How is exactly is SetCookie() broken?
Compare your header() call to the same SetCookie() calls and you will see
that yours produces:
Set-Cookie: username=Rasmus; expires=Wed, 12-Dec-2001 21:58:55 GMT; path=/;
domain=www.php.net
Set-Cookie: password=d41d8cd98f00b204e9800998ecf8427e; expires=Wed, 12-Dec-2001
21:58:55 GMT; path=/; domain=www.php.net
Whereas these two calls:
SetCookie('username',$username,time()+1800,'/',$SERVER_ADDR);
SetCookie('password',$password,time()+1800,'/',$SERVER_ADDR);
Produce:
Set-Cookie: username=Rasmus; expires=Wed, 12-Dec-01 21:58:55 GMT; path=/;
domain=www.php.net
Set-Cookie: password=d41d8cd98f00b204e9800998ecf8427e; expires=Wed, 12-Dec-01 21:58:55
GMT; path=/; domain=www.php.net
Putting them side by side to make it easier to compare:
Set-Cookie: username=Rasmus; expires=Wed, 12-Dec-2001 21:58:55 GMT; path=/;
domain=www.php.net
Set-Cookie: username=Rasmus; expires=Wed, 12-Dec-01 21:58:55 GMT; path=/;
domain=www.php.net
They are identical except for the PHP SetCookie() version using a 2-digit
year (which can be changed in your php.ini file with the y2k directive).
So if PHP's SetCookie() is broken, then your Header() calls is just as
broken.
-Rasmus
On Wed, 12 Dec 2001, Casey Allen Shobe wrote:
> Mine's working great.
> setcookie() is broken pretty badly though...so I use header instead...here's
> my whole authentication system. I home that it will be of use to you. This
> works in every browser that supports cookies. I've tested NN6-6.2, NN4.77,
> IE5.0-6.0, and Konqueror 2.2.1.
>
> <?php
>
> if ($pagetype == null) {
> $pagetype = 'login';
> }
>
> // (This is for a 30 minute cookie)
> if ($pagetype == 'dologin') {
> if (($username != null) and ($password != null)) {
> $time = mktime()+1800;
> $date = gmdate("D, d-M-Y H:i:s", ($time));
> $password = md5 ($password);
> header ('Set-Cookie: username='.$username.'; expires='.$date.' GMT;
>path=/;
> domain='.$SERVER_ADDR);
> header ('Set-Cookie: password='.$password.'; expires='.$date.' GMT;
>path=/;
> domain='.$SERVER_ADDR);
> header ('Refresh: 1; url='.$PHP_SELF.'?pagetype=home');
> print 'One moment, logging on...'."\n";
> } else {
> $pagetype = 'login';
> $message = 'nopass';
> }
> }
>
> if ($pagetype == 'dologoff') {
> $time = mktime()-1800;
> $date = gmdate("D, d-M-Y H:i:s", ($time));
> header ('Set-Cookie: username='.$username.'; expires='.$date.' GMT; path=/;
> domain='.$SERVER_ADDR);
> header ('Set-Cookie: password='.$password.'; expires='.$date.' GMT; path=/;
> domain='.$SERVER_ADDR);
>
> $pagetype = 'login';
> }
>
> // If you want to make sure the user doesn't forge their cookie timeout to a
> // longer time, you can also write a lastlogin timestamp into a database or
> // local file, and double-check against that, using the server time.
>
> // You could also even write a isloggedon value to a database to verify that
> // once a user logs off, they are *really* logged off by making it also
> // challenge that.
>
> // This is my authentication check...yours will differ.
> if (($pagetype != 'login') and ($pagetype != 'dologin') and ($pagetype !=
> 'dologoff')) {
> if (($username != null) and ($password != null)) {
> $db_userinfo = db_query ($db2_conn, 'select * from gabrielle_users
>where
> username=\''.$username.'\'');
> $db_password = $db_userinfo[0][0][2];
> $input_password = $password;
> if ($password != $db_password) {
> $pagetype = 'login';
> $message = 'badpass';
> } else {
> $acl = $db_userinfo[0][0][3];
> }
> } else {
> $pagetype = 'login';
> $message = 'expire';
> }
> }
>
> // Updates the cookie on every pageload. You probably want this.
> if (($pagetype != 'login') and ($pagetype != 'dologin') and ($pagetype !=
> 'dologoff') and ($pagetype != 'dochangepass')) {
> $time = mktime()+1800;
> $date = gmdate("D, d-M-Y H:i:s", ($time));
> header ('Set-Cookie: username='.$username.'; expires='.$date.' GMT; path=/;
> domain='.$SERVER_ADDR);
> header ('Set-Cookie: password='.$password.'; expires='.$date.' GMT; path=/;
> domain='.$SERVER_ADDR);
> }
>
> if ($pagetype == 'login') {
> $time = mktime()-1800;
> $date = gmdate("D, d-M-Y H:i:s", ($time));
> header ('Set-Cookie: username='.$username.'; expires='.$date.' GMT; path=/;
> domain='.$SERVER_ADDR);
> header ('Set-Cookie: password='.$password.'; expires='.$date.' GMT; path=/;
> domain='.$SERVER_ADDR);
> // Replace this with whatever you do to generate a login page.
> render_page ('login', $message, 0, 0, $gabrielle_version, $SERVER_PORT,
> $SERVER_ADDR, 0, 0, 0, $HTTP_SERVER_VARS["SERVER_PORT"],
> $HTTP_SERVER_VARS["SERVER_NAME"], $PHP_SELF);
> }
>
> if ($pagetype == 'home') {
> // Replace this with others.
> render_page ('home', $message, $username, $acl, $gabrielle_version, 0, 0, 0,
> 0, 0, $HTTP_SERVER_VARS["SERVER_PORT"], $HTTP_SERVER_VARS["SERVER_NAME"],
> $PHP_SELF);
> }
>
> // Add more sections here for additional pagetypes.
>
> ?>
>
> On Wednesday 12 December 2001 15:16, Steve Osborne wrote:
> > Still trying to get the cookie to work in my site for automatic login
> > capabilities. It has it's moments of greatness, before fading into the
> > shadows again. Most recently, I downloaded Netscape 6.2.1 to test my site,
> > and when I did not allow the password manager to save my login, it has
> > since refused to allow my cookie to be set, even when I unblocked cookies
> > for the site in the Netscape preferences. So, in light of that, I tried to
> > set the cookie on a page in the directory above the login page, in hopes
> > that I could get around the Netscape problem, and, of course, this stopped
> > IE 6 from reading the cookie. Now, neither browser is working correctly.
> > I am already resigned to the fact that I will not try to support users of
> > versions 4 and below in regards to cookies, however I do need to get the
> > more recent versions working.
> >
> > Is it true that when you set a cookie, it is valid only in that directory
> > or domain?
> > Will it be retrieved in subfolders of that directory?
> > Do I require special code to allow it to be accessed in subfolders?
> >
> > Steve Osborne
> > Database Programmer
> > Chinook Multimedia Inc.
> > [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
