Chocolate Chip?

Thomas_P

Hi all,

I wanted to start by saying, you folks in this forum are just great for a noob such as myself, your efforts are really appreciated!

Now, on to my current cookie problem

Here is how I create the cookie

{
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("user", "$username");
header("Location: main.php");
}

And my attempt to redirect if cookie is not present

<?php
if (isset($_COOKIE["user"]))
  exit;
else
   header("Location: login.php");
?>

And so, at this moment it kicks me back to login, even if I am a valid user, I have cookies enabled also.

Any ideas would be great!

Thanks
Thomas

Krik

setcookie("user", "$username");

the problem is every "user" is "$username" and not "bob", "John" ect

try

setcookie("user", $username);

bradgrafelman

As far as the value goes, "$username" and $username are identical (though I agree; it's an unnecessary use of quotes). Either way, it would've at least set some value thus making isset() true.

Is the second code snippet you showed us further down the script in the same page, or is it in main.php ? Once you do the header() redirect in the first code snippet, you don't have a die() statement or anything so the rest of the script will also get executed. That's why I usually recommend putting a die()/exit after a header() redirect.

EDIT: If that doesn't solve it, is this site accessible to the rest of the world? Could you perhaps post a link and test login credentials so that we could examine the script's output? If you don't feel comfortable posting a link and user/pass that everyone can see, feel free to PM me such information and I'll take a look and post back with what I find.

NogDog

I think (though am not 100% sure) there may be a conflict between the setcookie() and the location redirect header(). Both commands queue up HTTP headers to be sent whenever it's time for headers to get sent. However, I think that a Location header() will preempt the other headers, including the cookie headers, so they never get received or saved by the client.

Thomas_P

Thanks for the replies,

The site is on WAMP right now but bradgrafelman, you were correct. The problem was that I never ended the script so I changed it to

<?php
if (isset($_COOKIE["loggedin"]))
   'end';
else
   header("Location: login.php");
?>

I did this at work last night and had no internet connection so I was grasping at straws looking for a command to end the code if succesful.

So I should be using 'die'? and not 'end'?

Also this seems to work as it is, if the user isn't logged in (clear browser cache) then I get redirected from each page back to login and if user is logged in then I can access the page.

Thanks everyone!

NogDog

'end' is not a PHP command. As used above it's just a string literal that does nothing. You're looking for [man]die/man or [man]exit/man, which are synonymous.

bradgrafelman

I don't think you understood what I meant. I meant for you to add the die() here:

{
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("user", "$username");
header("Location: main.php");
}

That way the rest of the script isn't executed after the header() command.

Note that $_COOKIE['loggedin'] won't be set until the next page load after you call setcookie(), so you can't test for it in your script to see if the cookie was just set.