[guyfromri]

Hey guys!!

I think I have this right but I'm not sure so here goes....

I have a chk_login script in my site. When the user logs in, I'm trying to use cookies instead of sessions. I set up all my cookies and I did stop the login script and var_dump them to make sure they had the right values and they do...so all is well there.

Then I have the redirect set to the login_index.php page. At the top of this page is my chk_session script that looks like this...

<?
 if(!isset($_COOKIE["userid"])){
  header('location: http://mylink');
 }
?>

The problem is, no matter if the cookies are set or not, I keep getting a redirect back to the login page. The login page also has a similar script but it does the opposite...if the cookie isset then it redirects to login_index.php. Since I don't just get stuck in a redirect loop, I'm guessing that I'm identifying my cookies wrong so could anyone please point me in the right direction here...

as always, Thanks in advance!!

[CTphpnwb]

If you do:

var_dump($_COOKIE);

do you see userid as one of the keys?

[guyfromri]

no...

I think I just learned something though...i thought if I was checking isset($_COOKIE) it was checking to see if that cookie has a value other than null...

if I do var_dump($_COOKIE['userid']) it just returns string(2) "13" (or w/e the id is)

This raises 2 questions...

1. Does it have to be a key for isset to work?
2. How do I make a variable like that a key?

Also, I just did var_dump($_COOKIE) and it doesn't show any key's at all...
That's good info to have, I was wondering how to get an array of my cookies..
Thanks!

This post has been edited by guyfromri: 22 September 2011 - 11:50 AM

[RudiVisser]

isset($_COOKIE) is checking that the cookie array exists, which it always does... You should be using if (isset($_COOKIE['userid'])) { to check if you have a userid already, or better yet, use empty(..), and even better, check that the userid is actually valid also.

I don't know what your second question means, but you need to set values in the $_COOKIE array using the setcookie method, and access them on the next pageload.

[guyfromri]

RudiVisser, on 22 September 2011 - 03:03 PM, said:

isset($_COOKIE) is checking that the cookie array exists, which it always does... You should be using if (isset($_COOKIE['userid'])) { to check if you have a userid already, or better yet, use empty(..), and even better, check that the userid is actually valid also.

I don't know what your second question means, but you need to set values in the $_COOKIE array using the setcookie method, and access them on the next pageload.

Thanks...I actually have been setting the cookies using setcookie and using $_COOKIE['userid']. I also tried empty a few minutes ago but that isn't working either... again, if I dump the variable using var_dump($_COOKIE['userid']) then I get the value which it does have one but if I use empty with an if statement, it goes to the part of the statement where the cookie is empty...here are my scripts that i'm using..copied from my site...

This is where i set the cookies (chk_login.php)

      setcookie("userid", $qry_id);
      setcookie("disp_name", $display_name);
      setcookie("cur_state", $cur_state);
      setcookie("user_role",$role);

Then this is where I check to see if it has a value (login_index.php)

if(empty($_COOKIE["userid"])){
 echo "empty cookie";
 echo $_COOKIE['userid']; //Just for good measure and of course it has a value regardless
}else{
 echo $_COOKIE['userid'];
}

So that's where I'm stumped, they have values but I can't seem to test them...

Thanks again for all the help guys!!

[CTphpnwb]

If it has a value then it isn't empty. You might want to check for a specific value or range of values.

[guyfromri]

So in researching this, I've found that you can't send any headers before you set cookies...which makes sense I guess...


Does a require statement count as sending a header? I have a require at the top that i use to connect to my db but I've removed all other headers and still no luck here...i did clear my cookies and tried two diff browsers on two diff comps so it's not that...

Also, now that I've cleared, when I check the cookie on the login_index, it comes back null now...I remember when I was learning about sessions, I had to start the session every time I was going to call on a variable from it...is there something similar I have to do with cookies?

Thanks again for all the help guys!!

[CTphpnwb]

Require and include are server side. They send nothing to the browser.

If a cookie is null then it should be empty.

[guyfromri]

Thanks I thought so. Problem is, my cookie is not null...again..I'm setting it but in the next page, it isn't set any more....I know you have to set cookies before <html> but I'm dying here lol...i'm just at the point of frustration where it's all meshing..i'm trying some differnt back door methods to see what happens when I do x....i'll report back with my findings..

thanks again! i really do appreciate the input

[CTphpnwb]

Well, we'd need to see your exact code. Both "pages." By the way, PHP has files, not pages. Pages are sent to browsers and they don't have PHP in them, so we really need to see both PHP files.

[guyfromri]

Sure...Here are both scripts...

Here's my chk_login.php code

<?php

  //Authenticate Login
  
  require 'public_html/scripts/db/admin_db_connect.php';
  unset($_COOKIE['cur_msg']);
  $bad=0;
  
  $username=strtolower($_POST['login_user']);
  $password=base64_encode($_POST['login_pass']);
  
  $login_qry=mysql_query("SELECT * FROM user_1_login_data WHERE email='$username' AND active=1") or die(mysql_error());
  $login_qry_rows=mysql_num_rows($login_qry);
  
  if($login_qry_rows==0){ //User doesn't exist in the table
    setcookie("cur_msg", "User name doesn't exist. Please try again.");
    echo "you're losing it here";
    $bad=1;
  }else{ //User does exist so we have to check the password
    $qry_password=mysql_result($login_qry, 0, 'password');
    if($qry_password!=$password){ //passwords don't match
      setcookie("cur_msg", "Incorrect password. Please try again.");
      $bad=1;
    }else{ //Password now matched as well so we set up the session
      $qry_id=mysql_result($login_qry, 0, 'id');
      $info_qry=mysql_query("SELECT * FROM user_2_details WHERE user_id=$qry_id");
        $info_arr=mysql_fetch_array($info_qry);
        $display_name=$info_arr['display_name'];
        $cur_state=$info_arr['cur_state'];
        $user_role=$info_arr['role'];
      setcookie("userid", $qry_id, '/public_html');
      setcookie("disp_name", $display_name, '/public_html');
      setcookie("cur_state", $cur_state, '/public_html');
      setcookie("user_role", $role, '/public_html');
      mysql_query("INSERT INTO user_10_login_recs(user_id, ip_add) values($qry_id, '{$_SERVER['REMOTE_ADDR']}') ");
      $bad=0;
    }
  }
  
  if($bad==1){
    header('location: http://mystuff.info/index.php');
  }else{
    header('location: http://mystuff.info/login_index.php');
  }                              
?>
<html>
</html>

Here's my login_index.php code

<?
  session_start();
  
  var_dump($_COOKIE['userid']);
  if(empty($_COOKIE['userid']))
  {
    //header('location: http://me.info/index.php');
  }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>YoPro Connect</title>
<link rel="stylesheet" type="text/css" href="css/style_main.css" />
<link rel="stylesheet" type="text/css" href="css/style_profile.css" />
<link rel="stylesheet" type="text/css" href="css/style_nav.css" />
</head>

<body>

   <!-- Begin Wrapper -->
   <div id="wrapper">
   
     <!-- Begin Header -->
     <div id="header">
		 
		    <?php
		      require '/public_html/scripts/build/get_header.php';
        ?>		 
			   
		 </div>
		 <!-- End Header -->
		 
		 <!-- Begin Navigation -->
     <div id="navigation">
		 
     <?php
		      require 'public_html/scripts/build/get_top_links_session.php';
     ?>
          
		 </div>
		 <!-- End Navigation -->
		 
		 <!-- Begin Left Column -->
		 <div id="leftcolumn">
		 
		   <b>Employed By</b>
		   <br/>
		   <i>I-Suck-Comedian World</i>
		   <br/>
		   <b>Position</b>
		   <br/>
		   <i>Comedian</i>
		   <br/>
		   <br/>                                             
		   <a href="#">View Resume</a>
		   <br/>
		   <br/>
		   <b>Current Network</b>
		   <br/>
		   <i>Comedy</i>
		   <br/>
		   <br/>
		   <b>Joined</b>
		   <br/>
		   <i>9/17/2009</i>
		   <br/>
		   <br/>
		   <b>Reason For Membership</b>
		   <br/>
		   <i>Professional Networking</i>
		 
		 </div>
		 <!-- End Left Column -->
		 
		 <!-- Begin Content Column -->
		 <div id="content">
		  
	    Here is a post in the content column. We'll probably end up changing the look of this eventually. 		 
		 
		 </div>
		 
		 <!-- End Content Column -->
		 
		 <!-- Begin Right Column -->
		 <div id="rightcolumn">
		 
      <a href="#"><img src="int_images/mockup_pic2.gif" class="profile_image"/></a>
      <br/>
      <br/>
      <center><a href="#">Photo Albums<a></center>
     </div>
     
		 <div class="clear"></div>
		 
		 
		 <!-- End Right Column -->
		 
		 
   </div>
   <!-- End Wrapper -->
   
</body>
</html>

So I included everything because the smallest detail makes a diff...thanks for taking a look and all the help!!

[CTphpnwb]

Why do you have the last two lines?

  if($bad==1){
    header('location: http://mystuff.info/index.php');
  }else{
    header('location: http://mystuff.info/login_index.php');
  }                              
?>
<html>
</html>

Those are getting sent to the browser so they could be causing the problem.

[guyfromri]

well when you hit the button on the login form, it calls chk_login.php and as long as those criteria have been passed, it redirects to login_index.php...is there another way I can do this?

[CTphpnwb]

I'm not sure exactly what you're trying to do. Maybe it's because HTML makes my eyes glaze over. Try writing it out as a sequence of function calls (and write the functions if you can) so that I can follow you.