SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Enthusiast
    Join Date
    Nov 2003
    Location
    austalia
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    cookie check problem

    Hi

    I have a page (page 1) which checks for the existence of a cookie. If
    present a link is displayed, if not a form input box is displayed. Upon
    entering an email address into the input box, access is granted to a
    subsequent page (page 2). The action attribute of the form looks like this:

    action="cgi-bin/formtomailscript2.cgi"

    This executes the script fine when the form is submitted but the page
    doesn't check for the cookie on later visits (ie it displays the input box
    again rather than the link)
    If the action attribute is changed to look like this:

    <? echo
    $_SERVER['http://www.smilelearning.com.au/cgi-bin/formtomailscript2.cgi'];
    ?>

    Then the script is not executed, but the page successfully checks for the
    cookie and displays the link on later visits, rather than the input box.
    Appreciate an explanation about what's happening here and how to make sure
    the script is executed and the cookie is checked.

    This one really has me stumped. (Full page code below)

    Thanks
    David
    _________________________________

    <?php
    if (preg_match("/\w+/", $_POST['email']) )
    {
    setcookie("email", $email, time()+365 * 86400);
    header("Location: $_SERVER[SCRIPT_NAME]?checkit=1");
    exit;
    }
    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title>SMILE Learning: Free resources</title>
    <script language="JavaScript" type="text/javascript">
    <!--
    function formvalidation() {
    var message = "";
    if
    (!/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,4})+$/.test(document.emailaddress
    .email.value)){
    message = message + "\n Please enter a valid e-mail address";
    }
    if ( message.length > 0 ) {
    alert( message );
    return false;
    }
    else {return true;}
    }
    // -->
    </script>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    </head>
    <body id="resources">
    <div id="center_container">
    <?php include("includes/nav_main.php"); ?>
    <div id="columns">
    <div id="leftcolumn">
    <h1>Free resources!</h1>
    <?
    if (isset($_COOKIE['email'])) {
    ?>
    <ul>
    <li><a href='freeresourceslinks.php'>Access Free Resources</a></li>
    </ul>
    <?
    } elseif ($_GET['checkit']) {
    echo "
    <p>You will need to enter your address each time you visit the free
    resources page as your browser does not support cookies.</p>
    <ul>
    <li><a href='freeresourceslinks.php'>Access Free Resources</a></li>
    </ul>
    ";
    }
    else {
    ?>
    <p>Please enter your email address below. <a
    href="privacy.php">(Privacy policy)</a></p>
    <form name="emailaddress" id="emailaddress" title="Email address"
    onsubmit="return formvalidation();" method="post"
    action="cgi-bin/formtomailscript2.cgi">
    <table id="emailtable">
    <tr>
    <td class="input"><input name="email" id="email" type="text"
    size="23" /></td>
    </tr>
    <tr>
    <td>
    <div align="center">
    <input name="submit" id="submit" type="submit" value="submit" />
    </div>
    </td>
    </tr>
    </table>
    </form>
    <script language="JavaScript" type="text/javascript">
    <!--
    document.getElementById('email').focus();
    // -->
    </script>
    <? } ?>
    </div>
    <div id="rightcolumn">
    <div id="content">
    <h1>Free resources</h1>
    <p>To access additional information and downloadable resources that
    will assist with your implemenation of SMILE we ask that you supply your
    email address.
    </div>
    </div>
    </div>
    <?php include("includes/footer.php"); ?>
    </div>
    </body>
    </html>

  2. #2
    SitePoint Enthusiast
    Join Date
    May 2005
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,

    the problem is in cookie. It is a security issue - you can specify who can read this coockie:

    4th optional parameter in setcookie() is 'path' :

    If set to '/', the cookie will be available within the entire domain. If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain. The default value is the current directory that the cookie is being set in.
    In your case check with '/' passed as 4th element.


    For more information look at PHP manual for setcookie()
    Last edited by patter; Jul 26, 2005 at 06:45.

  3. #3
    SitePoint Enthusiast
    Join Date
    Nov 2003
    Location
    austalia
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Not sure that the security issue is the problem as the default should make it available across the entire domain. However I did try this without any success.

    All other suggestions welcome.

    Thanks
    David

  4. #4
    SitePoint Addict
    Join Date
    Oct 2004
    Location
    Brooklyn, NY
    Posts
    359
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I didn't look through that long code snippet, but what is this?

    $_SERVER['http://www.smilelearning.com.au/cgi-bin/formtomailscript2.cgi'];

    Do you really have an element in your $_SERVER array with that URL as the key?
    Chris Shiflett
    http://shiflett.org/


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •