www.webdeveloper.com
Results 1 to 5 of 5

Thread: Cookie session. Please help!!

  1. #1
    Join Date
    Jan 2010
    Posts
    3

    Unhappy Cookie session. Please help!!

    Hello, I think everybody can help. Please read.

    Could you tel me if you can login in the following page?
    http://ociogdl.com/tests/login.php
    username: user
    password: pass

    Please reply with your feedback. I want to know how general is this issue.

    I have an integration between SMF forum and OsDate, which uses cookies and sessions. However, when I use any browser except for Mozilla, the session is not passed. Anyway, I tried to simplify this and look for a simple session script (which I set in the page above) to try to figure out what the problem is. In the script above, the behavior is the same, when login with Mozilla I can succesfully do it, but with the other browsers I can't. I think it is an issue with the script, because I can login to other pages using cookie sessions with the same computer an browsers I have. Can you point me about what could it be? below is the code for this simple script:


    <?php
    // Connects to your Database
    mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error());
    mysql_select_db("Database_Name") or die(mysql_error());

    //Checks if there is a login cookie
    if(isset($_COOKIE['ID_my_site']))

    //if there is, it logs you in and directes you to the members page
    {
    $username = $_COOKIE['ID_my_site'];
    $pass = $_COOKIE['Key_my_site'];
    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
    while($info = mysql_fetch_array( $check ))
    {
    if ($pass != $info['password'])
    {
    }
    else
    {
    header("Location: members.php");

    }
    }
    }

    //if the login form is submitted
    if (isset($_POST['submit'])) { // if form has been submitted

    // makes sure they filled it in
    if(!$_POST['username'] | !$_POST['pass']) {
    die('You did not fill in a required field.');
    }
    // checks it against the database

    if (!get_magic_quotes_gpc()) {
    $_POST['email'] = addslashes($_POST['email']);
    }
    $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

    //Gives error if user dosen't exist
    $check2 = mysql_num_rows($check);
    if ($check2 == 0) {
    die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
    }
    while($info = mysql_fetch_array( $check ))
    {
    $_POST['pass'] = stripslashes($_POST['pass']);
    $info['password'] = stripslashes($info['password']);
    $_POST['pass'] = md5($_POST['pass']);

    //gives error if the password is wrong
    if ($_POST['pass'] != $info['password']) {
    die('Incorrect password, please try again.');
    }
    else
    {

    // if login is ok then we add a cookie
    $_POST['username'] = stripslashes($_POST['username']);
    $hour = time() + 3600;
    setcookie(ID_my_site, $_POST['username'], $hour);
    setcookie(Key_my_site, $_POST['pass'], $hour);

    //then redirect them to the members area
    header("Location: members.php");
    }
    }
    }
    else
    {

    // if they are not logged in
    ?>
    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
    <table border="0">
    <tr><td colspan=2><h1>Login</h1></td></tr>
    <tr><td>Username:</td><td>
    <input type="text" name="username" maxlength="40">
    </td></tr>
    <tr><td>Password:</td><td>
    <input type="password" name="pass" maxlength="50">
    </td></tr>
    <tr><td colspan="2" align="right">
    <input type="submit" name="submit" value="Login">
    </td></tr>
    </table>
    </form>
    <?php
    }

    ?>

    In fact, this script does work with one of my computers with ie6, but not working in another with ie8 (as mentioned, I prefer to think that it is a script issue)

    Could you help?

  2. #2
    Join Date
    Jan 2010
    Posts
    13
    It seems a bad idea to keep password in cookies: everybody can read corresponding file and get it. There is nothing in you code that browsers can process by different ways. So I see one possible reason only: IE8 is too clever and disapprove to keep password in the cookie. Try to change name of password cookie.
    Sorry if it will not help. It's my suggestion only.

  3. #3
    Join Date
    Jan 2010
    Posts
    3

    Loosing Cookie when redirecting

    Thanks qforever,

    I appreciate your advice about the the security matter you mention, thanks.

    I have been checking some session and cookie scripts, and this is the behavior I can see, I hope you could answer some of my questions:

    I have tested a simple script to test the cookies are sent and retrieved correctly by the browser in the same php. The script works OK.
    Then I have tested another script which after a successful login, saves some cookies. But then if I redirect to another php file and I try to retrieve the cookie I just saved, the cookie doesn't look to be retrieved. So these are some questions I have:

    If a cookie is saved in test.php, the cookie can not be retrieved from test2.php (even when they are in the same directory)??
    Do you know what's the difference between IE and Firefox when managing cookies? I have tested several scripts with firefox and they look to work just fine.

    If you could point me with a script to determine exactly what is happening with the cookies in the script/browser, I will highly appreciate it.

    Thanks!

    Salvador

  4. #4
    Join Date
    Jan 2010
    Posts
    13
    If you're looking from PHP you would see no difference in cookie management between IE and FF. If such difference exists - browser simply does not satisfy corresponding RFC. IE sometimes working strange so other possible reason of your problem is an IE bug. To test this suggestion you need to run your script at other computer but with the same version of IE.
    To resolve a problem with cookies visibility - try to pass path parameter to setcookie. Who know what goes by default?
    Also it will be nice to control setcookie parameters on all scripts you're testing.
    Overall - using $_SESSION(see http://php.net/manual/en/function.session-start.php) to keep any user-related data. It sends one cookie and usually works perfect.

  5. #5
    Join Date
    Jan 2010
    Posts
    3

    Got it!!

    Thanks qforever!

    Somehow, I was able to make the script on top work in my computer by changin the expiration time for the coockie. I used 1 month instead 1 hour.

    I still don't know the backgrond of the different behavior, but I will take a look on it. If you have a clue about whyy it happens please let me know.

    Anyway, thank you a lot for your replies. They sure helped me to learn some more (Im a php newbie).

    Thanks!

    Salvador

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles