Forum Moderators: coopster
So If I go to /admin or something, the cookie no longer works, and the variables arn't set.
To make it worse, I need to use the cookie across 2-3 subdomains. Every time I hit a different subdomain, the poor user has to log in again. Then again when I change directories.
At the top of each page that needs the cookie, I call session_start();
Then check to see if user and password are set. If not, it shows the login page.
if(!isset($username) ¦!isset($password))
Login page stores the cookie.
setcookie("username", $username, time()+3600);
setcookie("password", $password, time()+3600);
[edit]
(I need to pull bbuserid bbpassword out of our VBullitin cookies.)
bool setcookie ( string name [, string value [, int expire [, string path [, string domain [, bool secure]]]]] )
setcookie("username", $username, time()+3600, '/', 'www.example.com');
setcookie("password", $password, time()+3600, '/', 'www.example.com');
1/ You are not reading the cookie correctly, you must use $_COOKIE['name'], not just $name, or as soon as your host starts taking security seriously your script will no longer work - at all.
2/ http://example.foo and http://www.example.foo are different sites. Unless you specifically set the path for the cookie, cookies you set for one will not be viewable by the other. (Check that /admin isn't also being called with/without the www)
3/ Try print_r($_COOKIE); to view all current cookies for that site!
I opened the VBulliten cookie dan@www.example.net/
bblastvisit
www.example.net/
*
bblastactivity
www.example.net/
*
bbuserid
www.example.net/
*
bbpassword
www.example.net/
*
Now the site I had problem with, where if I changed directory, cookie is no longer good, is the exact same way.
Cookie:Dan@example.net/
www.example.net/
www.example.net/
www.example.net/
And so forth.
Now I need the cookie to work from
www.example.example.net
and
www.example.net/admin
that would be a differewnt subdomain the with example in there twice
[php.net...]
To make the cookie available on all subdomains of example.com then you'd set it to '.example.com'. The . is not required but makes it compatible with more browsers. Setting it to www.example.com will make the cookie only available in the www subdomain.
so then
setcookie("username", $username, time()+3600, '/', '.example.com');
setcookie("password", $password, time()+3600, '/', '.example.com');
but also look at what vincevincevince mentioned, it could just be that you are not accessing them rpoperly
You are not reading the cookie correctly, you must use $_COOKIE['name']
All I'm using is session start(), and setcookie.
How does VBulliten jump from DIR to DIR and keep your login data?
Is that what you mean?
Initally I downloaded a cooke password freebie script.
When you login page, it uses 'setcookie' like my first post.
On protected pages, at the top, I put session_start() like it said, and $username and $password were set.
Then compare.
Works ok, except for the problems mentioned. :(
Here is a more detailed look.
<?
session_start(); // start session.if(!isset($username) ¦!isset($password)) {
(show login form)
exit();
}// Here you would check the supplied username and password against your database to see if they exist.
if (strcmp($user_passwords[$username],$password) == 0)
{
setcookie("username", $username, time()+3600);
setcookie("password", $password, time()+3600);
}
else {
setcookie("username", $username, time()-3600);
setcookie("password", $password, time()-3600);
}// If the username exists and pass is correct, don't pop up the login code again.
// If info can't be found or verified....if (!($valid_user))
{
(show login form again)
exit();
}?>
Rest of the page goes here.
1/ You are not reading the cookie correctly, you must use $_COOKIE['name'], not just $name, or as soon as your host starts taking security seriously your script will no longer work - at all.
So that password script is like.... a hack job, not using $_COOKIE?!
So what I need to do
1. Edit the VBulletin login.php to save '.example.com/' instead of 'www.example.com/'
2. Set cookies by adding the arguments, '.example.com/' so that it doesn't store a generic path.
3. Access the data using $_COOKIE, and not session variables.
Is this correct?
[edit]
I dont have to edit login.php - I found VB has an option for it. :) :)
the first 2 points might help as well but I think that is the real problem. I am guessing register_globals is on and that is the only reason you script is presently working at all.
It really shouldn't be.
forget sessions and just work with $_COOKIE vars and I think it will get sorted.
Using $_COOKIE worked out great. Now you can log in from either domain.
Yes, basically before I was taking advantage of register variables; this method is much more solid.
On the same sort of topic, say a user submits a form of data, and needs to login.
I show the login page.
Now how do I redirect (using header, and refresh, thats fine) to the page they wanted to go to?
I need to store what they WANTED to do, and send them there after a correct login.
Would I store that into a register or session variable?
I need something I can pass to login.php, then login.php would redirect when done.
