Interesting problem here. When I submit my form, I have to type the password and submit it TWICE for it to take effect. Even weirder is that if I enter the user-level password on the first go, and the admin-level password on the second go, it sets my access to user-level, and vice versa. So it's only accepting the first password entry, but I have to put in a second entry for it to submit. See my code below.
SOLVED: PHP/Cookie problem
- Thread starter LeetestUnleet
- Start date
DannyBoy
Diamond Member
It's dirty code.
Define your $_POSTs to different variables before checking the username and password.
You should be creating sessions for added security too, not relying purely on cookies.
Define your $_POSTs to different variables before checking the username and password.
You should be creating sessions for added security too, not relying purely on cookies.
DannyBoy
Diamond Member
Oh and change "if(isset($_POST["pass"]))" to "if(isset($_POST["submit"]))" and use the respective name for the submit button.
Made those two changes and it's still not working. Sessions aren't too viable because it's not a very important script -- really, it doesn't matter too much if a person can get through the "cookie security". There's nothing TOO important that it's protecting.
Updated code:
Updated code:
kamper
Diamond Member
- Mar 18, 2003
- 5,513
- 0
- 0
I'm not familiar with php's cookie handling specifics but here's my guess:
setcookie() only writes a cookie header into the http response. It would only do this because the user may choose to reject that cookie so you cannot assume that it is valid until they return it on subsequent requests.
$_COOKIE only contains cookies that the user has included with their request as per guess above.
Having setcookie() put its value in $_COOKIE as well would be incorrect because that's purely a server side manipulation and cookies are a client side concept.
I think what you need to do is split the two parts of your code into two actual pages. As soon as you have set the cookie, return whatever page you want the user to see after logging in. If you need to do specific processing depending on which type of user they are you can simply remember it in a variable. Checking the contents of $_COOKIE should wait until the next page is requested.
setcookie() only writes a cookie header into the http response. It would only do this because the user may choose to reject that cookie so you cannot assume that it is valid until they return it on subsequent requests.
$_COOKIE only contains cookies that the user has included with their request as per guess above.
Having setcookie() put its value in $_COOKIE as well would be incorrect because that's purely a server side manipulation and cookies are a client side concept.
I think what you need to do is split the two parts of your code into two actual pages. As soon as you have set the cookie, return whatever page you want the user to see after logging in. If you need to do specific processing depending on which type of user they are you can simply remember it in a variable. Checking the contents of $_COOKIE should wait until the next page is requested.
I think you're right. I found out that I don't actually need to submit the form a 2nd time, but rather it just needs to be refreshed. For some reason, it sets the cookie, but it isn't actually SET until the next time the page loads. I'll just have to split it up like you said, kamper. Thanks.
DannyBoy
Diamond Member
Oh yeah, you need to set a header location for the page once it's finished processing, forgot about that.
kamper
Diamond Member
- Mar 18, 2003
- 5,513
- 0
- 0
No he doesn't. He can just continue to output whatever page he would like the user to see after logging in.
@Leetest: Like I said above, the cookie cannot be set until the client sees it. Putting it into $_COOKIE before sending it to the client would be incorrect because the cookie doesn't exist until the client acknowledges it. From the php manual:
Hm, actually, I found an easier solution.
All I needed to do was add a header('Location') field after I set the cookie -- I don't need to split it up at all. It may not be the "cleanest" way of doing it, but it's a solution nonetheless.
Thanks for the help everyone!
All I needed to do was add a header('Location') field after I set the cookie -- I don't need to split it up at all. It may not be the "cleanest" way of doing it, but it's a solution nonetheless.
Thanks for the help everyone!
Originally posted by: kamper
Alright. Go ahead and prove me wrong!I sitll don't understand why you need to see the cookies in the same request as the login.
Meh, it would've probably been easier to do it on separate pages, but I was actually just adding cookies to a script that only used basic text authentication with no cookies or anything. Anyway, it all works now! Yay!
by the way, i'm not sure if this is the case ....
if you simply want to check whether the form was submitted or the user access it directly, you can simply use:
if ($_SERVER['REQUEST_METHOD'] == 'POST')
instead of checking for $_POST['submit']
makes life easier if someday you decide to change the name of the <input type="submit"> button
if you simply want to check whether the form was submitted or the user access it directly, you can simply use:
if ($_SERVER['REQUEST_METHOD'] == 'POST')
instead of checking for $_POST['submit']
makes life easier if someday you decide to change the name of the <input type="submit"> button
DannyBoy
Diamond Member
That's stupid, what if you want to have multiple form handlers on one page?
Terrible way to do that.
It all depends on whether you have one or multiple forms on one page that shares one script for the processing.
For multiple handlers on same form, that's when you do add a check for the individual $_POST['submitbutton'] values.
Or, from your reply, do you prefer this instead?
They don't have much difference except for the extra if() statement for checking the request_method.
It's all a matter of preference, since both works just fine.
However, if you really have to have multiple forms on the page, do you really want to put the different processings in the same script? Personally, i don't like cramping 2-3 different $_POST processings in one script. But it's all up to the developer (and it's a different discussion from the current topic)
Interesting. It doesn't seem to work in Mozilla or Firefox, but it'll work in IE :S That's weird. I even did the _SERVER option and it still doesn't work. Debugging shows that it gets inside the if statement, but for some reason it won't take the data. I guess I'll go ahead and do separate pages for login and display to see if that fixes it, because maybe Mozilla doesn't like sending location headers to the page it's already on?
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter