Search the Community

there is a function isadministrator() in an includes file which checks for the existence of a certain cookie, yet in the footer there are exceptions in his logic for the login and logout page. can someone please go over with me why its not working on these two pages: on login.php : basically when the pass and user is correct the server sends a cookie to the client but its not available to be read right away unless you refresh the page? on logout,php: destroys the cookie by setting it to false and its time in the past… so then why wouldnt isadministrator work? why does the browser still think the cookie exists? is this the same reason as on login.php page?

Chapter 13 page 421 creating a receipt page.... Wondering if anyone else had this issue or if anyone can recommend a work around... For the query to grab the order info .. this is not working "SHA1(email)=?".. I have echo out $email_hash and and I have echo out echo sha1(email address in the order)....they are the same... I am wondering if there is a mysqli issue when using sha1?

Hello All, Well I'm wrapping up the last part of this book and seem to have hit a roadblock. On the first Ch. 13 Pursue assignment that tells you to make the login form sticky, I can't seem to get it to work and I've been able to get all of the previous ones pretty quickly. I know it'll probably be something that makes me feel silly after I figure it out, but after 2 hours of mixing and rearranging code, I keep coming back to the same thing and get somewhat similar results each time. Aside from it not working properly, when I put my code in the value attribute, it shows up as code in the actual form the first and every time after you reload the page. Here is my code and any help is appreciated: <?php // Script 13.5 - login.php /* This page lets people log into the site. */ // Set two variables with default values: $loggedin = false; $error = false; // Check if the form has been submitted: if($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form: if(!empty($_POST['email']) && !empty($_POST['password'])) { if ( (strtolower($_POST['email']) == 'me@example.com') && ($_POST['password'] == 'testpass') ) { // Correct! // Create the Cookie setcookie('Samuel', 'Clemens', time()+3600); // Indicate they are logged in: $loggedin = true; } else { // Incorrect! $error = 'The submitted email address and password do not match those on file!'; } } else { // Forgot a field. $error = 'Please make sure you enter both an email address and a password!'; } } // Set the page title and include the header file: define('TITLE', 'Login'); include('templates/header.html'); // Print an error if one exists: if ($error) { print '<p class="error">' . $error . '</p>'; } // Indicate the user is logged in, or show the form: if($loggedin) { print '<p>You are now logged in!</p>'; } else { print '<h2>Login Form</h2> <form action="login.php" method="post"> <p><label>Email Address <input type="text" name="email" value="<?php if(isset($_POST[\'email\'])){ print htmlspecialchars($_POST[\'email\']); } ?>"/></label></p> <p><label>Password <input type="password" name="password" /></label></p> <p><input type="submit" name="submit" value="Log In!" /></p> </form>'; } include('templates/footer.html'); // Need the footer. ?> I've tried messing around with the red code all sorts of ways and get different results each time. If I don't escape the post values for email then I get a unexpected 'email'(T_STRING) error. I have a feeling it has something to do with the quotes and for the fact that the form is still within php already but can't quite grasp it yet. Please help! Scatz

In the Chapter 13 web app, cookies are used to verify if a person has administrator access. It seems that using a cookie is similar to a password in the way that in the book, Larry says to set a cookie with sort of a random name and value. For instance, don't set a cookie with the name of 'login' and the value of 'true' (instead a cookie named Samuel is set with a value of Clemens). But, because cookies are easily viewed once they are set, for example using firebug on firefox, it seems like this is not the best method for veirifying who has access to a site and who doesn't. For example. Lets say someone signs up for a username and password on my site, I grant that person permission to my site and set a cookie named Samuel with a value of Clemens. But lets say for some reason in the future I choose to deny that user access to my site. If while he had access to my site, he happened to check the name and value of the cookie, that person after he looses access to my site could easily create a cookie himself named Samuel with a value of Clemens. Then what? Is this the method that websites actually use to verify login credentials? (obviously I know this is a beginner book and there is probably much more to it than this, but I was wondering if this was an easy way to mimic a login example, or if some form of this method is used in professional sites.)