Cookies are Not Being Set Properly in PHP Script

StackOverflow https://stackoverflow.com/questions/857153

  •  21-08-2019
  •  | 
  •  

Question

Im very new in php and try to use cookie but it is not woking in my site, can anyone guide me please , what is going wrong in my code:

<?php
session_start();
?>
<script>
function Redirect(url)
{
 location.href = url;
}

</script>
<?php 

define('_VALID_ACCESS', true);
include_once "includes/connect.php";
include_once "includes/login.php";


if(empty($_POST['loginname']) || empty($_POST['password']))
{
    $msg = "User or password is empty";
}
else
{
    if(login($_POST['loginname'], $_POST['password']) == true)
    {
        $usern = $_POST['loginname'];
        session_register('loginname');
        $loginname = $usern;        
        sleep(1);
            if(activestatus($_POST['loginname'], $_POST['password']) == true)
            {
            $usern = $_POST['loginname'];
            session_register('loginname');
            $loginname = $usern;        
            sleep(1);

            $hour = time() + 3600;
            setcookie("ID_my_site", $_POST['loginname'], $hour);
            setcookie("Key_my_site", $_POST['password'], $hour); 
            $test = $_COOKIE["ID_my_site"];
            $msg = "<script> Redirect ('home.html?testname=".$test."')</script>"; 
             //header("Location: home.html"); 
            }
            else
            {
            $msg = "<script> Redirect ('valid.php?testname=".$usern."')</script>"; 
            }

    }
    else
    {
        $msg = "<font color=red>User or Password is wrong</font>";
    }
}
echo '<div id="divTarget">' . $msg . '</div>'; 
?>
  <link rel="stylesheet" href="css/blueprint/screen.css" type="text/css" media="screen, projection">
  <link rel="stylesheet" href="css/blueprint/print.css" type="text/css" media="print">
  <link rel="stylesheet" href="css/blueprint/ie.css" type="text/css" media="screen, projection">  
 <body>
 <div class="container" id="login_container">
<form id="login" action="action.php" method="post" name="loginform" >
    <fieldset id="login_screen"  style="width:350px">
        <label id="login_label" for="login">User Login </label> 
        <br><br>
        <label for="login">Email Address</label>
        <input type="text" name="loginname" id="loginname" value="email@coolmates.com">    
        <p id="space"><label for="password">Password</label>
        <input type="password" id="password" name="password"  value="********" ></p>
        <input type="checkbox">Keep me signed in until i signout
        <p id="test"><input type="submit" value="Submit"></p>
        <a href="forgetpassword.html">Forgot
        your password</a>&nbsp;&nbsp;|<span id="free">Not a member?</span><a href="regForm.html">Sign up</a><blink><span id="free">Free</span></blink> 
        </p>
    </fieldset>
</form> </div>
</body>
Was it helpful?

Solution

Turn on display_errors and set your error_reporting to E_ALL and you should see an error message about 'headers already sent' - you have to call setcookie() BEFORE ANY HTML IS SENT. From php.net/setcookie:

setcookie() defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including and tags as well as any whitespace.

In the code block that you posted this bit:

<script>
function Redirect(url)
{
 location.href = url;
}

</script>

Is being output directly to the browser well before you ever attempt to set the cookies.

Your two possibilities would be to use output buffering so that you output everything at the very end or to switch to a method where all of your processing code is executed first in one script and there you set $_SESSION and cookie values and then include a second script at the tail end of the first that contains the code to be output to the browser.

OTHER TIPS

Try this (specifying the root of your site) :

setcookie("ID_my_site", $_POST['loginname'], $hour,'/');

or try this (adding quotes to your loginname) :

setcookie("ID_my_site", "$_POST['loginname']", $hour,'/');

1st you don't need session_register, you can just do.

Since session_register is the preferred method since 4.1.0 and deprecated as of PHP 5.3

$_SESSION["loginname"] = $_POST["loginname"]

2nd if you are going to use sessions, your flow could be better, since this does not work.

$_SESSION["foo"] = 1;
header("Location: stuff.php");

Then you can't view the session data in stuff.php. You could either send the user to the main page, and do the authentication there, and if it passes then you just continue on with the loading of the main page, and if it doesn't, then you send the user back to the login page like this.

if($_SESSION["authenticated"] == 0)
{
    header("Location: login.php");
    die();
}

Also you should not be storing a password is cookie data -- this is a big security No-No!!!

If you want to do something like that set a unique - random - identifier that changes when they login and use that instead (you should still MD5 it)

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top