[PHP] Problems with setcookie funtion

[Guest Aegidius]

I have this code

<?php	require_once("config.inc.php");		// script che controlla i dati ricevuti per il login dall'index.php e logga l'utente nel sistema		// l'utente ha inviato il form	if (isset($_POST["user_login_submit"]))	{		// controllo anti-spam superato		if (isset($_POST["human"]) && strcmp($_POST["human"], "") == 0)		{			$query = 'SELECT awatag FROM users WHERE awatag = "' . $_POST["awatag"] . '" AND password = PASSWORD("' . $_POST["password"] . '") AND confirmed = 1;';			$awatag = mysql_query($query, DB_LINK);						// utente trovato			if (mysql_num_rows($awatag) == 1)			{				$awatag = mysql_fetch_assoc($awatag);				$awatag = $awatag["awatag"];												// controlla se l'utente vuole essere ricordato				if (isset($_POST["remember"]) && strcmp($_POST["remember"], "yes") == 0)				{										// scadenza					$cookie_expire = COOKIE_EXPIRE;				}				else				{					$cookie_expire = 0;				}								// genera la chiave di sicurezza				require_once(CLASS_PATH . "random_string.php");				define("KEY", rand_str(KEY_LENGTH));								// cambia le info nel db				$query = 'UPDATE users SET ip_address = "' . $_SERVER["REMOTE_ADDR"] . '", logged = 1, security_key = "' . KEY . '" WHERE awatag = "' . $awatag . '";';				mysql_query($query, DB_LINK);								// imposta i cookie				$cookie_setted = setcookie("awatag", $awatag, $cookie_expire) && setcookie("security_key", KEY, $cookie_expire);				if (!$cookie_setted)				{					die(COOKIE_DISABLED_ERROR);				}												// fai il redirect				header("Location: " . ROOT_PATH . "home.php");			}			// se l'utente non è stato trovato, allora continua con il caricamento della pagina, mostrando gli errori 		}		// controlla anti-spam fallito		else		{			header("Location: " . SPAM_TRAP);		}	}	// l'utente non ha inviato il form ed è finito qui per caso	else	{		header("Location: " . ROOT_PATH);	}?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="it" xml:lang="it">	<head>		<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />		<title>Login</title>		<link rel="stylesheet" type="text/css" media="screen, handheld, print" href="<?php echo ROOT_PATH . CSS_PATH; ?>index.css" />		<script type="text/javascript" src="<?php echo ROOT_PATH . CLASS_PATH . JQUERY_FILENAME; ?>"></script>		<script type="text/javascript" src="<?php echo ROOT_PATH . CLASS_PATH . JQUERY_COOKIE_FILENAME; ?>"></script>	</head>	<body>		<div id="wrap">			<div id="header"></div>			<div id="main">				<div id="login_error">					<h1>awatag login</h1>					<p>						Attenzione! I dati che hai inserito non sono corretti.						<br />						<br />						<a href="">Hai dimenticato i tuoi dati di accesso?</a>						<br />						<a href="<?php echo ROOT_PATH; ?>">Non sei ancora registrato?</a>					</p>				</div>			</div>		</div><?php  require_once("footer.inc.php");?>	</body></html>

The setcookie function create 4 cookie instead of 2:

• awatag=pino (and this is correct)
• security_key=1234567890 (and this is correct too)
• awatag=pino (another one: this is not correct)
• security_key = KEY (this is not correct)

And then, in the home.php the cookie are not visible.Why? I really don't understand where I'm wrong.

[birbal]

$cookie_setted = setcookie("awatag", $awatag, $cookie_expire) && setcookie("security_key", KEY, $cookie_expire);

you should take the return value individualy..and then you should check the return values.

And then, in the home.php the cookie are not visible.

is your home.php in seprate directory path..rather than where you set cookie?you should use the domain name or path ('/' for entire domain) as parameter in setcookie..otherwise it will be set to the current path only be default.

[justsomeguy]

Note that setcookie will not return false if the user rejected the cookie or if the browser doesn't support them. It will only return false if it was not able to send the header, there's no way to tell whether or not the user accepted the cookie that was sent other than by checking if it's set on a later page.