PHP Cookies (Really this time!)

necrotic posted this at 01:52 — 18th June 2002.

Joined: May 2002

I am having trouble with PHP Cookies. It's for a login script which I already have done. Here is the code that adds the cookie:

<?php
$connect = mysql_connect('localhost','USER','PASS');
$selectdb = mysql_select_db('DB',$connect);

  if (!$connect) {
    echo (\"Cannont connect to the database at this time. Please try at a different time.\");
  }

  if (!$selectdb) {
    echo (\"Cannont reach to the database at this time. Please try at a different time.\");
  }

$query = mysql_query(\"SELECT * FROM users WHERE user='$username'\"); 
  while ($arow = mysql_fetch_array($query)) {
    $pass = $arow[\"password\"];
    $user = $arow[\"user\"];

  if ($username == $user && $password == $pass) {
    setcookie(\"Username\", $username);
    setcookie(\"Password\", $password);
    
    echo (\"You logged in! Your username is $user and your password is $pass.\");
    echo (\"<a href=\\"index.php\\">Back</a>\");
  }

  if ($password != $pass) {
    echo (\"Invalid password, please go back and fix it.\");
  }

}
?>

and here is the code that checks for cookies:

<?php
if (isset($username)) {
  if (isset($password)) {

    $connect = mysql_connect('localhost','USER','PASS');
    $selectdb = mysql_select_db('DB',$connect);

    if (!$connect) {
      echo (\"Cannont connect to the database at this time. Please try at a different time.\");
    }

    if (!$selectdb) {
      echo (\"Cannont reach to the database at this time. Please try at a different time.\");
    }

    $query = mysql_query(\"SELECT * FROM users WHERE user='$username'\"); 
      while ($arow = mysql_fetch_array($query)) {
        $pass = $arow[\"password\"];
        $user = $arow[\"user\"];

      if ($password != $pass) {
        echo (\"Invalid password, please go back and fix it.\");
      }

      if ($username == $user && $password == $pass) {
        echo (\"You logged in! Your username is $user and your password is $pass.\");
      }
    }

  } else if (!isset($password)) {
    include (\"index2.php\");
  }

} else if (!isset($username)) {
  include (\"index2.php\");
}
?>

Can someone help me? I don't really get the setcookie() function and how to check for cookies, the PHP manual at php.net doesn't help any except with the setcookie() function.

[James Logsdon]

Mark Hensler posted this at 04:29 — 18th June 2002.

He has: 4,048 posts

Joined: Aug 2000

A couple things of note...

<?php
if (isset($username)) {
//....
} else if (!isset($username)) {
?>

You don't need the ELSEIF. If the first IF returns false, then there is no reason to test if !FALSE==TRUE.

Variables in PHP are case sensitive. So...

<?php
setcookie(\"Username\", $username);
setcookie(\"Password\", $password);
?>

These will create cookie variables $Username and $Password. These will not be accessed by your second script, which uses $username and $password.

Finally, depending on your PHP version, register_globals may be turned off. If this is the case, you'll need to specify that your trying to access a cookie variable. You can use $_COOKIE['username'] and $_COOKIE['password'] with the latest version of PHP.

Mark Hensler
If there is no answer on Google, then there is no question.

zollet posted this at 10:31 — 18th June 2002.

He has: 1,016 posts

Joined: May 2002

I don't know if this is of any use to you, but here's a small script that I use at times when I'm working with cookies. It prints all your current cookies to your browser. You can use it for example to see if your cookies are set, etc.

<?php
foreach($HTTP_COOKIE_VARS as $key => $value) {
  echo \"$key => $value<br>\n\";
}
?>

necrotic posted this at 16:08 — 18th June 2002.

He has: 296 posts

Joined: May 2002

Ok. I did the stuff you told me to Mark and I did the script Zollet gave and the cookie showed up. But when I use the second script to find the cookies nothing happens. It's located here but first you have to login with the user/pass of test/test.

[James Logsdon]

zollet posted this at 21:21 — 18th June 2002.

He has: 1,016 posts

Joined: May 2002

As Mark mentioned earlier, your $username and $password variables do not go from the first script to the 2nd script just like that. You have to retrieve them from the cookies.

<?php
//Try adding these two lines on top of your script..
$username = $_COOKIE[\"username\"];
$password = $_COOKIE[\"password\"];

if (isset($username)) {
  if (isset($password)) {
?>

necrotic posted this at 01:57 — 19th June 2002.

He has: 296 posts

Joined: May 2002

Ok, I tried. Instead of getting a blank page the login page loads now. Here is the edited script:

<?php
//Added these at the advice of Mark and Zollet. Thanks guys.
$username = $_COOKIE[\"Username\"];
$password = $_COOKIE[\"Password\"];

if (isset($username)) {
  if (isset($password)) {

    $connect = mysql_connect('localhost','USER','PASS');
    $selectdb = mysql_select_db('DB',$connect);

    if (!$connect) {
      echo (\"Cannont connect to the database at this time. Please try at a different time.\");
    }

    if (!$selectdb) {
      echo (\"Cannont reach to the database at this time. Please try at a different time.\");
    }

    $query = mysql_query(\"SELECT * FROM users WHERE user='$username'\"); 
      while ($arow = mysql_fetch_array($query)) {
        $pass = $arow[\"password\"];
        $user = $arow[\"user\"];

      if ($password != $pass) {
        echo (\"Invalid password, please go back and fix it.\");
      }

      if ($username == $user && $password == $pass) {
        echo (\"You logged in! Your username is $user and your password is $pass.\");
      }
    }
  } else {
    include (\"index2.php\");
  }
} else {
  include (\"index2.php\");
}
?>

[James Logsdon]

Mark Hensler posted this at 05:30 — 19th June 2002.

He has: 4,048 posts

Joined: Aug 2000

You might not have a version of PHP that is 4.2.0 or later...
instead of $_COOKIE[], use $HTTP_COOKIE_VARS[]

zollet posted this at 05:39 — 19th June 2002.

He has: 1,016 posts

Joined: May 2002

Also I noticed that you are using $username = $_COOKIE["Username"]; (uppercase U). If when you set the cookies, the "username" is all lowercase, you should have the "username" all lowercase when you're getting the cookies as well. Same with "password".

necrotic posted this at 13:43 — 19th June 2002.

He has: 296 posts

Joined: May 2002

When I set the cookie it was in the case I have it now. So that's not the problem. I think my server has the newest v. of PHP so I'll try that Mark.

EDIT: IT WORKS!!! w00taness! Thanks guys. You've been a great help!

[James Logsdon]

zollet posted this at 19:24 — 19th June 2002.

He has: 1,016 posts

Joined: May 2002

Hehe, glad it worked out for you.

ROB posted this at 01:27 — 22nd June 2002.

They have: 447 posts

Joined: Oct 1999

Quote: Originally posted by Mark Hensler
..Finally, depending on your PHP version, register_globals may be turned off. If this is the case, you'll need to specify that your trying to access a cookie variable. You can use $_COOKIE['username'] and $_COOKIE['password'] with the latest version of PHP.

i'd also like to suggest (being the anal code purist that i am) that you never rely on globals being registered in any of your scripts. Dont let it become a habit.

ALWAYS get your data from $HTTP_GET_VARS(or $_GET), $HTTP_POST_VARS(or $_POST), $HTTP_COOKIE_VARS(or $_COOKIE), or the all-encompassing $_REQUEST.