Guest Aegidius Posted February 4, 2011 Share Posted February 4, 2011 I have this code <?php require_once("config.inc.php"); // script che controlla i dati ricevuti per il login dall'index.php e logga l'utente nel sistema // l'utente ha inviato il form if (isset($_POST["user_login_submit"])) { // controllo anti-spam superato if (isset($_POST["human"]) && strcmp($_POST["human"], "") == 0) { $query = 'SELECT awatag FROM users WHERE awatag = "' . $_POST["awatag"] . '" AND password = PASSWORD("' . $_POST["password"] . '") AND confirmed = 1;'; $awatag = mysql_query($query, DB_LINK); // utente trovato if (mysql_num_rows($awatag) == 1) { $awatag = mysql_fetch_assoc($awatag); $awatag = $awatag["awatag"]; // controlla se l'utente vuole essere ricordato if (isset($_POST["remember"]) && strcmp($_POST["remember"], "yes") == 0) { // scadenza $cookie_expire = COOKIE_EXPIRE; } else { $cookie_expire = 0; } // genera la chiave di sicurezza require_once(CLASS_PATH . "random_string.php"); define("KEY", rand_str(KEY_LENGTH)); // cambia le info nel db $query = 'UPDATE users SET ip_address = "' . $_SERVER["REMOTE_ADDR"] . '", logged = 1, security_key = "' . KEY . '" WHERE awatag = "' . $awatag . '";'; mysql_query($query, DB_LINK); // imposta i cookie $cookie_setted = setcookie("awatag", $awatag, $cookie_expire) && setcookie("security_key", KEY, $cookie_expire); if (!$cookie_setted) { die(COOKIE_DISABLED_ERROR); } // fai il redirect header("Location: " . ROOT_PATH . "home.php"); } // se l'utente non è stato trovato, allora continua con il caricamento della pagina, mostrando gli errori } // controlla anti-spam fallito else { header("Location: " . SPAM_TRAP); } } // l'utente non ha inviato il form ed è finito qui per caso else { header("Location: " . ROOT_PATH); }?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="it" xml:lang="it"> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>Login</title> <link rel="stylesheet" type="text/css" media="screen, handheld, print" href="<?php echo ROOT_PATH . CSS_PATH; ?>index.css" /> <script type="text/javascript" src="<?php echo ROOT_PATH . CLASS_PATH . JQUERY_FILENAME; ?>"></script> <script type="text/javascript" src="<?php echo ROOT_PATH . CLASS_PATH . JQUERY_COOKIE_FILENAME; ?>"></script> </head> <body> <div id="wrap"> <div id="header"></div> <div id="main"> <div id="login_error"> <h1>awatag login</h1> <p> Attenzione! I dati che hai inserito non sono corretti. <br /> <br /> <a href="">Hai dimenticato i tuoi dati di accesso?</a> <br /> <a href="<?php echo ROOT_PATH; ?>">Non sei ancora registrato?</a> </p> </div> </div> </div><?php require_once("footer.inc.php");?> </body></html> The setcookie function create 4 cookie instead of 2: awatag=pino (and this is correct) security_key=1234567890 (and this is correct too) awatag=pino (another one: this is not correct) security_key = KEY (this is not correct) And then, in the home.php the cookie are not visible.Why? I really don't understand where I'm wrong. Link to comment Share on other sites More sharing options...
birbal Posted February 4, 2011 Share Posted February 4, 2011 $cookie_setted = setcookie("awatag", $awatag, $cookie_expire) && setcookie("security_key", KEY, $cookie_expire); you should take the return value individualy..and then you should check the return values. And then, in the home.php the cookie are not visible.is your home.php in seprate directory path..rather than where you set cookie?you should use the domain name or path ('/' for entire domain) as parameter in setcookie..otherwise it will be set to the current path only be default. Link to comment Share on other sites More sharing options...
justsomeguy Posted February 4, 2011 Share Posted February 4, 2011 Note that setcookie will not return false if the user rejected the cookie or if the browser doesn't support them. It will only return false if it was not able to send the header, there's no way to tell whether or not the user accepted the cookie that was sent other than by checking if it's set on a later page. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.