SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Addict khuramyz's Avatar
    Join Date
    Oct 2005
    Location
    Manchester, UK
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Smile Website Status Cookie

    I have a switch in admin to turn off the website for all except those who have a valid access key. For those with key, a cookie is added for thirty minutes. My site is all URL rewritten so there are a lot of / subpaths.

    The code that I have is this,

    PHP Code:

    $website_status 
    $GLOBALS['website_status'];
    if(!
    $website_status)
    {
        
    $access 0;
        if(isset(
    $_GET['access']) && $_GET['access'] == $GLOBALS['website_private_access_key'])
        {
            
    $access 1;
            
    setcookie('website_private_access_key'1time() + 60*60'/' );
        }
        else if(
    $_COOKIE['website_private_access_key'] == '1')
        {
            
    $access 1;
            
    setcookie('website_private_access_key'1time() + 60*60'/');
        }
        
        if(!
    $access)
        {
            
    //website down
            
    $objPage $GLOBALS['DB']->queryUniqueObject("Some closed page query'");
            echo 
    '<html><head><title>' stripslashes($objPage->title).'</title></head>';
            echo 
    '<body>' stripslashes($objPage->content).'</body></html>';
            exit;
        }

    However, this works fine on Firefox. But on IE and Opera, when I open the page with applying the access key with ?access=Keyval, it opens that specific page but when I open another page, lets say /register/, it doesnt open that and goes to website closed for maintaince page.
    Ideally the cookie should remain for 30 minutes but only in FF does it work.
    Khuram Javaid
    PHP Developer and Entrepreneur
    http://www.phprad.com/

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Anyone can access your site without knowing the key by simply creating a cookie named website_private_access_key and putting the value 1 in it.

    You should use sessions for this instead.

  3. #3
    SitePoint Addict khuramyz's Avatar
    Join Date
    Oct 2005
    Location
    Manchester, UK
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually sessions are already used in the website, I do not want to mix things up.
    Instead of value 1, I can give it the true value of key.
    Dan the problem is not cookie/session.
    Problem is, why this cookie is not available at http://www.mysite.com/login/ etc.... when it has the path '/'
    It does work for FF but not others.
    Khuram Javaid
    PHP Developer and Entrepreneur
    http://www.phprad.com/

  4. #4
    SitePoint Wizard PHPycho's Avatar
    Join Date
    Dec 2005
    Posts
    1,201
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why don't you encrypt the cookie values instead of keeping it plain.

  5. #5
    SitePoint Addict khuramyz's Avatar
    Join Date
    Oct 2005
    Location
    Manchester, UK
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1. This is sidetracking the issue
    2. Please tell me more about this encrypting.
    Khuram Javaid
    PHP Developer and Entrepreneur
    http://www.phprad.com/

  6. #6
    SitePoint Wizard PHPycho's Avatar
    Join Date
    Dec 2005
    Posts
    1,201
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by khuramyz View Post
    1. This is sidetracking the issue
    2. Please tell me more about this encrypting.
    Basically two types of encryption
    1> one way: for example md5(), sha() etc
    2> two way: base64_encode(), mcrypt extension , you can also make your own custom function

    In case of setting & getting the encrypted value to/from cookie,you need two way encryption.

  7. #7
    SitePoint Addict khuramyz's Avatar
    Join Date
    Oct 2005
    Location
    Manchester, UK
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually,
    I have changed my code slightly so that guessing becomes difficult, if not impossible.
    Can you please suggest about my original problem.
    Khuram Javaid
    PHP Developer and Entrepreneur
    http://www.phprad.com/

  8. #8
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    see the documentation for setcookie()
    set the path to /

    also beware of mixing/crossing domains. eg www vs subdomain vs nothing
    you can set the domain param if needed

  9. #9
    SitePoint Addict khuramyz's Avatar
    Join Date
    Oct 2005
    Location
    Manchester, UK
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by crmalibu View Post
    see the documentation for setcookie()
    set the path to /

    also beware of mixing/crossing domains. eg www vs subdomain vs nothing
    you can set the domain param if needed
    Hi
    Check my code at the top, I have clearly mentioned '/' as the path
    Khuram Javaid
    PHP Developer and Entrepreneur
    http://www.phprad.com/


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •