Results 1 to 3 of 3

Thread: Cookie not created variable not passed to next page

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2006
    Posts
    352

    Cookie not created variable not passed to next page

    Hi am trying to make an auto login form. Once person signs up, he no longer needs to login and is automatically directed to his profile page thanks to a cookie storing his values.
    I have been working with two files. 1) Index and 2) Registration However even after a successful registration, when I refresh the "index page", I still get redirected to the "Registration Page" meaning neither the Cookie nor variable Im trying to pass onto another window aren't working. What might I be missing ? Thanks
    index.php
    PHP Code:
    <?php
    $cookie_name 
    $_POST['$name'];
    $cookie_value $_POST['$email'];
    setcookie($cookie_name$cookie_valuetime() + (86400 30), "/"); // 86400 = 1 day

    if(!isset($_COOKIE[$cookie_name])) {
         
    // echo "Cookie named '" . $cookie_name . "' is not set!";
          
    header('Location: registration.php');
    } else {
         
    header('Location: http://www.cnn.com');
    }
    ?>
    Registration.php
    PHP Code:
    <?php
    $name
    ="";
    $email="";
    $msg_to_user="";
    //$numsRows="";
    //$sql="";

    if ($_POST['name']!=""){
     include_once 
    "connect_to_mysql.php";
     
    $name$_POST['name'];
     
    $email$_POST['email'];
     
     
    $sql mysql_query("SELECT*FROM users WHERE email ='$email'");
     
    $numRows mysql_num_rows($sql);
     
    //echo $numRows;
     
     
    if(!$email) {
        
    $msg_to_user='Please input a Valid Email Address';
            }else if (
    $numRows 0){
        
    $msg_to_user='<br/></br><h4><font color= "FF0000">  Email is already in the system </font></h4>';
    } else {
        
    $sql_insert mysql_query("INSERT INTO users (name,email) VALUES('$name','$email')") or die (mysql_error());
        
    $msg_to_user='<br/></br><h4><font color= "FF0000">Thanks you have been added successfully</font></h4>';
        
    $cookie_name $_POST['$name'];
            
    $cookie_value $_POST['$email'];
    setcookie($cookie_name$cookie_valuetime() + (86400 30), "/"); // 86400 = 1 day
    //$name="";
    //$email="";

        
                                
    }
     
     
    }
    ?>
    Thanks

  2. #2
    WiggleWiggle dclamp's Avatar
    Join Date
    Aug 2006
    Posts
    3,529

    Re: Cookie not created variable not passed to next page

    There are several issues with your script, I am not really sure where to start.

    Your index page will create a new cookie every time its loaded with bogus post information, or no data if there is no post.

    Are you expecting POST data named "email" or are you trying to input their email address from a variable named "$email"? Same goes for "name" and "$name".

    Why are you setting a cookie on the index page?

    Cookie names really shouldn't be dynamic. I guess there really isn't a reason they cant, but typically you would call a cookie by what it contains "email" or "name" instead of naming the cookie by their email or their name, it doesnt really make sense logically.

    On the registration page, your code is vulnerable SQL injection since you are not sanitizing the input from the user in anyway. You can read up on SQL Injection here. Since you are using the deprecated mysql_ function, you will want to use mysql_real_escape_string() function to try and sanitize the user input. Ideally you should move to mysqli_ functions or PDO and use prepared statements to protect yourself from SQL Injection attacks.



    I am going to *try* to explain the best method for what you are doing and then you can try to replicated it.

    On the registration page, you want to create the user account and input the data into the database (ensuring you are not prone to sql injection).

    Once the information is validated and you are happy, you will set a cookie named "logged_in" with a value of true (Please note this is a very generic, unsafe way to do this. The more advanced way is to create some type of salt or personal key for the user to store in the cookie.).

    Then when the user navigates to a certain page (index.php) for example, the first thing the page does is checks to see if the user is logged in. using $_COOKIE['logged_in'], if it is set to true then they are logged in, move them to the home page. The correct way to do it is to check their "personal key" against some type of private key or salt that you have to ensure that the user that is logged in should be logged in and it is a true authentication and not someone hacking into their profile. You will also need to store what user is logged in in some type of cookie.

    As I am typing this I am realizing that is getting complicated and I am not very good at explaining secure authentication techniques.

    Try this, it might be a good place to start. http://www.wikihow.com/Create-a-Secu...-PHP-and-MySQL

  3. #3

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2006
    Posts
    352

    Re: Cookie not created variable not passed to next page

    Thanks for the reference. Thats exactly what I need,

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width