|
-
Jul 29th, 2003, 10:14 AM
#1
Thread Starter
Lively Member
cookies...[RESOLVED thanks]
hello,
I need to make a login page.
back when I used to program in ASP I was reading the username and pasword comparing it to thr one in the databse and if it was correct then I sould setup a cookie with a TRUE value and then in each page I would have check if the cookie exist and if so I would have know that the user is still loged.
when the user closes the browzer the cookie vanished. and the session is over.
so why am I telling you all this?
because in PHP I cannot do that... it tells me to put the SetCookie() function on top of the page so I cannot check the database before puting the cookie...
what can I do?
I hope the question is clear...
thanks
Last edited by yair24; Jul 31st, 2003 at 03:58 AM.
-
Jul 29th, 2003, 02:26 PM
#2
Stuck in the 80s
You can check the database before setting the cookie. You just can't send any output to the browser before setting the cookie.
You could have 200 lines of code before setcookie(), just as long as no output has been sent to the browser.
Which means no echo statements, no HTML before the <?php, no blank lines before the <?php, etc.
-
Jul 30th, 2003, 01:43 AM
#3
Thread Starter
Lively Member
ok but please answer this:
can I make output in an "if" statement before setting the cookie?
for example: (pseudo code)
if (username != username in databease or password != assword in database)
{
echo "wrong password"
}
else
{
setcookie();
}
is this fine?
-
Jul 30th, 2003, 01:18 PM
#4
Stuck in the 80s
Yes, as the echo statement would not have been called if setcookie is being called. That is perfectly fine.
-
Jul 31st, 2003, 01:38 AM
#5
How do you know that the cookie vanishes? I could probably set the cookie manually by editing the cookie file and login to your page without a user name or password.
All the buzzt
 CornedBee
"Writing specifications is like writing a novel. Writing code is like writing poetry."
- Anonymous, published by Raymond Chen
Don't PM me with your problems, I scan most of the forums daily. If you do PM me, I will not answer your question.
-
Jul 31st, 2003, 03:27 AM
#6
Thread Starter
Lively Member
so the corect way of doing this is ...
Originally posted by CornedBee
How do you know that the cookie vanishes? I could probably set the cookie manually by editing the cookie file and login to your page without a user name or password.
so the corect way to do it is using sessions?
-
Jul 31st, 2003, 03:50 AM
#7
Something that cannot be faked. A session id is ok.
All the buzzt
CornedBee
"Writing specifications is like writing a novel. Writing code is like writing poetry."
- Anonymous, published by Raymond Chen
Don't PM me with your problems, I scan most of the forums daily. If you do PM me, I will not answer your question.
-
Aug 1st, 2003, 02:24 PM
#8
Stuck in the 80s
I think it would be better to store an encrypted password and username in the cookie rather than a true value.
That way, when a user navigates to the page, the page can check the value of the $_COOKIE['username'] and the $_COOKIE['password'] and compare them to the database.
If the cookies contain invalid data, it will show a login. If they have valid data, it will show the page.
And of course, if the cookies do not exist, it will show a login page.
Code:
if (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
//check to see if a record exists with the encrypted password and user name
//if exists
//show page and renew the cookie's expiration date
//else
//clear the invalid cookies and show login
//end if
} else {
//show login
}
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
