Setting cookies - simple question!

tracdoor

Okay I'll get straight to the point I was using a script to set cookies containing a username which someone could easily log-in just buy changing the $_GET variable in the address bar.

Now I've realised this horrible flaw in my script i've decided to set the cookies inside of my login script:

<?php

include("/home/tracdoor/public_html/login/database.php");

$username=$_POST['username']; 
$password=$_POST['password']; 

$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
$inTwoMonths = 60 * 60 * 24 * 60 + time(); 
setcookie('iHomeLogin', $username, $inTwoMonths);
header('Location:http://sam.exofire.net/members.php');
}
else {
echo "Incorrect username or password<br><br>Username supplied: $username";
}

?>

For some reason my cookies arn't being set does anyone know why this is?

kakki

maybe you set your browser to reject cookies ???

NogDog

Could be an issue with doing the header() redirect. There are some user comments on the [man]setcookie[/man] page, mostly concerning issues where this is done on MS IIS.

tracdoor

I've tried removing the header(); but it still doesn't work. Can anyone see anything wrong with my script?

This is really annoying me now!

And my browser does accept cookies, I've tried in FF and IE.

NogDog

How are you verifying that the cookies are not set. Are you looking in the actual cookie cache (or whatever it's called) on the browser side, or something in another PHP script? If so, could it be an issue in that 2nd script?
Do you have all error reporting enabled and displayed (or if not displayed are you checking the error logs)?