rows <= 0) 
{  

Print("<font color=\"red\">Sorry the Login name or Password is incorrect</font>");
$cookies = "bad";
} 
else
{ 
Print("You are now logged in!<br>click <a href=\"http://onstageshirts.com.au/dev\">Here</a> to continue");  

$cookies = "ok";
} 
ob_end_flush();

DESTROY COOKIES

<?
//destroy cookies 
setcookie('loggedin', "", time() - 3600 * 24, '/', '.onstageshirts.com.au');
setcookie('name', "", time() - 3600 * 24, '/', '.onstageshirts.com.au');
setcookie('id', "", time() - 3600 * 24, '/', '.onstageshirts.com.au');
unset($_COOKIE['loggedin'], $_COOKIE['name'], $_COOKIE['id']);

Print("You are now logged out.<br>");  

?> 
Click <a href="http://www.onstageshirts.com.au/dev">here</a> to return
<?
}
?>

halojoy

PHP = Pre Hypertext Processor

From the server and browser point of view any include is
seen as a part of original php page

This means, that anything you can do from normal page can be done from part that is included
When you include something, you build up a new php page, which is executed

This is a cookie login I use, and it works.
md5( something ) is to encrypt password

you will have to adjust code to fit your script

Copy and paste those part you want to use

if ( isset( $_COOKIE[ 'username' ],$_COOKIE[ 'password' ] ) )
	die('You are already logged in.
<p>Would you like to <a href="logout.php">logout</a>?');

include ('validate.php');

if(isset($_POST[ 'username' ],$_POST[ 'password' ] ))
{
	if( checkLogin( $_POST[ 'username' ],md5( $_POST[ 'password '] )))
	{
		if(isset($_POST[ 'remember' ]))
		{
			setcookie('username', $_POST['username'], time() + 31536000) or die('Could not set login cookie');
			setcookie('password', md5($_POST['password']), time() + 31536000) or die('Could not set login cookie');
		}
		else
		{
			setcookie('username', $_POST['username']) or die('Could not set login cookie');
			setcookie('password', md5($_POST['password' ] )) or die('Could not set login cookie');
		}
		echo 'You have been logged in.
<p><form action="control.php">
<input class="button" type="submit" value="Continue"></form>';
	}
	else die('Incorrect login.
<p><form action="login.php">
<input class="button" type="submit" value="Retry"></form>');
}

else
{
	echo "

<form method='post' action='$self'>
Username: <input type='text' name='username'>
<br>Password: <input type='password' name='password'>
<br><input type='checkbox' name='remember'>Remember me on this computer
<p><input class='button' type='submit' value='Login'>
</form>

";
}

A common use of include is this:

<?php

// include website header, with LOGO and MenuBar
include 'header.php';

// Here is what this specific page Main contents is
// some stuff

// include website footer, with copyright and Powered by and Contact webmaster
include 'footer.php';

?>

Instead of writing a menu in every page it is included
like logo and footer.
say you have 10 pages at your website.
They use a menubar.
you want to change a link in your menu.
a lot of work! 10 pages to edit.

if you include same header.php, with menu, in your 10 pages,
you just edit header.php
and in all 10 pages new menu will show!

You now understand what is good about include ...
See 'include files' as a toolbox.
Whenever some page needs a tool from that toolbox ( folder includes ), they can include

Vampirev

cheers mate, above and beyond the call of duty

Vampirev

whats

if( checkLogin( $_POST[ 'username' ],md5( $_POST[ 'password '] )))

checklogin?

cheers
vamps

halojoy

Is where my login system does check for valid users
This function is declared, in include 'validate.php'

but of course you put in your own check of username/password at that spot, instead

maybe you do your check against mySQL database
I only use plain textfile.txt as my "database" to store usernames and passwords

Vampirev

would you mind posting your validate.php?

or a simplified version.. i can edit it to check my database.

cheers

halojoy

My database 😃 😃
called userlist.txt:
contents, 79 bytes:

21232f297a57a5a743894a0e4a801fc31admin
098f6bcd4621d373cade4e832627b4f60test

/**********************  *    validate.php    *  **********************/  

require_once('config.php');  

function checkLogin($user,$pass) {
 	global $file;
	 	$users=file($file) or die("Could not open file <b>$file</b>");
 	foreach($users as $userInfo) 	{
 		if ( trim(substr($userInfo,33))==$user && substr($userInfo,0,32)==$pass )
 			return 1; 	
}
 	return 0; 
}

  function isAdmin($user) {
 	global $file;
 	$users=file($file) or die("Could not open file <b>$file</b>");
 	foreach($users as $userInfo) 	{
 		if ( trim(substr($userInfo,33))==$user )
 			return substr($userInfo,32,1); 
}
 	return 0; 
}

  function isUsername($user) {
 	global $file;
 	$users=file($file) or die("Could not open file <b>$file</b>");
 	foreach($users as $userInfo) 	{
 		if ( trim(substr($userInfo,33))==$user )
			return 1;
}
 	return 0; 
}

To tell you the truth, this login system I have downloaded in a zip.
I only have made small changes, so get it the way I want it.

Vampirev

sorry was after the validate.php

ie how do i check against the user /pass and declare a pass or fail?

halojoy

as I told you:
Depends on what database you use.
How you store your data.

return 1; good login
return 0; bad login

if ( checklogin( $username, $userpass ))
alright.

because return from checklogin=1, and so "if = 1"

Vampirev

thankyou you have been very helpfull.

(never used functions before)

should be able to figure it out from here.