Go Back   Computer Forums > Web Design | Website Development > Web Programming
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 06-30-2006, 06:02 PM   #1
Baseband Member
 
Join Date: Jan 2006
Posts: 23
Default PHP, cookies, and users

Okay, here's a new problem for today:
I'm trying to make a web based stock management majig but first I have to set up all the authorization stuff. So I've been learning how to check back with my mysql databases for usernames and passwords, but I want to set it up so it can also be authorized by cookies.

I'll post the code on the next post. It's not the prettiest thing. It works when I log-in but if i go to the protected page without entering the information on the login page I get yelled at with "Grr. HAHAHAHA!!! You can't get in!", which is what it's suppose to do when a password or username is incorrect.

ANYWAY, I set up two cookies and I also set the php page to mail me the values of the variables assigned to equal the cookies. Whenever I login through the log-in page, it mails back both $user and $pass. But, when I just go to the protected page it only mails back a value for $pass (therefore I assume $user didn't recieve a value). I checked the cookies on my computer and they are both there. SO why can't my page get the $user when skip the log-in page?

Thanks!
__________________

blondegeek is offline   Reply With Quote
Old 06-30-2006, 06:03 PM   #2
Baseband Member
 
Join Date: Jan 2006
Posts: 23
Default Re: PHP, cookies, and users

And here's the code:
PHP Code:
<?php 

$PHP_AUTH_USER 
$_POST['PHP_AUTH_USER'];
$PHP_AUTH_PW $_POST['PHP_AUTH_PW'];

$user $HTTP_COOKIE_VARS["user"];
$pass $HTTP_COOKIE_VARS["password"];

$auth false// Assume user is not authenticated 

    // Connect to MySQL 

        
        
mysql_connect'*******''********''********' ) or die ( 'Unable to connect to server.' ); 
        
    
// Select database on MySQL server 
        
mysql_select_db'store_database' ) or die ( 'Unable to select database.' ); 

    
// Formulate the query 

    
$sql "SELECT * FROM `stock_user` WHERE `username` = '".$PHP_AUTH_USER."' AND `password` = '".$PHP_AUTH_PW."'"
    
$sql2 "SELECT * FROM `stock_user` WHERE `username` = '".$user."' AND `password` = '".$pass."'"

    
// Execute the query and put results in $result 

    
$result mysql_query($sql); 
    
$result2 mysql_query($sql2);
        
    while(
$stockusers mysql_fetch_assoc($result)) {
        
$db_user stripslashes$stockusers['username'] );
        
$db_pass stripslashes$stockusers['password'] );
        }
        
    while(
$stockusers2 mysql_fetch_assoc($result2)) {
        
$db_user2 stripslashes$stockusers['username'] );
        
$db_pass2 stripslashes$stockusers['password'] );
        }


    if (
$PHP_AUTH_USER $db_user and $PHP_AUTH_PW $db_pass) { 
    
$auth true; }
    elseif (
$user $db_user2 and $pass $db_pass2) {
    
$auth true; }
    else { 
        echo 
"Grr.";
    }
    if (
$auth == true) {
    
    if (isset(
$user) AND isset($pass)) {
        
        }
    else {
        
setcookie("user""$PHP_AUTH_USER"time()+3600);
        
setcookie("password""$PHP_AUTH_PW"time()+3600);
    }
        
        
////////////////page info ///////////////
        
echo "Hello blondegeek.";
        
//////////////////end page info//////////////
    
}  

    else {
    echo 
"HAHAHAHA!!! You can't get in!";
    }
$email "blondegeek@blondegeek.net";
mail($email"Login"$user\n $pass\n");
?>
__________________

blondegeek is offline   Reply With Quote
Old 07-05-2006, 06:48 AM   #3
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,004
Default Re: PHP, cookies, and users

I've not tested this, but I don't see any reason why it shouldn't work.

Code:
<?PHP
$user = $HTTP_COOKIE_VARS["user"]; 
$pass = $HTTP_COOKIE_VARS["password"]; 
//if cookie doesn't exist, check piost variables for login form information
if(($user=="")||($pass==""))
{
    $user = $_POST['PHP_AUTH_USER']; 
    $pass = $_POST['PHP_AUTH_PW']; 
}
$auth = false; // Assume user is not authenticated 
    // only connect to database if a username or password exists, else don't bother
    if (($user!="")&&($pass!=""))
    {
        // Connect to MySQL     
        mysql_connect( '*******', '********', '********' ) or die ( 'Unable to connect to server.' ); 
        // Select database on MySQL server 
        mysql_select_db( 'store_database' ) or die ( 'Unable to select database.' ); 
        $sql = "SELECT * FROM `stock_user` WHERE `username` = '".$PHP_AUTH_USER."' AND `password` = '".$PHP_AUTH_PW."'"; 
        // Execute the query and put results in $result 
        $result = mysql_query($sql); 
        while($stockusers = mysql_fetch_assoc($result)) 
        { 
            $db_user = stripslashes( $stockusers['username'] ); 
            $db_pass = stripslashes( $stockusers['password'] ); 
        } 
        if ($user = $db_user2 and $pass = $db_pass2) 
        { 
            //if user is already logged in or just logging in set cookie to expire (time from last action).
            setcookie("user", "$PHP_AUTH_USER", time()+3600); 
            setcookie("password", "$PHP_AUTH_PW", time()+3600); 
            //set auth to true
            $auth = true; 
        } 
    }

if($auth==true)
{
    ////////////////page info /////////////// 
    print "Hello blondegeek."; 
    //////////////////end page info////////////// 
}
else
{
    print "You're not logged in";
}
?>
it's loosly based on the code that you put up, but it's much more simplified and has fewer database calls.

one other thing.. I suggest that you store the passwords in the database in md5 hashes...
(I assume that you have a web form for creating accounts).

you can get an md5 hash of a string quickly and simply by using this code
Code:
$pwd = $_POST['password'];
$encpwd = md5(pwd);
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 07-06-2006, 12:35 AM   #4
Baseband Member
 
Join Date: Jan 2006
Posts: 23
Default Re: PHP, cookies, and users

Once again, thank you! The simplified code is far more efficient. But...I'm still having the same problem. For some reason the PHP can't pull the username for the code by the cookie I set. I can see the user name in the cookie so I know that that part of the cookie is being set, but why it's not working is just beyond me? The cookies don't have to be saved as seperate files do they?
blondegeek is offline   Reply With Quote
Old 07-06-2006, 05:19 AM   #5
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,004
Default Re: PHP, cookies, and users

I just realised that I made a mistake...
Code:
if ($user = $db_user2 and $pass = $db_pass2) 
        { 
            //if user is already logged in or just logging in set cookie to expire (time from last action).
            setcookie("user", "$PHP_AUTH_USER", time()+3600); 
            setcookie("password", "$PHP_AUTH_PW", time()+3600); 
            //set auth to true
            $auth = true; 
        }
should be

Code:
if (($user = $db_user2)&&($pass = $db_pass2)) 
        { 
            //if user is already logged in or just logging in set cookie to expire (time from last action).
            setcookie("user", "$user", time()+3600); 
            setcookie("password", "$pass", time()+3600); 
            //set auth to true
            $auth = true; 
        }
but in the event that that doesn't work.

try this cookie code...

at the very top of the file (before anything else) write
Code:
ob_start();
then to create the cookies use this code
[code]
setcookie("blondegeek1", $user);
setcookie("blondegeek2", $pass);
[code]

the check the variables in the cookies using this code

Code:
$user = @$_COOKIE["blondegeek1"];
$pass = @$_COOKIE["blondegeek2"];
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 07-06-2006, 12:47 PM   #6
Baseband Member
 
Join Date: Jan 2006
Posts: 23
Default Re: PHP, cookies, and users

Here's where the problem actually was. I can't believe I missed it.

This was the database query:
Code:
$sql = "SELECT * FROM `stock_user` WHERE `username` = '".$PHP_AUTH_USER."' AND `password` = '".$PHP_AUTH_PW."'";
and it needed to be
Code:
        $sql = "SELECT * FROM `stock_user` WHERE `username` = '".$user."' AND `password` = '".$pass."'";
Its always the small things that get me. Thanks again!
__________________

blondegeek is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 06:28 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0