SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    Internet Consumist Kayn's Avatar
    Join Date
    Feb 2001
    Location
    Missouri
    Posts
    209
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Arrow PHP Cookie Issue

    Hey hey,

    Having me some fun trying to figure out where I'm going wrong with my login script. 'Bout ready to pull my hair out, but rather than do that, maybe you guys can help me.

    I've got a simple login situation. Usernames are in a dropdown, they enter a password, if password is successful, cookies are assigned. However, even with the cookie assigned my if(isset($_COOKIE["cookiename"])) is still validating to false EVEN THOUGH the cookies exist.

    If I refresh (resubmit) the form THEN the cookie validates. I'm so confused on this.

    I suppose a visual would make more sense.

    Attached below are the steps of my process in order and where I'm having an issue.

    Here's the login code.

    First, the HTML form.

    HTML Code:
    <form method="post"> 
    <fieldset class="login_form"> 
    <legend>Please enter password to access this page</legend> 
    <font color="red"></font><br /> 
    <p><label for="access_login">Login:</label><!--<input type="input" name="access_login" />--><select name="access_login"><option value="A&K">A&K</option><option value="CEA">CEA</option><option value="CSSI">CSSI</option><option value="Nexus">Nexus</option></select></p><p><label for="access_password">Password:</label> 
    <input type="password" name="access_password" /></p><p><label>&nbsp;</label><input type="submit" name="Submit" value="Submit" /></p> 
    </fieldset> 
    </form>
    Now, the page where I validate stuff.

    PHP Code:
    <?PHP
    include("includes/header.php");
    include(
    "includes/login_include.php");

    if (isset(
    $_COOKIE['slp_name'])) {
        
    // get page info
        
    $page_title $_COOKIE['slp_name'];
        
    $meta_keywords "";
        
    $meta_description "";
        
    $content $_COOKIE['slp_name'];
        
    } else {
        
    $page_title "Oops!";
        
    $meta_keywords "";
        
    $meta_description "";
        
    $content "<h1>Oops.</h1><p>It seems that your company page does not exist or hasn't been created yet.</p>";
    }


    //***********************************************************************************
    // Page Output!
    //***********************************************************************************
    $template get_template("templates/main_page.htm");
    $template str_replace("%PAGE-TITLE%",$page_title,$template);
    $template str_replace("%META-KEYWORDS%",$meta_keywords,$template);
    $template str_replace("%META-DESCRIPTION%",$meta_description,$template);
    $template str_replace("%CONTENT%",$content,$template);

    include(
    "includes/footer.php");
    print 
    $template;
    ?>
    Now, the login include.

    PHP Code:
    <?PHP
    // request login? true - show login and password boxes, false - password box only
    define('USE_USERNAME'true);

    // User will be redirected to this page after logout
    define('LOGOUT_URL''index.php');

    // time out after NN minutes of inactivity. Set to 0 to not timeout
    define('TIMEOUT_MINUTES'30);

    // This parameter is only useful when TIMEOUT_MINUTES is not zero
    // true - timeout time from last activity, false - timeout time from login
    define('TIMEOUT_CHECK_ACTIVITY'true);

    $pw_match_found false;

    ##################################################################
    #  SETTINGS END
    ##################################################################

    // timeout in seconds
    $timeout = (TIMEOUT_MINUTES == time() + TIMEOUT_MINUTES 60);

    // logout?
    if (isset($_GET['logout'])) {
        
    setcookie("aa_verify"''$timeout'/'); // clear password;
        
    setcookie("slp_name"''$timeout'/');
        
    header('Location: ' LOGOUT_URL);
        exit();
    }

    if (!
    function_exists('showLoginPasswordProtect')) {

    // show login form
        
    function showLoginPasswordProtect($error_msg,$login_opts) {
            
    $login_form get_template("templates/login_form.htm");
            if (
    $error_msg != "") {
                
    $login_form str_replace("%ERROR-MESSAGE%",$error_msg,$login_form);
            } else {
                
    $login_form str_replace("%ERROR-MESSAGE%","",$login_form);
            }
            
    $login_form str_replace("%LOGIN-OPTIONS%",$login_opts,$login_form);
            print 
    $login_form;
        
    // stop at this point
        
    die();
        }
    }

    // user provided password
    if (isset($_POST['access_password'])) {

        
    $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
        
    $pass $_POST['access_password'];
        
        
    // Company name 
        
    $sql "SELECT
                    id,
                    company_name,
                        pass
                FROM
                    company_table
                ORDER BY
                    company_name"
    ;

        
    $result = &$db->query($sql);
        while (
    $p $result->fetch()) {
            
    // Sort through all the data 'till we find a match. 
            
    if ($_POST["access_login"] == $p["company_name"]) {
                
    // now we gotta check the password to see if it matches.
                
    if ($_POST["access_password"] == $p["pass"]) {
                    
    // match
                    
    $pw_match_found true;
                }
            }
        }

        if (
    $pw_match_found == false) {
            
    showLoginPasswordProtect("Incorrect password.",$login_options);
        } else {
               
    setcookie("aa_verify"md5($login.'%'.$pass), $timeout'/');
               
    setcookie("slp_name"html_entity_decode($login), $timeout'/');    
            unset(
    $_POST['access_login']);
            unset(
    $_POST['access_password']);
            unset(
    $_POST['Submit']);
            
            
        }
        

    } else {

        
    // check if password cookie is set
        
    if (!isset($_COOKIE['aa_verify'])) {
            
    showLoginPasswordProtect("",$login_options);
        }

        
    // check if cookie is good
        
    $found false;
        foreach(
    $LOGIN_INFORMATION as $key=>$val) {
            
    $lp = (USE_USERNAME $key '') .'%'.$val;
            if (
    $_COOKIE['aa_verify'] == md5($lp)) {
                
    $found true;
                
    // prolong timeout
                
    if (TIMEOUT_CHECK_ACTIVITY) {
                    
    setcookie("aa_verify"md5($lp), $timeout'/');
                    
    setcookie("slp_name"html_entity_decode($login), $timeout'/');
                }
            break;
            }
        }
        if (!
    $found) {
            
    showLoginPasswordProtect("",$login_options);
        }
    }

    ?>
    I can't figure out WHY it won't register that the cookie has been set after login was successful AND the cookie IS set.

    The images below go like this:

    One - Correct password is entered
    Two - Cookies are set, but the logic doesn't SEE them as being set.
    Three - You can see the cookies are set when I use the web dev plug-in for Firefox.
    Four - I hit refresh...
    Five - I hit "Resend"
    Six - Suddenly the cookies are recognized.

    They need to be recognized at step two. Please help.
    Attached Images Attached Images
    Sing in a band called Psychostick, Alfredo Afro.

  2. #2
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Maybe Im missing something, but from a quick scan it would seem that when you submit your login form nothing happens as you havent specified any ACTION in the form header.

    Therefore when you refresh thats the first time that script has been run with the POST info and the cookies are declared then.
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  3. #3
    SitePoint Guru aamonkey's Avatar
    Join Date
    Sep 2004
    Location
    kansas
    Posts
    953
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Mandes View Post
    Maybe Im missing something, but from a quick scan it would seem that when you submit your login form nothing happens as you havent specified any ACTION in the form header.
    If you don't declare an action for a form element the page will submit to itself.
    aaron-fisher.com - PHP articles and more

  4. #4
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by aamonkey View Post
    If you don't declare an action for a form element the page will submit to itself.
    Hey you learn something everyday
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •