Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 4 123 ... LastLast
Results 1 to 15 of 46

Thread: Set cookie

  1. #1
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,422
    Thanks
    69
    Thanked 102 Times in 101 Posts

    Set cookie

    I am way over my head on this one. I broke my whole website. I am trying to login with a session and set a cookie and do a check cookie function. None of the cookie data works. It's a mess, please help me figure this out, so I can get it back up and running again. Thanks


    This is my login function to check login details and set the cookie.

    PHP Code:
    function login() {



        include(
    'CharNameDB.php');



        if (isset(
    $_POST['submit'])) {


           
    $query mysqli_query($CharNameDB"SELECT * FROM rod_AllUsers WHERE username='{$_POST['username']}' LIMIT 1");

            if (
    mysqli_num_rows($query) != 1) { die("You have entered an invalid username or password. Please go back and try again."); }

            
    $row mysql_fetch_array($query);
          
    //  $secretword = 'rod';
           // $expiretime = time()+60000;

          //  if (isset($_POST["rememberme"])) { $expiretime = time()+31536000; $rememberme = 1; } else { $expiretime = 0; $rememberme = 0; }

          //  $cookie = $row['id'] . " " . $row['username'] . " " . md5($row['password'] . "--" . $secretword . ") .";
          
    $value "".$row['username']." ".md5($row['password'])."";
          
    setcookie("newrodgame"$valuetime()+3600);  /* expire in 1 hour */

            
    $_SESSION['nrodgam']="[X]";

            
    header("Location: createchar/menu.php");



            die();



        }


        require(
    'index.php');



    This is to check that cookies exist or create a new one.


    PHP Code:
    function checkcookies()
    {
        global 
    $CharNameDB;
        
    $row false;
        if (isset(
    $_COOKIE["newrodgame"]))
        {

            
    $theuser explode(" "$_COOKIE["newrodgame"]);
            
    $query mysqli_query($CharNameDB"SELECT * FROM rod_AllUsers WHERE username='$theuser[1]'");
            if (
    mysql_num_rows($query) != 1)
            {
                die(
    "Invalid cookie data (Error 1). Please clear cookies and log in again.");
            }

            
    $row mysql_fetch_array($query);
            if (
    $row['id'] != $theuser[0])
            {
                die(
    "Invalid cookie data (Error 2). Please clear cookies and log in again.");
            }


            if (
    md5($row["password"] . "--" $CharNameDB["secretword"]) !== $theuser[2])
            {
                die(
    "Invalid cookie data (Error 3). Please clear cookies and log in again.");
            }



            
    $newcookie implode(" "$theuser);
            if (
    $theuser[3] == 1)
            {
                
    $expiretime time() + 31536000;
            }
            else
            {
                
    $expiretime 0;
            }

      
    $value "".$row['username']." ".md5($row['password'])."";
          
    setcookie("newrodgame"$valuetime()+3600);  /* expire in 1 hour */

        
    }
        return 
    $row;

    Been a sign maker for 7 years. My business:
    American Made Signs

  • #2
    Senior Coder
    Join Date
    Jan 2011
    Location
    Missouri
    Posts
    4,096
    Thanks
    23
    Thanked 594 Times in 593 Posts
    Just a thought
    $query = mysqli_query($CharNameDB, "SELECT * FROM rod_AllUsers WHERE username='$theuser[1]'");

    and

    if ($row['id'] != $theuser[0])
    Evolution - The non-random survival of random variants.

    "If you leave hydrogen alone, for long enough, it begins to think about itself."

  • #3
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,422
    Thanks
    69
    Thanked 102 Times in 101 Posts
    What would be the difference?
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    What error messages are you seeing?

    What are the values of your debug prints? What part of the code did you change?

    You really need to do some basic debugging. This usually consists of printing the values of variables and line numbers so that you know what bits of code are executing. To track line numbers you can use a magic constant called __LINE__ which contains the line number.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #5
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,422
    Thanks
    69
    Thanked 102 Times in 101 Posts
    I just get a blank page, no error codes.
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #6
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    So what does your log file show?

    Have you enabled error reporting in your script?
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #7
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,422
    Thanks
    69
    Thanked 102 Times in 101 Posts
    Here are some different logs.

    PHP Code:
    [23-Mar-2014 21:35:33 UTCPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 21:35:34 UTCPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 21:36:07 UTCPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 21:36:08 UTCPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 21:36:12 UTCPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 21:36:12 UTCPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 15:37:05 America/DenverPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 15:37:06 America/DenverPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 15:37:07 America/DenverPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 15:37:07 America/DenverPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 15:37:21 America/DenverPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 15:37:21 America/DenverPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 15:37:34 America/DenverPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 15:37:34 America/DenverPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 15:38:03 America/DenverPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
    [23-Mar-2014 15:38:03 America/DenverPHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0 

    PHP Code:
    [11-May-2014 20:46:25 America/DenverPHP Fatal error:  Cannot redeclare checkcookies() (previously declared in /home1/newrodga/public_html/header_common.php:16in /home1/newrodga/public_html/lib.php on line 145
    [11-May-2014 20:49:15 America/DenverPHP Parse error:  syntax errorunexpected '"test"' (T_CONSTANT_ENCAPSED_STRINGin /home1/newrodga/public_html/header_common.php on line 53
    [11-May-2014 20:49:37 America/DenverPHP Parse error:  syntax errorunexpected '"test"' (T_CONSTANT_ENCAPSED_STRINGin /home1/newrodga/public_html/header_common.php on line 53 
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #8
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,422
    Thanks
    69
    Thanked 102 Times in 101 Posts
    Now I get this error:

    Invalid cookie data (Error 1). Please clear cookies and log in again.

    Which is from this:

    PHP Code:
    function checkcookies()
    {
        global 
    $CharNameDB;
        
    $row false;
        if (isset(
    $_COOKIE["newrodgame"]))
        {

            
    $theuser explode(" "$_COOKIE["newrodgame"]);
            
    $query mysqli_query($CharNameDB"SELECT * FROM rod_AllUsers WHERE username='$theuser[1]'");
            if (
    mysqli_num_rows($query) != 1)
            {
                die(
    "Invalid cookie data (Error 1). Please clear cookies and log in again.");
            } 
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #9
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Well if you won't answer my previous questions how do you expect me to help you?

    What errors are in your error logs?

    Secondly, if you var_dump() the $_COOKIE, do you see the expected result?

    Thirdly, cookies are evil. I mean truly evil. The only time I ever use cookies is as a php session cookie and php does that automatically.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #10
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,422
    Thanks
    69
    Thanked 102 Times in 101 Posts
    I posted the error log but the forum keeps saying "Your post is submitted to a moderator for approval" which makes no sense.
    I prefer not using cookies as well, but don't know another way of doing it. What do you suggest? Thanks
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #11
    Regular Coder
    Join Date
    Sep 2011
    Posts
    408
    Thanks
    18
    Thanked 26 Times in 26 Posts
    First off, I see every user doing this, but ESCAPE YOUR QUERIES!!!

    My rules for queries:
    1. Wrap a query string with single quotes, not double quotes
    2. ALWAYS wrap colums and table names with back ticks to keep them isolated
    3. Escape all the variables in the strings, unless its an integer obtained from the database beforehand and not set by the user (cookies, GET, POST, heck even session data)


    Good query:
    PHP Code:
    $query 'SELECT `id`, `other_data` FROM `my_table` WHERE `input`=\''.$mysqli->real_escape_string($some_var).'\''//Note: MySQL is deprecated, use MySQLi instead. 
    Bad query:
    PHP Code:
    $query "SELECT id, other_data FROM my_table WHERE input='$some_var'"
    The second one is asking for an SQL injection, the first is protected from it (better at least)

  • #12
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,422
    Thanks
    69
    Thanked 102 Times in 101 Posts
    That is really advanced for me, I am still somewhat of a beginner.
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #13
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    I disagree with Dubz on a couple of points but his basic advice is correct - you need to protect your SQL. It really isn't rocket science. You either learn it now or don't bother putting a site together at all because it will be unsafe and you'll be hacked in no time. Like all things in life, nothing is easy when you learn it but the more you do it, the easier it becomes to you.

    As for your error logs, you only needed to post the relevant lines (eg run your code, then post the last 10-20 lines with the date and time that apply) however it appears that this is too much for you too. I don't want to see 30,000 lines of errors from the last six months - thats no help at all.

    Having now been given the run around by you refusing to provide logs, info, answer questions directly etc, there is no way forward for me to help you with your issues.

    I explicitly asked you if your cookie value was as expected, you didn't answer that. I've told you about using sessions instead of cookies, you then ask for an alternative to cookies. I don't know how to help you because you ignore questions and refuse to be helped.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #14
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,422
    Thanks
    69
    Thanked 102 Times in 101 Posts
    I only posted 3 lines from one error log and about 15 from the other error log and it went to the moderators. So how can you accuse me of not providing information? Also I wanted to let you know what I am somewhat of a beginner so that you won't assume I am an expert and know how to do everything.

    So I will try posting the error logs again, but if CF won't allow it, it's not my fault.
    Been a sign maker for 7 years. My business:
    American Made Signs

  • #15
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    One last time... (in reference to post 7)

    Does the value in your $_COOKIE contain what you expect? - Have you var_dump()'d it?

    I cannot and will not continue to ask you this.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  
    Page 1 of 4 123 ... LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •