Search the Community

On page 516 script 16.9: Line 20: setcookie (session .... //DESTROYS COOKIE This line destroys a cookie set earlier (that was set in login.php? or in the Header?) However I cannot find the corresponding cookie that was set. The value, i see, is PHPSESSID thank you Also, is it always necessary to set a cookie when using a Session?

Hello, I'm editing my previous post. Still much to learn in this chapter, but making my way through it. I was having a difficult time connecting each of the individual pages (e.g., login_page.inc.php, login.php, etc.). Great book though. K

Probably a very silly question to a knowledgeable person, but still: I know nothing should be sent to a browser before header() is sent there. I also know that nothing should be sent to a browser before a cookie is set. What if I need a header AND a cookie on the same page? Would they interfere with each other? Should a cookie be set before a header, or vice versa? Thanks in advance for your help!

I had some trouble with the steps on pages 366-367 when setting cookies. What was happening ( I think ) is that the following code (step 7 & 8) was looking for the id of the target: var target = e.target || e.srcElement; //The timer code here didn't effect my results, but was sitting between the problematic code var expire = new Date(); expire.setDate(expire.getDate() + 7); COOKIE.setCookie('theme', target.id, expire); setTheme(target.id); However if a cookie was already set, and you use getCookie('theme') to retrieve it, your value is a string. So the fix I came up with was to use and IF and ELSE: var expire = new Date(); expire.setDate(expire.getDate() + 7); if (typeof e == ‘string’) { COOKIE.setCookie(‘theme’, e, expire); setTheme(e); } else { var target = e.target || e.srcElement; COOKIE.setCookie(‘theme’, target.id, expire); setTheme(target.id); } This got my page to work, meaning that I could switch between the Themes, close my browser, and then see the last Theme used. Otherwise, you could still alternate between the two Themes when the the window was open, but it would not be retrieved properly. I wanted to know if there was a better way to work around this? Using (typeof e == 'string') worked out in this scenario, but as a rookie I'm not 100% confident in this fix. Also, since nobody else has brought this up, I wanted to make sure I didn't miss or screw up somewhere along the way. Sometimes obvious mistakes are preventing my code from working in the first place. Thanks!

In the Chapter 13 web app, cookies are used to verify if a person has administrator access. It seems that using a cookie is similar to a password in the way that in the book, Larry says to set a cookie with sort of a random name and value. For instance, don't set a cookie with the name of 'login' and the value of 'true' (instead a cookie named Samuel is set with a value of Clemens). But, because cookies are easily viewed once they are set, for example using firebug on firefox, it seems like this is not the best method for veirifying who has access to a site and who doesn't. For example. Lets say someone signs up for a username and password on my site, I grant that person permission to my site and set a cookie named Samuel with a value of Clemens. But lets say for some reason in the future I choose to deny that user access to my site. If while he had access to my site, he happened to check the name and value of the cookie, that person after he looses access to my site could easily create a cookie himself named Samuel with a value of Clemens. Then what? Is this the method that websites actually use to verify login credentials? (obviously I know this is a beginner book and there is probably much more to it than this, but I was wondering if this was an easy way to mimic a login example, or if some form of this method is used in professional sites.)

I am having trouble getting my scripts to work when it coes to sessions without cookies. I have amended the login.php script as per the book and then amended the remaining scripts header.html, loggedin.php and logout.php as described in the book but find when entering a valid email address and password I am returned straight to the index.php page. Please can you assist me in understanding what I am doing wrong, I have been trying to work through it and resolve it my self for the last 2 days. I have MySQL Server 5.5, php 5.3.6 and Windows 7 Home 64bit running on my own computer using the localhost server. Please find attached my scripts. Login.php <?php # Script 9.16 - login.php // Send nothing to the browser before session_start() line! // Check if the form has been submitted. if (isset($_POST['submitted'])) { require_once ('../secure/mysql_connect.php'); // Connect to the db. $errors = array(); // Initialise error array. // Check for an email address. if (empty($_POST['email'])) { $errors[] = 'You forgot to enter an email address.'; } else { $e = escape_data($_POST['email']); } // Check for a password. if (empty($_POST['password'])) { $errors[] = 'You forgot to enter a password.'; } else { $p = escape_data($_POST['password']); } if (empty($errors)) { // If everything is OK. /* Retrieve the user_id and first name for the email/password combination */ $query = "SELECT user_id, first_name FROM users WHERE email='$e' AND password=SHA('$p')"; $result = @mysql_query($query); // Run the query. $row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable. if ($row) { // A record was pulled from the database. // Set the session data and redirect. session_name ('YourVisitID'); ini_set('session.use_cookies', 0); // Don't use cookies. session_start(); $_SESSION['user_id'] = $row[0]; $_SESSION['first_name'] = $row[1]; // Redirect the user to the loggedin.php page. // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) { $url = substr($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/loggedin.php?' . SID; // Add the session name & ID. header("Location: $url"); exit(); // Quit the script. } else { // No record matched the query. $errors[] = 'The email address and password entered do not match those on file.'; // Public message. $errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message. } } // End of if(empty($errors)) if. mysql_close(); // Close the database connection. } else { // Form has not been submitted. $errors = NULL; } // End of main submit conditional. // Begin the page now. $page_title = 'Login'; include('./includes/header.html'); if (!empty($errors)) { // Print any error messages. echo '<h1 id="mainhead">Error!</h1> <p class="error">The following error(s) occurred:<br />'; foreach ($errors as $msg) { // Print each error. echo "- $msg<br />\n"; } echo '</p><p>Please try again.</p>'; } // Create the form. ?> <h2>Login</h2> <form action="login.php" method="post"> <p>Email Address: <input type="text" name="email" size="20" maxlenght="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></p> <p>Password: <input type="password" name="password" size="20" maxlength="20"/></p> <p><input type="submit" name="submit" value="Login"/></p> <p><input type="hidden" name="submitted" value="TRUE"/> </form> <?php include ('./includes/footer.html'); ?> Header.html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR...ransitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title><?php echo $page_title; ?></title> <style type="text/css" media ="all">@import "./includes/layout.css";</style> </head> <body> <div id="wrapper"><!-- Goes with the CSS layout. --> <div id="content"><!-- Goes with the CSS layout. --> <div id="nav"><!-- Links section --> <h3>Menu</h3> <ul> <li class="navtop"><a href="index.php?<?php SID; ?>" title="Go to Home Page">Home</a></li> <li><a href="register.php" title="Register?<?php SID; ?>">Register</a></li> <li><?php // Create a login/logout link. if ((isset($_SESSION['user_id'])) && (!strpos($_SERVER['PHP_SELF'], 'logout.php'))) { echo '<a href="logout.php?<?php SID; ?>" title="Logout">Logout</a>'; } else { echo '<a href="login.php?<?php SID; ?>" title="Login">Login</a>'; } ?></li> </ul> </div> <!-- Script 9.8 - header.html --> <!-- Start of page specific content --> Loggedin.php <?php # Script 9.17 - loggedin.php # User is redirected here from login.php. session_name ('YourVisitID'); ini_set('session.use_cookies', 0); session_start(); // Start the session. // If no session value is present redirect the user. if(!isset($_SESSION['user_id'])) { // Start defining the url. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) =='\\')) { $url = substr($urll, 0, -1); // Chop off the slash. } $url .= '/index.php'; // Add the page. header ("Location: $url"); exit(); // Quit the script. } // Set the page title and include the HTML header. $page_title = 'Logged In!'; include ('./includes/header.html'); // Print a customised message. echo "<h1>Logged In!</h1> <p>You are now logged in, {$_SESSION['first_name']}!</p> <p><br /><br /></p>"; include ('./includes/footer.html'); ?> logout.php <?php # Script 9.18 - logout.php // This page lets the user log out. session_name('YourVisitID'); ini_set('session.use_cookies', 0); session_start(); // Access the existing session. // If no cookie is present, redirect the user. if(!isset($_SESSION['user_id'])) { //Start defining the url. $url = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) { $url = substr($url, 0, -1); // Chop of the slash. } $url .= '/index.php'; // Add the page. header("Location, $url"); exit(); } else { // Cancell the session. $_SESSION = array(); // Destroy the variables. session_destroy(); // Destroy the session itself. } // Set the page title and include the HTML header. $page_title = 'Logged Out!'; include ('./includes/header.html'); // Print a customised message. echo "<h1>Logged Out!</h1> <p>You are now logged out!</p> <p><br /><br /></p>"; include ('./includes/footer.html'); ?>