Cookies are not working!

[clonetrooper9494]

Ok, I have 3 pages... 1, is a form:http://clone-drone.net/cookies/form.html

<form action="http://www.clone-drone.net/cookies/set_cookie.php"><br><input type="text" name="username" value="username"><br><input type="text" name="password" value="password"><br><input type="submit"></form>

this is the page that sets the cookie:http://www.clone-drone.net/cookies/set_cookie.php

<?php$username = $_GET['username'];$password = $_GET['password'];setcookie("username", "username", time()+3600);setcookie("password", "password", time()+3600);echo "<a href='http://clone-drone.net/cookies/read_it.php'>HERE</a> to view it!"?>

this page echos the cookie:http://clone-drone.net/cookies/read_it.php

<?php$username = $_COOKIE['username'];$password = $_COOKIE['password'];echo "<a href='http://clone-drone.net/cookies/form.html'>HERE</a> to re-set it!<br><br>" . $_COOKIE['username'] . "<br>" . $_COOKIE['password'];?>

can anybody see any problems with it?

[jhecht]

You didn't specify a method for the form. If a user is loging in or anything else, use POST, not GET because POST is harder to hack.Also, NEVER store passwords as cookies. Ever. If you must be shot or store a password in a cookie, get shot. other than that, in the file that sets the cookies, are there any blank spaces before the PHP file? any kind of output?try putting this line above all of the other lines in every file(debug basically):

error_reporting(E_ALL);

If it comes back with any errors, post them here. If not, then just make sure every step of the way that what you're trying to do is being done.(IE after every line or so where theres a function call, echo something out to make sure it works, or try putting OR DIE('something didn't work'); after every call to a function like setcookie('username',$value,time()+3600) or die('Cookie USER not set');

[Synook]

Well checking on the Firefox cookie list I can see your cookies set, so it is something to do with the echo bit. On read_it.php try

print_r($_COOKIE);

[clonetrooper9494]

The confusing thing is this one works:http://clone-drone.net/index2.php

<?phpsetcookie("user1", "This expires in one hour!", time()+3600);echo 'Cookie Set... oh yeah, and refresh once!<br><br>';echo $_COOKIE['user1'] . '<br>';?>

why is this happening?again, this is a test, I can clearlly see all POST and GET problems.here is the debugged version:http://www.clone-drone.net/cookies/set_cookie.php

<?php$username = $_GET['username'] OR DIE('something didn't work');$password = $_GET['password'] OR DIE('something didn't work');setcookie("username", "username", time()+3600) OR DIE('something didn't work');setcookie("password", "password", time()+3600) OR DIE('something didn't work');echo "<a href='http://clone-drone.net/cookies/read_it.php'>HERE</a> to view it!" OR DIE('something didn't work');?>

this page echos the cookie:http://clone-drone.net/cookies/read_it.php

<?php$username = $_COOKIE['username'] OR DIE('something didn't work');$password = $_COOKIE['password'] OR DIE('something didn't work');echo "<a href='http://clone-drone.net/cookies/form.html'>HERE</a> to re-set it!<br><br>" . $_COOKIE['username'] . "<br>" . $_COOKIE['password'] OR DIE('something didn't work');?>

EDIT: The only error I get is this:Parse error: syntax error, unexpected T_STRING in /home/clonedro/public_html/cookies/set_cookie.php on line 2the '2' is what ever line has the OR DIE() thing on it... after taking out the OR DIE() on the $vars it said line 4, the line that sets the cookie.same thing happend for the read it page... look at the to pages above, did I add something wrong

[Synook]

Did you try the print_r($_COOKIE) ?

[justsomeguy]

That's not debugging. First of all, you can't just put "or die" after any arbitrary line. It can only come after an expression that could evaluate to false, an assignment expression doesn't count. Secondly, how does it help if every line displays the same error message? If you see that message you still have no clue what happened. Also, the parse error is because of all the single quotes you used. Look at the code in a text editor that does syntax highlighting, you aren't using quotes correctly (so your debugging code has bugs in it). If you need a text editor that does syntax highlighting then download ConTEXT.The only change I made was when you set the cookies you use the strings "username" and "password" instead of the text that you got from the form. Everything else works.

[clonetrooper9494]

Ok, if I say print_r($_COOKIE) then it does this: Array( )I just can not get this to show! I don't even think the cookies are setting...

<?php$username = $_COOKIE['username'];$password = $_COOKIE['password'];echo "<a href='http://clone-drone.net/cookies/form.html'>HERE</a> to re-set it!<br><br>";if($_COOKIE = ""){echo "a cookie is not set!";}else{echo "a cookie is set!";}?>

then I made a page that says:

<?php$username = $_GET['username'];$password = $_GET['password'];setcookie("username", "$username", time()-3600);setcookie("password", "$password", time()-3600);echo "<a href='http://clone-drone.net/cookies/read_it.php'>HERE</a> to make sure it is deleted!";?>

but no matter what, it always echos a cookie is set! ... can any body see why this is happening?

[justsomeguy]

Upload it to a live server and test there. If you're trying to use cookies with localhost some browsers have problems and won't set them. I tested the script on a live server and it works fine.

[clonetrooper9494]

It is at http://clone-drone.net/cookies/form.html ... is that a live sever?

[Synook]

Yes that is. The thing is, I can actually see the cookies set in the cookies folder and in the Firefox cookies interface, but your PHP script can't. Maybe the hosts made a mistake when they were setting permissions?

[clonetrooper9494]

So, here is my main question: is it really setting the cookies? I want to have the person logged in, so is the problem just that I can't see them, or that I can't access them? I would have in conect to a SQL DB to get info and stuff.Also, for the cookie, what should te values be?I would put: username=username and password=password... or is that a bad idea?But really, something is messed up... go here http://clone-drone.net/index2.php and refresh... as you can see, the cookies is setting! here is the code:

<?phpsetcookie("user1", "This expires in one hour!", time()+3600);echo 'Cookie Set... oh yeah, and refresh once!<br><br>';echo $_COOKIE['user1'] . '<br>';?>

[Synook]

I want to have the person logged in, so is the problem just that I can't see them, or that I can't access them? I would have in conect to a SQL DB to get info and stuff.

Why not just store their userID in a session?

Also, for the cookie, what should te values be?I would put: username=username and password=password... or is that a bad idea?

Yes, it is a bad idea. As Jecht said, "NEVER store passwords as cookies". If you really need to have authentication through cookies, hash the password before storing it.

setcookie("password", sha1($_POST['password']), time()-3600);

But really, something is messed up... go here http://clone-drone.net/index2.php and refresh... as you can see, the cookies is setting! here is the code:

Maybe your host is preventing cookies with names such as "username" and "password" from being set or accessed for security reasons... try naming them something like value1 and value2.

[clonetrooper9494]

Thanks, I will try that... I had an idea that the user could login if their IP address matched the one in an SQL DB... is that smart?

[Synook]

No - what if they try to access their account from another computer, or their ISP assigns them a dynamic IP?

[justsomeguy]

You might need to use more parameters for setcookie other then just the defaults. Your form example isn't working because you keep jumping between subdomains, you set the cookie at www.clone-drone.net and try to read it at just clone-drone.net. That won't work with the defaults, it only sends the cookie to the same subdomain. Give the cookie a path and domain also.setcookie("user1", "This expires in one hour!", time()+3600, '/', '.clone-drone.net');The dot before the domain means that it can be used on subdomains also.If you're going to put the password in the cookie then hash it in such a way that it can't be copied from one computer to another computer. You can include the IP in the hash as well. That means the cookie won't work if someone's IP changes, but it will be more secure.setcookie('password', sha1($password . $_SERVER['REMOTE_ADDR']), time()+3600, '/', '.clone-drone.net');