Re: [PHP] Cookie

[Casey Allen Shobe]

Mine's working great.
setcookie() is broken pretty badly though...so I use header instead...here's 
my whole authentication system.  I home that it will be of use to you.  This 
works in every browser that supports cookies.  I've tested NN6-6.2, NN4.77, 
IE5.0-6.0, and Konqueror 2.2.1.

<?php

if ($pagetype == null) {
        $pagetype = 'login';
}

// (This is for a 30 minute cookie)
if ($pagetype == 'dologin') {
        if (($username != null) and ($password != null)) {
                $time = mktime()+1800;
                $date = gmdate("D, d-M-Y H:i:s", ($time));
                $password = md5 ($password);
                header ('Set-Cookie: username='.$username.'; expires='.$date.' GMT; 
path=/; 
domain='.$SERVER_ADDR);
                header ('Set-Cookie: password='.$password.'; expires='.$date.' GMT; 
path=/; 
domain='.$SERVER_ADDR);
                header ('Refresh: 1; url='.$PHP_SELF.'?pagetype=home');
                print 'One moment, logging on...'."\n";
        } else {
                $pagetype = 'login';
                $message = 'nopass';
        }
}

if ($pagetype == 'dologoff') {
        $time = mktime()-1800;
        $date = gmdate("D, d-M-Y H:i:s", ($time));
        header ('Set-Cookie: username='.$username.'; expires='.$date.' GMT; path=/; 
domain='.$SERVER_ADDR);
        header ('Set-Cookie: password='.$password.'; expires='.$date.' GMT; path=/; 
domain='.$SERVER_ADDR);

        $pagetype = 'login';
}

// If you want to make sure the user doesn't forge their cookie timeout to a
// longer time, you can also write a lastlogin timestamp into a database or
// local file, and double-check against that, using the server time.

// You could also even write a isloggedon value to a database to verify that
// once a user logs off, they are *really* logged off by making it also
// challenge that.

// This is my authentication check...yours will differ.
if (($pagetype != 'login') and ($pagetype != 'dologin') and ($pagetype != 
'dologoff')) {
        if (($username != null) and ($password != null)) {
                $db_userinfo = db_query ($db2_conn, 'select * from gabrielle_users 
where 
username=\''.$username.'\'');
                $db_password = $db_userinfo[0][0][2];
                $input_password = $password;
                if ($password != $db_password) {
                        $pagetype = 'login';
                        $message = 'badpass';
                } else {
                        $acl = $db_userinfo[0][0][3];
                }
        } else {
                $pagetype = 'login';
                $message = 'expire';
        }
}

// Updates the cookie on every pageload.  You probably want this.
if (($pagetype != 'login') and ($pagetype != 'dologin') and ($pagetype != 
'dologoff') and ($pagetype != 'dochangepass')) {
        $time = mktime()+1800;
        $date = gmdate("D, d-M-Y H:i:s", ($time));
        header ('Set-Cookie: username='.$username.'; expires='.$date.' GMT; path=/; 
domain='.$SERVER_ADDR);
        header ('Set-Cookie: password='.$password.'; expires='.$date.' GMT; path=/; 
domain='.$SERVER_ADDR);
}

if ($pagetype == 'login') {
        $time = mktime()-1800;
        $date = gmdate("D, d-M-Y H:i:s", ($time));
        header ('Set-Cookie: username='.$username.'; expires='.$date.' GMT; path=/; 
domain='.$SERVER_ADDR);
        header ('Set-Cookie: password='.$password.'; expires='.$date.' GMT; path=/; 
domain='.$SERVER_ADDR);
        // Replace this with whatever you do to generate a login page.
        render_page ('login', $message, 0, 0, $gabrielle_version, $SERVER_PORT, 
$SERVER_ADDR, 0, 0, 0, $HTTP_SERVER_VARS["SERVER_PORT"], 
$HTTP_SERVER_VARS["SERVER_NAME"], $PHP_SELF);
}

if ($pagetype == 'home') {
        // Replace this with others.
        render_page ('home', $message, $username, $acl, $gabrielle_version, 0, 0, 0, 
0, 0, $HTTP_SERVER_VARS["SERVER_PORT"], $HTTP_SERVER_VARS["SERVER_NAME"], 
$PHP_SELF);
}

// Add more sections here for additional pagetypes.

?>

On Wednesday 12 December 2001 15:16, Steve Osborne wrote:
> Still trying to get the cookie to work in my site for automatic login
> capabilities. It has it's moments of greatness, before fading into the
> shadows again. Most recently, I downloaded Netscape 6.2.1 to test my site,
> and when I did not allow the password manager to save my login, it has
> since refused to allow my cookie to be set, even when I unblocked cookies
> for the site in the Netscape preferences. So, in light of that, I tried to
> set the cookie on a page in the directory above the login page, in hopes
> that I could get around the Netscape problem, and, of course, this stopped
> IE 6 from reading the cookie.  Now, neither browser is working correctly. 
> I am already resigned to the fact that I will not try to support users of
> versions 4 and below in regards to cookies, however I do need to get the
> more recent versions working.
>
> Is it true that when you set a cookie, it is valid only in that directory
> or domain?
> Will it be retrieved in subfolders of that directory?
> Do I require special code  to allow it to be accessed in subfolders?
>
> Steve Osborne
> Database Programmer
> Chinook Multimedia Inc.
> [EMAIL PROTECTED]

-- 
Casey Allen Shobe
[EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]