Cookie Issue

[Deckard6]

I have been working on this for a while, trying to create a user login system in a MySQL DB. As well detect if the user is loged etc...

Still my setcookie function does not seem to work. Here is the code

PHP Code:

  // setup global variable $global_user_id, set it to 0, which means no user as auto_increment IDs in MySQL begin with 1
  $global_user_id = 0;
  
  // now, check if user’s computer has the cookie set
  if (isset($_COOKIE['mycookiename'])) {
  
    $cookieval = $_COOKIE['mycookiename'];
    
    //now parse the ID:LOGCODE value in cooke via explode() function
    $cookieparsed= explode (":", $cookieval);
    
    // $cookie_uid will hold user’s id
    // $cookie_code will hold user’s last reported logcode
    $cookie_uid  = $cookieparsed[0];
    $cookie_code = $cookieparsed[1];
    
    // ensure that ID from cookie is a numeric value
    if (is_numeric($cookie_uid)) {
      
      // now connect to the database
      $link = mysql_connect($Host, $User_Name, $User_Password) or die("Could not connect : " . mysql_error() . "<P>");
      
      // now select the database
      mysql_select_db($DB_Name);
      
      // now, find the user via his ID
      $res= mysql_query("SELECT user_logcode FROM user WHERE user_id='$cookie_uid'");
      
      // no die() this time, we will redirect if error occurs
      if ($res) {
        
        // now see if user’s id exists in database
        if (mysql_num_rows($res)) {
          
          $logcode_in_base= mysql_result($res, 0);
            
          // now compare LOGCODES in cookie against the one in database
          if ($logcode_in_base == $cookie_code) {
            
            // if valid, generate new logcode and update database
            $newcode = md5(func_generate_string());
            $query = "UPDATE user SET user_logcode='$newcode' WHERE user_id='$cookie_uid'";
            $res = mysql_query($query) or die("Could not update database.");;
              
            // setup new cookie (replace the old one)
            $newval = "$cookie_uid:$newcode";

------->setcookie("mycookiename", $newval, time() + 3600, "/", ".mywebsite.com");

            // finally, setup global var to reflect user’s id
            $global_user_id = $cookie_uid;

            // now close the database
            mysql_close($link);  
          } else {
            // redirect if logcodes are not equal
            login_error ("Session Ended");
            exit;
          }
        } else {
          // redirect if user ID does not exist in database
          login_error ("User Does Not Exist");
          exit;
        }
      } else {
        // redirect in case of database error
        login_error ("DataBase Error");
        exit;
      }
    } else {
      // now close the database
      mysql_close($link);  
        
      // redirect if user ID in cookie not numeric
      login_error ("Incorrect Entry Value");
      exit;
    }
  } else {
    // redirect if user ID in cookie not numeric
    login_error ("Wrong Cookie");
    exit;
  } 


The line in red does not seem to work and I can't seem to be able to figure out the exact reason. Does somebody has an explaination ?

[Forbes]

Have you tried echo()ing $cookie_uid to see if there is any data in before you run the query?

Also, are you getting any errors? If so, what are they?

The more information give us, the more help we can give you...

[Deckard6]

I did an print_r($_COOKIE); which already show just after the setcookie that it has not been updated.

Yet all the value are correctly updated in the DB and the same value are used to update the cookie

Thefore on the second check, the line

PHP Code:

if ($logcode_in_base == $cookie_code) { 


fail since there is a difference between the Db and the Cookie.

PHP Code:

if (setcookie("mycookiename", $newval, time() + 3600, "/", ".mywebsite.com") == 1) {
  echo ("Set Cookie Worked<br>");
} else {
  echo ("Set Cookie Failed<br>");
}
print_r($_COOKIE);
echo ("<br>"); 


It always return a failure at that point.

I also tried to delete the cookie using:

PHP Code:

setcookie("mycookiename", "", time() - 3600, "/", ".mywebsite.com"); 


to delete the cookie before creating a new one, it did not delete the cookie.

[Forbes]

Taking the problem right back, have you actually got cookies enabled in your browser?

Don't get me wrong, I'm not making out you're stupid, it's just that sometimes the obvious is overlooked.

I can't see anything really wrong, but I'd have to have a play around with the live code to get my head into it properly...

[Deckard6]

I understand, trust me it's driving me mad

I'm using Firefox 1.0 and I have the cookies enabled, I can check the value of the cookie once I'm loged in. Everything is fine.

I have tried with IE with all updates, and it does the same thing, it does not update the cookie, but will create the cookie when I log in.

Both browsers have the cookies enabled.

[Forbes]

If you're trying to update the cookie, then why not try destroying it first, then writing out a new one?

[Deckard6]

I tried that, and it would not destroy the cookie in that specific function.

But it would destroy it using lougout.php

I don't undestand why it would not let me destroy it or change it somewhere else.

[Forbes]

Let's see some of the code in your logout.php file...

[coo_t2]

Turn error reporting (error_reporting(E_ALL) )
all the way up to see if you get any funky errors.

--ed

[Deckard6]

this is the logout

PHP Code:

<?php
  // ensure the userid is passed
  if (isset($_POST['userid'])) {

    $userid = $_POST['userid'];  

    // ensure the value is numeric
    if (is_numeric($userid)) {

      require ("./config.php");
  
      $link = mysql_connect($Host, $User_Name, $User_Password) or die("Could not connect : " . mysql_error() . "<P>");

      mysql_select_db($DB_Name);

      // update database
      $res= mysql_query("UPDATE user SET user_logcode='None' WHERE user_id='$userid'");
      setcookie("mycookiename", "empty", time() - 3600, "/", ".mywebsite.com");

      // Close the MySQL Link  
      mysql_close($link);    
    }
    setcookie("mycookiename", "empty", time() - 3600, "/", ".mywebsite.com");
  }
  // redirect to a logoff (thanks for using our service) page
  header("Location: http://www.mywebsite.com/log_off.php");

  exit;
?>

[Forbes]

Well for a start, the second attribute of each call to setcookie() is quite different...

[Deckard6]

Turn error reporting (error_reporting(E_ALL) )
all the way up to see if you get any funky errors.

--ed

I tried and yet no error is reported, but still the cookie is neither updated or deleted.

[Deckard6]

Well for a start, the second attribute of each call to setcookie() is quite different...

I did a copy and paste of the setcookie to delete the cookie from the logout function (which work fine in log_out.php) and copied it in my detection function with nothing else to prove that it would neither delete or uptdate the cookie.

And it does not delete it within the detect_user.php function, only in the log_out.php side.

[Deckard6]

No ideas ?

[jaswinder_rana]

just a try
change
setcookie("mycookiename", $newval, time() + 3600, "/", ".mywebsite.com");
to
setcookie("mycookiename", $newval, time() + 3600, "/", "mywebsite.com");
OR to
setcookie("mycookiename", $newval, time() + 3600, "/", "www.mywebsite.com");

there is no . before the mywebsite.com and in second case there's www before the website name

just a try might be the error(though it seems not but you never know)

[trogdor1024]

You can also try taking out the last two arguments...

PHP Code:

<?
setcookie("mycookiename", $newval, time()+3600);
?>

Sometimes the domain argument is so picky that it won't balk when it uses its default. I rarely need to specify.

[Deckard6]

I found my own mistake, the cookie part of the script needed to be the very first action in the script before any HTML output.

Otherwise the setcookie functon will always return false.

Thanks for your help.

[Forbes]

Of course!

I think a well-earned: 'duh!' is deserved all round...

[coo_t2]

You mean you didn't get any error messages saying "headers already sent" or something like that?

--ed

[Forbes]

Not if you do it, thus:

PHP Code:

<?php

$value = 'something from somewhere';

setcookie("TestCookie", $value);
setcookie("TestCookie", $value, time()+3600);* /* expire in 1 hour */
setcookie("TestCookie", $value, time()+3600, "/~rasmus/", ".example.com", 1);

?><?php

// rest of code, here...

...
...
...
...