Re: [PHP] Setcookie()
On 12 Oct 2008, at 23:51, Micah Gersten wrote: The question is, why aren't you using a session variable instead of cookies? That's one of the greatest features of PHP. If you're able to use cookies instead of sessions, and the size of the data you're storing is fairly small, it's always better to use cookies. Sessions complicate scalability. Ben: The *only* restriction around use of setcookie is that there cannot be any *output* before it. You can have as much code as you want as long as it doesn't output anything. If your script outputs content before your business logic is done then (IMHO) it's wrong and needs to be rewritten anyway, regardless of the need to set a cookie. -Stut -- http://stut.net/ Ben Stones wrote: What I mean is I cannot use setcookie, I need to check if user credentials are correct first (which is BEFORE setcookie) and if so, set a cookie. I can't do that unless setcookie is first, but I need to check if the user credentials is correct. Furthermore I cannot use setcookie in the header as I want to display a message saying that they have successfully logged in in the correct area of my template. 2008/10/11 Per Jessen [EMAIL PROTECTED] Ben Stones wrote: I'm using cookies for my website script and upon users logging in a cookie is set. Problem for me is that the cookie doesn't work due to headers already sent. Is there anyway of fixing this because, there is no possible way of adding setcookie() to the top of the PHP file when the cookie is holding the username from the POSTed form. This must be a self imposed restriction on your side, coz' otherwise I see no problem. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie()
Hi, My problem was a headers already sent error, which I fixed by redirecting the form POST to a seperate file instead of the same login.php. Thanks for all your help! 2008/10/13 Stut [EMAIL PROTECTED] On 12 Oct 2008, at 23:51, Micah Gersten wrote: The question is, why aren't you using a session variable instead of cookies? That's one of the greatest features of PHP. If you're able to use cookies instead of sessions, and the size of the data you're storing is fairly small, it's always better to use cookies. Sessions complicate scalability. Ben: The *only* restriction around use of setcookie is that there cannot be any *output* before it. You can have as much code as you want as long as it doesn't output anything. If your script outputs content before your business logic is done then (IMHO) it's wrong and needs to be rewritten anyway, regardless of the need to set a cookie. -Stut -- http://stut.net/ Ben Stones wrote: What I mean is I cannot use setcookie, I need to check if user credentials are correct first (which is BEFORE setcookie) and if so, set a cookie. I can't do that unless setcookie is first, but I need to check if the user credentials is correct. Furthermore I cannot use setcookie in the header as I want to display a message saying that they have successfully logged in in the correct area of my template. 2008/10/11 Per Jessen [EMAIL PROTECTED] Ben Stones wrote: I'm using cookies for my website script and upon users logging in a cookie is set. Problem for me is that the cookie doesn't work due to headers already sent. Is there anyway of fixing this because, there is no possible way of adding setcookie() to the top of the PHP file when the cookie is holding the username from the POSTed form. This must be a self imposed restriction on your side, coz' otherwise I see no problem. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie()
On Sat, Oct 11, 2008 at 12:33 PM, Per Jessen [EMAIL PROTECTED] wrote: Ben Stones wrote: What I mean is I cannot use setcookie, I need to check if user credentials are correct first (which is BEFORE setcookie) and if so, set a cookie. I can't do that unless setcookie is first, but I need to check if the user credentials is correct. Furthermore I cannot use setcookie in the header as I want to display a message saying that they have successfully logged in in the correct area of my template. Well, I'm doing exactly that and it works just fine. This is a rough outline of the flow: GET login page (form with user and password fields) POST login page validate user+password, save in session setcookie(). redirect with 303 to welcome page GET welcome page /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Its likely just a little html or a blank line that is setting the headers before you are attempting to set the cookie -- Bastien Cat, the other other white meat
Re: [PHP] Setcookie()
The question is, why aren't you using a session variable instead of cookies? That's one of the greatest features of PHP. Thank you, Micah Gersten onShore Networks Internal Developer http://www.onshore.com Ben Stones wrote: What I mean is I cannot use setcookie, I need to check if user credentials are correct first (which is BEFORE setcookie) and if so, set a cookie. I can't do that unless setcookie is first, but I need to check if the user credentials is correct. Furthermore I cannot use setcookie in the header as I want to display a message saying that they have successfully logged in in the correct area of my template. 2008/10/11 Per Jessen [EMAIL PROTECTED] Ben Stones wrote: I'm using cookies for my website script and upon users logging in a cookie is set. Problem for me is that the cookie doesn't work due to headers already sent. Is there anyway of fixing this because, there is no possible way of adding setcookie() to the top of the PHP file when the cookie is holding the username from the POSTed form. This must be a self imposed restriction on your side, coz' otherwise I see no problem. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Setcookie()
Hi, I'm using cookies for my website script and upon users logging in a cookie is set. Problem for me is that the cookie doesn't work due to headers already sent. Is there anyway of fixing this because, there is no possible way of adding setcookie() to the top of the PHP file when the cookie is holding the username from the POSTed form. Any help appreciated.
Re: [PHP] Setcookie()
Ben Stones wrote: I'm using cookies for my website script and upon users logging in a cookie is set. Problem for me is that the cookie doesn't work due to headers already sent. Is there anyway of fixing this because, there is no possible way of adding setcookie() to the top of the PHP file when the cookie is holding the username from the POSTed form. This must be a self imposed restriction on your side, coz' otherwise I see no problem. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie()
What I mean is I cannot use setcookie, I need to check if user credentials are correct first (which is BEFORE setcookie) and if so, set a cookie. I can't do that unless setcookie is first, but I need to check if the user credentials is correct. Furthermore I cannot use setcookie in the header as I want to display a message saying that they have successfully logged in in the correct area of my template. 2008/10/11 Per Jessen [EMAIL PROTECTED] Ben Stones wrote: I'm using cookies for my website script and upon users logging in a cookie is set. Problem for me is that the cookie doesn't work due to headers already sent. Is there anyway of fixing this because, there is no possible way of adding setcookie() to the top of the PHP file when the cookie is holding the username from the POSTed form. This must be a self imposed restriction on your side, coz' otherwise I see no problem. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie()
Ben Stones wrote: What I mean is I cannot use setcookie, I need to check if user credentials are correct first (which is BEFORE setcookie) and if so, set a cookie. I can't do that unless setcookie is first, but I need to check if the user credentials is correct. Furthermore I cannot use setcookie in the header as I want to display a message saying that they have successfully logged in in the correct area of my template. Well, I'm doing exactly that and it works just fine. This is a rough outline of the flow: GET login page (form with user and password fields) POST login page validate user+password, save in session setcookie(). redirect with 303 to welcome page GET welcome page /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by
(output started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in /
Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any
help you could give me would be much appreciated.
Tim
Re: [PHP] setcookie
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
from the doc:
Cookies are part of the HTTP header, so setcookie() must be called before
any output is sent to the browser. This is the same limitation that header()
has.
http://ca.php.net/cookies
- Original Message
From: Tim Daff [EMAIL PROTECTED]
To: php-general@lists.php.net
Sent: Wednesday, March 12, 2008 8:48:59 AM
Subject: [PHP] setcookie
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by
(output started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in /
Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any
help you could give me would be much appreciated.
Tim
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] setcookie
On Wed, 12 Mar 2008, Tim Daff wrote:
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45,
time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by (output
started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in
/Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any help you
could give me would be much appreciated.
Tim
setcookie from php.net states the following:
setcookie() defines a cookie to be sent along with the rest of the HTTP
headers. Like other headers, cookies must be sent before any output from
your script (this is a protocol restriction). This requires that you place
calls to this function prior to any output, including html and head
tags as well as any whitespace
call setcookie before you output ANY THING, even error
hope that helps.
t. hiep
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie
Thank's for your help Zareef, Hiep, Shiplu and Jean-Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
Firefox is returning this error: Warning: Cannot modify header information - headers already sent by (output started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in /Users/Daff/Sites/php_sandbox/cookies.php on line 7 You must use set cookie() before you send any output to the browser, including whitespace. -- Richard Heyes Employ me: http://www.phpguru.org/cv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
Tim Daff wrote:
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by
(output started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in
/Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any help
you could give me would be much appreciated.
Tim
?php setcookie('test', 45, time()+(60*60*24*7)); ?
html
head
titleCookies/title
/head
body
/body
/html
Cookies HAVE to be at the top of the page... You output ANYTHING else
and you get the error you wound up getting.
Wolf
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
Even you cant put a space before ?php tag.
the following code will throw the same error.
| ?php
| setcookie();
| ?
Because I prepend a space for each line
But this will be okay
|?php
| setcookie();
| ?
This is a very common mistake and very very hard to find.
On Wed, Mar 12, 2008 at 7:53 AM, Jean-Christophe Roux [EMAIL PROTECTED]
wrote:
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
from the doc:
Cookies are part of the HTTP header, so setcookie() must be called
before any output is sent to the browser. This is the same limitation
that header() has.
http://ca.php.net/cookies
- Original Message
From: Tim Daff [EMAIL PROTECTED]
To: php-general@lists.php.net
Sent: Wednesday, March 12, 2008 8:48:59 AM
Subject: [PHP] setcookie
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by
(output started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in /
Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any
help you could give me would be much appreciated.
Tim
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: [PHP] setcookie
Wolf wrote:
Tim Daff wrote:
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45, time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by
(output started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in
/Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any
help you could give me would be much appreciated.
Tim
?php setcookie('test', 45, time()+(60*60*24*7)); ?
html
head
titleCookies/title
/head
body
/body
/html
Cookies HAVE to be at the top of the page... You output ANYTHING else
and you get the error you wound up getting.
Wolf
If you're not sure if data has already been sent to the client (I ran
into an included file having a space after ?) you can use
http://us3.php.net/manual/en/function.headers-sent.php before you call
setcookie();
If nothing else it'll help with diagnosing this error when you run into
it again.
--
Ray Hauge
www.primateapplications.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
As a dirty trick you can put following line on the top of your script,
it will work
ob_start();
But you should try to know why it is not working, and what exactly
ob_start will impact your application and What is the thing called
Output Buffering.
Zareef Ahmed
On 3/12/08, Hiep Nguyen [EMAIL PROTECTED] wrote:
On Wed, 12 Mar 2008, Tim Daff wrote:
Hi,
I am learning PHP, I am trying to set a simple cookie:
html
head
titleCookies/title
/head
body
?php setcookie('test', 45,
time()+(60*60*24*7)); ?
/body
/html
Firefox is returning this error:
Warning: Cannot modify header information - headers already sent by
(output
started at /Users/Daff/Sites/php_sandbox/cookies.php:7) in
/Users/Daff/Sites/php_sandbox/cookies.php on line 7
I have googled this and can't find out what I am doing wrong. Any help
you
could give me would be much appreciated.
Tim
setcookie from php.net states the following:
setcookie() defines a cookie to be sent along with the rest of the HTTP
headers. Like other headers, cookies must be sent before any output from
your script (this is a protocol restriction). This requires that you place
calls to this function prior to any output, including html and head
tags as well as any whitespace
call setcookie before you output ANY THING, even error
hope that helps.
t. hiep
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Zareef Ahmed
http://www.zareef.net
A PHP Developer in India
RE: [PHP] SETCOOKIE
On Sun, August 13, 2006 2:20 am, Peter Lauri wrote: [snip] On Sat, August 12, 2006 8:00 am, Peter Lauri wrote: When you just use time() you tell the cookie to just live until now, so it dies directly. You have to add some seconds to determine how long the cookie will live. Unfortunately, no... The above solution relies on the USER computer clock being set correctly. [/snip] This is interesting. Because you set the time as the Server time, it will then just assume that the time is the same. However, is the system not that smart that it do translate the time when being sent (timestamp and expire time sent the same way, or just the number of seconds that the cookie will be alive from. If this is correct, what will happen if the server is in a different time zone? The time is GMT, so if everybody's computer clock is set correctly, and their BIOS setting for UTC versus GMT or whatever is correct, and ... So, pretty much, it's not something you want to rely on for short time periods... Probably better to set a very long expiration (2 years is max guaranteed to work by spec) and then manage all the expiration issues on the server, using the server clock, which should be self-consistent, if not correct. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SETCOOKIE
[snip] On Sat, August 12, 2006 8:00 am, Peter Lauri wrote: When you just use time() you tell the cookie to just live until now, so it dies directly. You have to add some seconds to determine how long the cookie will live. Unfortunately, no... The above solution relies on the USER computer clock being set correctly. [/snip] This is interesting. Because you set the time as the Server time, it will then just assume that the time is the same. However, is the system not that smart that it do translate the time when being sent (timestamp and expire time sent the same way, or just the number of seconds that the cookie will be alive from. If this is correct, what will happen if the server is in a different time zone? Best regards, Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SETCOOKIE
Hi List, I want to set the cookie in which that cookie would be deleted automatically as visitor closes the browser. I have read an article from www.php.net/manual/en/function.setcookie and it is told me that we can set that cookie by unset the value time, but it doesn't work. Example: Setcookie($var, $value, time(), $path, $domain, $secure_binary); time() = without adding. Any one can tell me the other way .. Thank in advance. Best Regards BBC **o0o** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SETCOOKIE
When you just use time() you tell the cookie to just live until now, so it dies directly. You have to add some seconds to determine how long the cookie will live. /Peter -Original Message- From: BBC [mailto:[EMAIL PROTECTED] Sent: Saturday, August 12, 2006 7:48 PM To: PHP Subject: [PHP] SETCOOKIE Hi List, I want to set the cookie in which that cookie would be deleted automatically as visitor closes the browser. I have read an article from www.php.net/manual/en/function.setcookie and it is told me that we can set that cookie by unset the value time, but it doesn't work. Example: Setcookie($var, $value, time(), $path, $domain, $secure_binary); time() = without adding. Any one can tell me the other way .. Thank in advance. Best Regards BBC **o0o** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SETCOOKIE
Peter Lauri wrote: When you just use time() you tell the cookie to just live until now, so it dies directly. You have to add some seconds to determine how long the cookie will live. /Peter -Original Message- From: BBC [mailto:[EMAIL PROTECTED] Sent: Saturday, August 12, 2006 7:48 PM To: PHP Subject: [PHP] SETCOOKIE Hi List, I want to set the cookie in which that cookie would be deleted automatically as visitor closes the browser. I have read an article from www.php.net/manual/en/function.setcookie and it is told me that we can set that cookie by unset the value time, but it doesn't work. Example: Setcookie($var, $value, time(), $path, $domain, $secure_binary); time() = without adding. Any one can tell me the other way .. Thank in advance. Best Regards BBC **o0o** Try replacing time() with simply so it is not set. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] SETCOOKIE
On Sat, August 12, 2006 8:00 am, Peter Lauri wrote: When you just use time() you tell the cookie to just live until now, so it dies directly. You have to add some seconds to determine how long the cookie will live. Unfortunately, no... The above solution relies on the USER computer clock being set correctly. And while it might mostly kinda sorta usually work, that's not really super reliable. Using 0 for the time, however, is HTTP Spec for session cookie which means the cookie will disappear when the browser is quit. Note that stupidity on the part of MS engineers makes the path parameter required when you include the time parameter. I.e., the cookie spec was implemented not as: setcookie(var, value, [time], [path], ...) but was instead implemented as: setcookie(var, value, [time, path], ...) The inclusing of time requires the inclusion of path The path of / should work the same as the intended default behaviour. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie security concerns
If this is the value directly from the cookie, it's an example of a
cross-site scripting (XSS) vulnerability.
header(Location: $HTTP_REFERER);
This is an HTTP response splitting vulnerability, because the Referer
header (like the Cookie header) is provided by the client. Future
versions of PHP will not allow more than one header per header() call,
but this has been possible until now.
3. If so, what do I do to correct this?
Don't trust any input without inspecting it first. In your case, this
is particularly easy, because you can just make sure that the value is
one of the few valid values.
Hope that helps.
Chris
Chris:
Yes, it helps and I thank you for your comments.
Your question: It's not entirely clear from this example, but am I
correct in assuming that $thestyle is the same as $_COOKIE['thestyle']
in this case? In other words, are you relying on register_globals or
assigning the value yourself?
The example is here:
http://www.sperling.com/examples/styleswitch/
The complete php code (i.e., switch.php) is:
?php
setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
header(Location: $HTTP_REFERER);
?
And the value is assigned by the user via a click:
a href=switch.php?set=style2Green/a or a
href=switch.php?set=style1Red/a
And, the style sheet is determined by:
link rel=stylesheet type=text/css media=screen href=?php
echo(!$thestyle)?'style1':$thestyle ?.css
As such, I am expecting the user to provide the value of 'thestyle' via
his choice.
However, let's say a malicious user would try to do something -- what
could he actually do?
The user could insert arbitary HTML where you have the variable. For
example they could insert:
style1.cssscript language=JavaScript
type=text/JavaScript.../scriptmeta name=bye content=
This would allow them to run arbitary javascript on the clients computer.
An interesting question in this case is how to do an injection using
cookies, injection attacks are generally performed using post get data
as they can be inserted to a link on another page. Getting a working
exploit would probably come down to how the browser implemented the
cookie security; who can set cookies where.
Regardless, it's not worth the risk. Checking for valid values or using
htmlentities to make the variable safe is a quick and simple solution.
Getting into the practice of screening all user data either manually or
using the input_filter extension will also save you from these problems
in the future.
David
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie security concerns
An interesting question in this case is how to do an injection using cookies, injection attacks are generally performed using post get data as they can be inserted to a link on another page. Getting a working exploit would probably come down to how the browser implemented the cookie security; who can set cookies where. Regardless, it's not worth the risk. Checking for valid values or using htmlentities to make the variable safe is a quick and simple solution. Getting into the practice of screening all user data either manually or using the input_filter extension will also save you from these problems in the future. David David: I thank you for your explanation. I experienced an injection attack on a php-form I wrote/provided where someone entered an incomplete html tag that created problems for the form. So, I realize the potential, I just don't know the scope of those types of problems and that was one of the reasons why I asked about this specific cookie issue. What could a hacker do by injecting whatever into a cookie that resides client-side on his computer? tedd ps: With the form, I solved it by using htmlentities -- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie security concerns
Which someone could do this, is another question I have. The user? He's do
something to his own computer, no?
Gerry
On 3/14/06, tedd [EMAIL PROTECTED] wrote:
Hi:
I've been using a php style switcher allowing users to change css.
The code follows:
Within the head tags.
link rel=stylesheet type=text/css media=screen href=?php
echo (!$thestyle)?'style1':$thestyle ?.css
Within the body tags, allowing the user to select which style they want:
a href=switch.php?set=style2Green/a or a
href=switch.php?set=style1Red/a
And, the corresponding (switch.php) php code is:
?php
setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
header(Location: $HTTP_REFERER);
?
It's pretty simple. But recently, I had one person hammer me stating
it was a security problem because I didn't validate the user input.
As such, he says that someone could inject an arbitrary code and
cause problems.
1. Is he right?
2. How does that work?
3. If so, what do I do to correct this?
Many thanks for any replies.
tedd
--
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Gerry
http://portal.danen.org/
Re: [PHP] setcookie security concerns
tedd wrote: link rel=stylesheet type=text/css media=screen href=?php echo (!$thestyle)?'style1':$thestyle ?.css It's not entirely clear from this example, but am I correct in assuming that $thestyle is the same as $_COOKIE['thestyle'] in this case? In other words, are you relying on register_globals or assigning the value yourself? If this is the value directly from the cookie, it's an example of a cross-site scripting (XSS) vulnerability. header(Location: $HTTP_REFERER); This is an HTTP response splitting vulnerability, because the Referer header (like the Cookie header) is provided by the client. Future versions of PHP will not allow more than one header per header() call, but this has been possible until now. 1. Is he right? Yes, it seems so. 2. How does that work? The Cookie header is part of an HTTP request. This is sent by the client, and although the standard mechanism involves the client returning exactly what you requested (e.g., the value matches that of a previous Set-Cookie header), there's no guarantee that a malicious user would be as polite. 3. If so, what do I do to correct this? Don't trust any input without inspecting it first. In your case, this is particularly easy, because you can just make sure that the value is one of the few valid values. Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie security concerns
tedd wrote:
link rel=stylesheet type=text/css media=screen href=?php
echo (!$thestyle)?'style1':$thestyle ?.css
It's not entirely clear from this example, but am I correct in
assuming that $thestyle is the same as $_COOKIE['thestyle'] in this
case? In other words, are you relying on register_globals or
assigning the value yourself?
If this is the value directly from the cookie, it's an example of a
cross-site scripting (XSS) vulnerability.
header(Location: $HTTP_REFERER);
This is an HTTP response splitting vulnerability, because the
Referer header (like the Cookie header) is provided by the client.
Future versions of PHP will not allow more than one header per
header() call, but this has been possible until now.
1. Is he right?
Yes, it seems so.
2. How does that work?
The Cookie header is part of an HTTP request. This is sent by the
client, and although the standard mechanism involves the client
returning exactly what you requested (e.g., the value matches that
of a previous Set-Cookie header), there's no guarantee that a
malicious user would be as polite.
3. If so, what do I do to correct this?
Don't trust any input without inspecting it first. In your case,
this is particularly easy, because you can just make sure that the
value is one of the few valid values.
Hope that helps.
Chris
Chris:
Yes, it helps and I thank you for your comments.
Your question: It's not entirely clear from this example, but am I
correct in assuming that $thestyle is the same as
$_COOKIE['thestyle'] in this case? In other words, are you relying on
register_globals or assigning the value yourself?
The example is here:
http://www.sperling.com/examples/styleswitch/
The complete php code (i.e., switch.php) is:
?php
setcookie ('thestyle', $set, time()+31536000, '/', '', 0);
header(Location: $HTTP_REFERER);
?
And the value is assigned by the user via a click:
a href=switch.php?set=style2Green/a or a
href=switch.php?set=style1Red/a
And, the style sheet is determined by:
link rel=stylesheet type=text/css media=screen href=?php
echo(!$thestyle)?'style1':$thestyle ?.css
As such, I am expecting the user to provide the value of 'thestyle'
via his choice.
However, let's say a malicious user would try to do something -- what
could he actually do?
Please explain
Thanks again.
tedd
--
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie doesn't save session properly
I'm using setcookie($sessionName, $sessionid, time()+60*60*24*1, $sessionCookie['path'], $sessionCookie['domain'], $sessionCookie['secure']); to, obviously, store a session. The problem is that this always times out after 24 hours, and I can't figure out why. Is there something I'm missing? ie, perhaps this doesn't save a session itself, so the session still gets deleted. But then why does the session stick around for 24 hours even if the browser is closed? Sessions used to time out when the browser was closed before adding this. Also, I only use session_start() so perhaps I'm supposed to call session_id()? Thanks, Realm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie doesn't save session properly
I'm using setcookie($sessionName, $sessionid, time()+60*60*24*1, $sessionCookie['path'], $sessionCookie['domain'], $sessionCookie['secure']); to, obviously, store a session. Also, I only use session_start() so perhaps I'm supposed to call session_id()? I'm not sure why the cookie is being mis-saved, but sessions ARE supposed to save the cookies automatically. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie() is not my friend
I'm trying to setcookie('username',$username,15552000) but on
subsequent pages $_COOKIE('username') is always null.
I verified that I'm setting it before any other output is sent to the
browser. I verified that $username does have some valid contents. I
also verified that the browsers I'm testing are set to allow all
cookies. I do have a $username and a $_SESSION['username'] that
contain the same data.
I'm all out of ideas for where to look further to debug this - any
suggestions?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
I'm trying to setcookie('username',$username,15552000) but on
subsequent pages $_COOKIE('username') is always null.
I verified that I'm setting it before any other output is sent to
the browser. I verified that $username does have some valid
contents. I also verified that the browsers I'm testing are set to
allow all cookies. I do have a $username and a $_SESSION
['username'] that contain the same data.
Well, the stupid/obvious question is: are you checking $_COOKIE
('username') like you posted or $_COOKIE['username'], which is
syntactically correct?
Secondarily, have you set your browser to prompt you when a cookie is
sent and, if so, what happens?
Larry
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
Brian Dunning wrote:
I'm trying to setcookie('username',$username,15552000) but on
subsequent pages $_COOKIE('username') is always null.
snip
Is that just a typo? It should be $_COOKIE['username']
--
John C. Nichel
ÜberGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
On Oct 6, 2005, at 7:28 AM, John Nichel wrote: Is that just a typo? It should be $_COOKIE['username'] Oops, yes, that was my typo in the email - it is correctly $_COOKIE ['username'] in the code. Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
Unless I'm mistaken, you appear to be setting the Expiration date of the
cookie to Mon, 29 Jun 1970 17:00:00 -0700.
Which would cause the cookie to be unset, if it were already set, and do
nothing otherwise.
Chris
Brian Dunning wrote:
I'm trying to setcookie('username',$username,15552000) but on
subsequent pages $_COOKIE('username') is always null.
I verified that I'm setting it before any other output is sent to the
browser. I verified that $username does have some valid contents. I
also verified that the browsers I'm testing are set to allow all
cookies. I do have a $username and a $_SESSION['username'] that
contain the same data.
I'm all out of ideas for where to look further to debug this - any
suggestions?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
Good catch, Chris. I was wondering about that myself but hadn't taken the time
to see if setcookie() used regular serial time or if cookies had another time
standard.
echo date(m/d/Y h:i:s, 15552000);
06/29/1970 08:00:00
That's what I get.
-TG
= = = Original message = = =
Unless I'm mistaken, you appear to be setting the Expiration date of the
cookie to Mon, 29 Jun 1970 17:00:00 -0700.
Which would cause the cookie to be unset, if it were already set, and do
nothing otherwise.
Chris
Brian Dunning wrote:
I'm trying to setcookie('username',$username,15552000) but on
subsequent pages $_COOKIE('username') is always null.
I verified that I'm setting it before any other output is sent to the
browser. I verified that $username does have some valid contents. I
also verified that the browsers I'm testing are set to allow all
cookies. I do have a $username and a $_SESSION['username'] that
contain the same data.
I'm all out of ideas for where to look further to debug this - any
suggestions?
___
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
D'Oh! You guys are absolutely right. I was trying to go for 6 months, which works now if I say time()+15552000 instead of 15552000. And the documentation shows that exactly - apparently I read right over it, even though I studied it minutely before posting. Oh well...my wife would have the same complaint about me when I can't find the can opener when it's sitting in plain view. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() is not my friend
On Thu, October 6, 2005 9:11 am, Brian Dunning wrote:
I'm trying to setcookie('username',$username,15552000) but on
subsequent pages $_COOKIE('username') is always null.
I verified that I'm setting it before any other output is sent to the
browser. I verified that $username does have some valid contents. I
also verified that the browsers I'm testing are set to allow all
cookies. I do have a $username and a $_SESSION['username'] that
contain the same data.
I'm all out of ideas for where to look further to debug this - any
suggestions?
Some Ideas:
Internet Explorer, and those that mimic its broken behaviour, require
BOTH a time AND a directory (use '/') if you are going to provide a
time.
Is 15552000 sufficiently in the future to be valid? Use time() +
(60*60*24) to be SURE.
Or avoid both these issues, and leave out the time argument for now,
making it a session cookie, only valid as long as the browser stays
open.
DEFINITELY configure your browser to let you confirm cookies before
accepting them, so you'll know what the cookie is getting sent.
Windows XP with Service Pack 2 has made a nightmare out of cookies, by
default no longer accepting them -- And I THINK this changes based on
your adding that new goofy compact privacy policy header Microsoft
made up.
It's gotten to the point where I just don't care if IE works or not
for the parts of some of my sites that require member login from
people who need access, and I don't really care if I lose visitors or
not in that particular area. I just tell the users to switch
browsers, or live without the access they want. Works so far -- they
just switch to a better browser.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie ???
This doesn't set the cookie? Can you see why? I can't... $showbrowseteam = 'somejargon'; setcookie(showbrowseteam,$showbrowseteam,0,/); Thanks -will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie ???
On Apr 6, 2005 2:30 PM, William Stokes [EMAIL PROTECTED] wrote: This doesn't set the cookie? Can you see why? I can't... $showbrowseteam = 'somejargon'; setcookie(showbrowseteam,$showbrowseteam,0,/); Thanks -will -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php you've set the cookie time to 0... which is a very long time ago. setcookie(showbrowseteam,$showbroseteam, time()+time_in_seconds,/); hth
Re: [PHP] setcookie issue
John Hinton wrote: The thing is, on the next action switch print_r($_COOKIE); returns empty until I refresh the browser. So, thusly, the second page load brings in the cookies. $_COOKIES is a convenient array that contains the contents of the Cookie header, nicely parsed. Whenever you set a cookie, you're really adding a Set-Cookie header to the response. Thus, the browser has no way of knowing your intent until it receives the response. This data won't be in $_COOKIES until a subsequent request is made in which that cookie is included in the Cookie request header. This chapter of HTTP Developer's Handbook explains cookies: http://shiflett.org/books/http-developers-handbook/chapters/11 See Figure 11.3 for an illustration of the exchange I just described. Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie issue
Seems my old setcookie scripts are busted in php with globals off.
--begin code--
?
if(isset($_POST[tpassword]))
{
setcookie (writer, $_GET[twriter]);
setcookie (password, $_POST[tpassword]);
}
$action = $_REQUEST['action'];
define (Login, 0);
define (Entrance, 1);
define (Continue_Campaign, 2);
define (Finish_Campaign, 3);
# LOGIN PAGE
###
function login(){
include ('config.php');
$query = SELECT * FROM atable;
$result = mysql_db_query($DBName, $query, $Link) or
print (Query Failed);
printf (centerform METHOD=\post\
ENCTYPE=\multipart/form-data\ ACTION=\%s?action=%d\\n,
$PHP_SELF, Entrance);
echo tabletrtd\n;
echo Writer Name: /tdtdselect name=\twriter\ size=\0\
VALUE=\$writer\\n;
while ($row = mysql_fetch_array($result)) {
echo option value=\ . $row[0] . \ . $row[0] . \n;
}
echo /select;
echo /td/trtrtdPassword: /tdtdINPUT TYPE=password
NAME=\tpassword\ SIZE=10 VALUE=\$password\\n;
echo trtd colspan=\2\INPUT TYPE=\submit\ NAME=\button\
VALUE=\Enter Reporter Area\/td/tr;
echo /td/tr/table;
echo /center/form;
---end code-
When I run this, the cookies aren't transfered to the second action
switch on the first load, but if I hit reload, they appear. So, to the
user, they are presented with logging in twice unless they know this odd
trick.
Any ideas about how to make this work on the first time through? This is
driving me nuts on two sites at the moment.
Thanks,
John Hinton
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie issue
John Hinton wrote: Seems my old setcookie scripts are busted in php with globals off. Use $_COOKIES['name']. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie issue
Chris Shiflett wrote: John Hinton wrote: Seems my old setcookie scripts are busted in php with globals off. Use $_COOKIES['name']. Chris The thing is, on the next action switch print_r($_COOKIE); returns empty until I refresh the browser. So, thusly, the second page load brings in the cookies. And sorry about that $_GET I left in the earlier post. I was trying about anything to see if I was missing something totally. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie
setcookie( sess_key,$key,0,/,. . str_replace( www,,$_SERVER[SERVER_NAME] ),0 ); Does that look right? Thanks! Randy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
Randy Johnson wrote: setcookie( sess_key,$key,0,/,. . str_replace( www,,$_SERVER[SERVER_NAME] ),0 ); Does that look right? No. if $_SERVER[SERVER_NAME] == 'www.domain.com' . . str_replace(www,,$_SERVER[SERVER_NAME] ) will give you ..domain.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
ok I see how that could be an issue. Here is my big problem that I have not been able to figure out. I have a client website that I am trying to fix 1. it has sessions in database, and uses set cookie 2. I can login with firefox/netscape/mozilla just fine 3. I cannot login with any version of IE 4. this is also by going to domain.com or www.domain.com, neither work any ideas? Randy Marek Kilimajer wrote: Randy Johnson wrote: setcookie( sess_key,$key,0,/,. . str_replace( www,,$_SERVER[SERVER_NAME] ),0 ); Does that look right? No. if $_SERVER[SERVER_NAME] == 'www.domain.com' . . str_replace(www,,$_SERVER[SERVER_NAME] ) will give you ..domain.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie
The period was the issue all together, i took the extra out and it worked. Thanks for your help Randy Randy Johnson wrote: ok I see how that could be an issue. Here is my big problem that I have not been able to figure out. I have a client website that I am trying to fix 1. it has sessions in database, and uses set cookie 2. I can login with firefox/netscape/mozilla just fine 3. I cannot login with any version of IE 4. this is also by going to domain.com or www.domain.com, neither work any ideas? Randy Marek Kilimajer wrote: Randy Johnson wrote: setcookie( sess_key,$key,0,/,. . str_replace( www,,$_SERVER[SERVER_NAME] ),0 ); Does that look right? No. if $_SERVER[SERVER_NAME] == 'www.domain.com' . . str_replace(www,,$_SERVER[SERVER_NAME] ) will give you ..domain.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie command
Dear sir, When I use setcookie command I recieve the following message error: Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\wwwroot\test.php:9) in C:\Inetpub\wwwroot\test.php on line 15 WinXp - IE 6 On Localhost and Server Thanks Reza M. - Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term'
Re: [PHP] setcookie command
On Mon, 24 Jan 2005 07:24:19 -0800 (PST), Reza Milan [EMAIL PROTECTED] wrote: Dear sir, When I use setcookie command I recieve the following message error: Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\wwwroot\test.php:9) in C:\Inetpub\wwwroot\test.php on line 15 Do not set cookies after you have ouput anything, set them before. Or use the output buffering functions. -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie command
Reza Milan wrote: Dear sir, When I use setcookie command I recieve the following message error: Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\wwwroot\test.php:9) in C:\Inetpub\wwwroot\test.php on line 15 WinXp - IE 6 On Localhost and Server When a web page is sent from the web server to the browser, there are *TWO* distinct sections sent out. First, is the 'headers', which are called 'headers' because they come at the head (beginning) of the data. Then comes a blank line, to signify the END of headers. Finally, the 'body' comes out, which is what you see when you do View Source -- It's the actual HTML. Headers include meta-information such as the type of Content (text/html or image/jpeg or image/gif or ...) In your case, test.php has something on line 9 that is sending out some HTML (or blank lines or ...) Once that happens, PHP has to dump out all the headers collected so far, and then a blank line, and then start your content. If you try to set a cookie *AFTER* that, when the headers are already gone, and the blank line has gone out to signify the end of headers, IT'S TOO LATE. You have to re-arrange your code to get the Cookies and any other headers to happen *FIRST* and then your HTML after that. You can cheat and turn on output buffering, but that comes with its own performance penalties and issues. You'll probably have a cleaner, more clear, more easily maintained body of PHP code if you arrange your headers to come out first anyway. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Setcookie doenn't work
I've got this function in a class object, however the cookie does not
set even though £ok returns true !!! I've got cookies enables on all my
borswers (firefox, mozilla, opera , IE)..
any ideas !!
function updateClient($arr){
extract($arr);
//print_r($arr);
$sql = update clients set
name= '$name',pos = '$pos',company= '$company',
address='$address',postcode
='$postcode',email='$email',tel='$tel',affiliate=$affiliate,aff_stat_id
= $aff_stat_id ,
date_updated = now() , ip='$ip'
where client_id = $client_id
;
$this-query($sql);
$ok = setcookie(client_id, argh, 259300); //* expire in a month ish
//echo $sql.=$client_id.=$ok;
$_SESSION['client'] = $this-getClient($client_id);
return $client_id;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie doenn't work
$ok = setcookie(client_id, argh, 259300); //* expire in a month ish Nope, it expired a long time ago... :-) Read the manual for setcookie: http://php.libero.it/manual/en/function.setcookie.php (mainly the part about the expire parameter) HTH, cheers Silvio -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie doenn't work
doh!! ta ;-) S ilvio Porcellana wrote: $ok = setcookie(client_id, argh, 259300); //* expire in a month ish Nope, it expired a long time ago... :-) Read the manual for setcookie: http://php.libero.it/manual/en/function.setcookie.php (mainly the part about the expire parameter) HTH, cheers Silvio -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setcookie variable use issue after moving php app to di fferent server
Local/master both still show off. I tried using the .htaccess trick, and that did not work either. I have tried now to use the extract($_COOKIE) and extract($_POST) option in the scripts to get around this for now, which seems to be working, but I need to consequently do a lot of testing now to verify everything works. I just don't get what the problem is with this not working. David -Original Message- From: John Holmes [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 12:08 PM To: Shapiro, David; [EMAIL PROTECTED] Cc: Perry, Joe (ITCD) Subject: Re: [PHP] Setcookie variable use issue after moving php app to different server From: Shapiro, David [EMAIL PROTECTED] You certainly know your stuff. Unfortunatley, it says that is uses /etc/php.ini, which I did modify, but it also reports register_globals as still off too. It does show a scan dir for additional .ini files (/etc/php.d and additional ini files parsed as ldap.ini, mysql.ini, and odbc.ini too, but I don't think they would have anything to do with it. I'm stumped. Other than adding the entry and stop/starting apache, is there anything else I need to go? That should be all you have to do. Does it say that the local and master values are both OFF, still? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setcookie variable use issue after moving php app to di fferent server
Thanks for the info. I checked the file and it does not have much in it. I am working if I am not enabling this in php.ini correctly. I see [Security, Performance] list after the example. To enable, I just copied the example line, removed the [Security, Performance] stuff from the line, and set the value to equal On. Is this [Security, Performance] stuff actuall the name of the section that this option needs to be in--in that, do I need to do the following: [Security] register_globals = On And/or [Performance] register_globals = On -Original Message- From: Curt Zirzow [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 7:20 PM To: '[EMAIL PROTECTED]' Subject: Re: [PHP] Setcookie variable use issue after moving php app to di fferent server * Thus wrote Shapiro, David: You certainly know your stuff. Unfortunatley, it says that is uses /etc/php.ini, which I did modify, but it also reports register_globals as still off too. It does show a scan dir for additional .ini files (/etc/php.d and additional ini files parsed as ldap.ini, mysql.ini, and odbc.ini too, but I don't think they would have anything to do with it. I'm stumped. Other than adding the entry and stop/starting apache, is there anything else I need to go? this looks like a RH setup.. take a look in: /etc/httpd/conf.d/php.conf For any directives being set in there. The ini files in php.d/ usually simply have: extension=file.so Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Setcookie variable use issue after moving php app to different se rver
Hello,
We are trying to
move our php app to a different server. For some reason, when we type in
the login/password/account number info and click submit, it does not seem to set
the variables.
The webpage portion
that collects the login/password/account looks like the
following:
tr
tdbusername:/b/td
tdinput type="text"
name="UserName"
value="?php echo $UserName ?" maxlength=8
class="form_style"
/td
/tr
tr
tdbpassword:/b/td
tdinput type="password" name="Password"
class="form_style"/td
/tr
tr
td
colspan="2"
align="center"
font color='gray' size=1Username and Password are case
sensitive./font
/td
/tr
tr
td colspan="2" align="center"font color='red'?php echo
$status;
?/font/td
/tr
tr
td colspan="2"
align="right"
input type="submit" name="Submit" value=" Login "
style="font-weight:bold;"
/td
/tr
It looks like the
value= line for user name puts the text the user types into in the $UserName
variable (or is this setting a default value if $UserName
exists?).
The password line
does not have this. Either way, this setup works fine on the original
server.
At the top of the
index.php page, it then has php code like the following:
?php setcookie
("ccp_logged_in"); setcookie
("ccp_username"); setcookie
("ccp_uid"); setcookie
("ccp_fname"); setcookie
("ccp_lname"); setcookie
("ccp_access"); setcookie
("ccp_company"); setcookie
("ccp_account"); setcookie
("ccp_maccount"); setcookie
("ccp_master");
//Get Global Variable Settings
require("internet/include/global.php");
/
Open a Database connection to the MySQL
Database
/
if ($UserName !=
""){
$link = mysql_connect($SERVERNAME, $DB_USER,
$DB_PWD)
or die ("Could not
Connect");
mysql_select_db ($DB)
(code continues on
to validate user and then if approved, goes to another page called
page2.php)
Note: The submit
action is to go back to itself (index.php).
It never gets in
here as if $UserName is not set (at least that is what I think is going on
because if I put $UserName = someuser/$Password=password/$AccountNo=someacctno
just before the if...then statement, it validates and moves on to
page2.php). If I hardcode set these (which is not an option for use..just
for troubleshooting), it goes to page2.php, with the cookies, which I checked
with print_r option. However, it has a if ($ccs_logged_in = 1) check that
fails, even though the print_r shows it is set to 1 as if it is notusing
the cookie. I am fairly new to php, so I do not know if I am supposed to
capture the ccs_logged_in cookie value and assign it to $ccs_logged_in
variable. I am not doing this because, well, it is working as such on the
other server.
Can anybody please
help me understand what is goingon with these php
pages?
This electronic message transmission contains information from the
office of David Shapiro, ITC^DeltaCom, Inc., which may be confidential or
privileged. The information is intended to be for the use of the individual or
entity named above. If you are not the intended recipient, be aware that any
disclosure, copying, distribution or use of the contents of this information is
prohibited. If you have received this electronic transmission in error, please
notify us by telephone 1-919-865-6955 or by electronic mail [EMAIL PROTECTED]
immediately.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie variable use issue after moving php app to different server
From: Shapiro, David We are trying to move our php app to a different server. For some reason, when we type in the login/password/ account number info and click submit, it does not seem to set the variables. The magic 8-ball says register_globals is OFF on the new server... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie variable use issue after moving php app to different se rver
your message is multipart/alternative - please do not send them to
mailing lists.
your signatue should have '--' on a line before it's start.
you might want to read the newby guide and try again.
Shapiro, David wrote:
Hello,
We are trying to move our php app to a different server. For some
reason, when we type in the login/password/account number info and
click submit, it does not seem to set the variables.
The webpage portion that collects the login/password/account looks
like the following:
tr
tdbusername:/b/td
tdinput type=text
name=UserName
value=?php echo
$UserName ? maxlength=8 class=form_style
/td
/tr
tr
tdbpassword:/b/td
tdinput type=password
name=Password class=form_style/td
/tr
tr
td colspan=2
align=center
font color='gray'
size=1Username and Password are case sensitive./font
/td
/tr
tr
td colspan=2
align=centerfont color='red'?php echo $status; ?/font/td
/tr
tr
td colspan=2 align=right
input type=submit
name=Submit value= Login style=font-weight:bold;
/td
/tr
It looks like the value= line for user name puts the text the user
types into in the $UserName variable (or is this setting a default
value if $UserName exists?).
The password line does not have this. Either way, this setup works
fine on the original server.
At the top of the index.php page, it then has php code like the following:
?php
setcookie (ccp_logged_in);
setcookie (ccp_username);
setcookie (ccp_uid);
setcookie (ccp_fname);
setcookie (ccp_lname);
setcookie (ccp_access);
setcookie (ccp_company);
setcookie (ccp_account);
setcookie (ccp_maccount);
setcookie (ccp_master);
//Get Global Variable Settings
require(internet/include/global.php);
/
Open a Database connection to the MySQL
Database
/
if ($UserName != ){
$link = mysql_connect($SERVERNAME, $DB_USER,
$DB_PWD)
or die (Could not Connect);
mysql_select_db ($DB)
(code continues on to validate user and then if approved, goes to
another page called page2.php)
Note: The submit action is to go back to itself (index.php).
It never gets in here as if $UserName is not set (at least that is
what I think is going on because if I put $UserName =
someuser/$Password=password/$AccountNo=someacctno just before the
if...then statement, it validates and moves on to page2.php). If I
hardcode set these (which is not an option for use..just for
troubleshooting), it goes to page2.php, with the cookies, which I
checked with print_r option. However, it has a if ($ccs_logged_in =
1) check that fails, even though the print_r shows it is set to 1 as
if it is not using the cookie. I am fairly new to php, so I do not
know if I am supposed to capture the ccs_logged_in cookie value and
assign it to $ccs_logged_in variable. I am not doing this because,
well, it is working as such on the other server.
Can anybody please help me understand what is going on with these php
pages?
This electronic message transmission contains information from the
office of David Shapiro, ITC^DeltaCom, Inc., which may be confidential
or privileged. The information is intended to be for the use of the
individual or entity named above. If you are not the intended
recipient, be aware that any disclosure, copying, distribution or use
of the contents of this information is prohibited. If you have
received this electronic transmission in error, please notify us by
telephone 1-919-865-6955 or by electronic mail
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
immediately.
--
Raditha Dissanayake.
http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 128 KB | with progress bar.
--
PHP General Mailing List (http://www.php.net
RE: [PHP] Setcookie variable use issue after moving php app to di fferent server
Thanks for pointing in the hopefully the right direction. I see in /etc/php.ini the following: ; - register_globals = Off [Security, Performance] I put below this line: register_globals = On And I restarted apache. However, it did not seem to resolve the issue, although I still think this sounds right. Do I implement the turning on of the register_globals correctly, or do I need to do something different? David -Original Message- From: John Holmes [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 9:53 AM To: Shapiro, David; [EMAIL PROTECTED] Cc: Perry, Joe (ITCD) Subject: Re: [PHP] Setcookie variable use issue after moving php app to different server From: Shapiro, David We are trying to move our php app to a different server. For some reason, when we type in the login/password/ account number info and click submit, it does not seem to set the variables. The magic 8-ball says register_globals is OFF on the new server... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie variable use issue after moving php app to different server
From: Shapiro, David [EMAIL PROTECTED] Thanks for pointing in the hopefully the right direction. I see in /etc/php.ini the following: ; - register_globals = Off [Security, Performance] I put below this line: register_globals = On And I restarted apache. However, it did not seem to resolve the issue, although I still think this sounds right. Do I implement the turning on of the register_globals correctly, or do I need to do something different? That's the right method, but you may not have edited the correct php.ini. Create a PHP page that only has ?php phpinfo(); ? as the source. Load that page and it'll show you all of the setting PHP is currently using along with the location of the php.ini file it's getting the configuration from. The php.ini file will be listed in the first table that's shown. If there is a full path including php.ini at the end, then that's the right file. If it's just a path, then that's where PHP is expecting to find php.ini, but did not. Hope that helps. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setcookie variable use issue after moving php app to di fferent server
You certainly know your stuff. Unfortunatley, it says that is uses /etc/php.ini, which I did modify, but it also reports register_globals as still off too. It does show a scan dir for additional .ini files (/etc/php.d and additional ini files parsed as ldap.ini, mysql.ini, and odbc.ini too, but I don't think they would have anything to do with it. I'm stumped. Other than adding the entry and stop/starting apache, is there anything else I need to go? David -Original Message- From: John Holmes [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 10:49 AM To: Shapiro, David; [EMAIL PROTECTED] Cc: Perry, Joe (ITCD) Subject: Re: [PHP] Setcookie variable use issue after moving php app to different server From: Shapiro, David [EMAIL PROTECTED] Thanks for pointing in the hopefully the right direction. I see in /etc/php.ini the following: ; - register_globals = Off [Security, Performance] I put below this line: register_globals = On And I restarted apache. However, it did not seem to resolve the issue, although I still think this sounds right. Do I implement the turning on of the register_globals correctly, or do I need to do something different? That's the right method, but you may not have edited the correct php.ini. Create a PHP page that only has ?php phpinfo(); ? as the source. Load that page and it'll show you all of the setting PHP is currently using along with the location of the php.ini file it's getting the configuration from. The php.ini file will be listed in the first table that's shown. If there is a full path including php.ini at the end, then that's the right file. If it's just a path, then that's where PHP is expecting to find php.ini, but did not. Hope that helps. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie variable use issue after moving php app to different server
From: Shapiro, David [EMAIL PROTECTED] You certainly know your stuff. Unfortunatley, it says that is uses /etc/php.ini, which I did modify, but it also reports register_globals as still off too. It does show a scan dir for additional .ini files (/etc/php.d and additional ini files parsed as ldap.ini, mysql.ini, and odbc.ini too, but I don't think they would have anything to do with it. I'm stumped. Other than adding the entry and stop/starting apache, is there anything else I need to go? That should be all you have to do. Does it say that the local and master values are both OFF, still? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setcookie variable use issue after moving php app to di fferent server
Yes, I am afraid so. Both are marked as off. -Original Message- From: John Holmes [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 12:08 PM To: Shapiro, David; [EMAIL PROTECTED] Cc: Perry, Joe (ITCD) Subject: Re: [PHP] Setcookie variable use issue after moving php app to different server From: Shapiro, David [EMAIL PROTECTED] You certainly know your stuff. Unfortunatley, it says that is uses /etc/php.ini, which I did modify, but it also reports register_globals as still off too. It does show a scan dir for additional .ini files (/etc/php.d and additional ini files parsed as ldap.ini, mysql.ini, and odbc.ini too, but I don't think they would have anything to do with it. I'm stumped. Other than adding the entry and stop/starting apache, is there anything else I need to go? That should be all you have to do. Does it say that the local and master values are both OFF, still? ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie variable use issue after moving php app to di fferent server
* Thus wrote Shapiro, David: You certainly know your stuff. Unfortunatley, it says that is uses /etc/php.ini, which I did modify, but it also reports register_globals as still off too. It does show a scan dir for additional .ini files (/etc/php.d and additional ini files parsed as ldap.ini, mysql.ini, and odbc.ini too, but I don't think they would have anything to do with it. I'm stumped. Other than adding the entry and stop/starting apache, is there anything else I need to go? this looks like a RH setup.. take a look in: /etc/httpd/conf.d/php.conf For any directives being set in there. The ini files in php.d/ usually simply have: extension=file.so Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie statements are giving me error
I'm trying to set multiple cookies and getting the error below. I removed
all of the white spaces and extra lines before and after my ?php and ?,
so, that shouldn't be an issue. I get the error for each cookie and it
echoes back as ...cookie not set like I coded.
This is the code chunk I'm trying to run, which is called using require
(setcookie.php); from my main script. There aren't any extra spaces in my
main script because I can replace the require line with header ('Location:
http://www.anything.com'); and it will redirect successfully without any
cannot modify header errors, which tells me there's nothing wrong with my
main script. Am I doing something wrong with cookies here?
Warning: Cannot modify header information - headers already sent by.
setcookie (acctActive_ck, $daysRemaining); //set cookie for active
account, will terminate when browser window closes
if (setcookie(acctActive_ck)) { echo active cookie set; } else { echo
active cookie not set;}
setcookie (login_ck, $lo); //set cookie for active account, will
terminate when browser window closes
if (setcookie(login_ck)) { echo login cookie set; } else { echo login
cookie not set;}
setcookie (password_ck, $pw); //set cookie for password, will terminate
when browser window closes
if (setcookie(password_ck)) { echo pw cookie set; } else { echo pw
cookie not set;}
Thanks a million,
Ryan
Re: [PHP] setcookie statements are giving me error
* Thus wrote Ryan Schefke ([EMAIL PROTECTED]):
cannot modify header errors, which tells me there's nothing wrong with my
main script. Am I doing something wrong with cookies here?
Warning: Cannot modify header information - headers already sent by.
You're missing the most important part of the message, like at
exactly what line the output started.
setcookie (acctActive_ck, $daysRemaining); //set cookie for active
account, will terminate when browser window closes
if (setcookie(acctActive_ck)) { echo active cookie set; } else { echo
active cookie not set;}
No other cookie can be set after this line. Headers are sent once
you echo something.
Curt
--
I used to think I was indecisive, but now I'm not so sure.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] setcookie statements are giving me error
Curt,
Thanks. That was the issue. Am I allowed to redirect directly below the
setcookie functions using header ('Location
Thanks,
Ryan
==
-Original Message-
From: Curt Zirzow [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 14, 2004 3:29 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] setcookie statements are giving me error
* Thus wrote Ryan Schefke ([EMAIL PROTECTED]):
cannot modify header errors, which tells me there's nothing wrong with my
main script. Am I doing something wrong with cookies here?
Warning: Cannot modify header information - headers already sent by.
You're missing the most important part of the message, like at
exactly what line the output started.
setcookie (acctActive_ck, $daysRemaining); //set cookie for active
account, will terminate when browser window closes
if (setcookie(acctActive_ck)) { echo active cookie set; } else { echo
active cookie not set;}
No other cookie can be set after this line. Headers are sent once
you echo something.
Curt
--
I used to think I was indecisive, but now I'm not so sure.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie on PHP??
I need to set a cookie within a document in PHP? setcookie didn't work. I guess it works only in PHP3 PHP4 Any good ideas?? Thanks Rave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] setcookie on PHP??
Send some pieces of code. Daniel E Massón. Ingeniero de desarrollo [EMAIL PROTECTED] Imagine S.A. Su Aliado Efectivo en Internet www.imagine.com.co (57 1)2182064 - (57 1)6163218 Bogotá - Colombia - Soluciones web para Internet e Intranet - Soluciones para redes - Licenciamiento de Software - Asesoría y Soporte Técnico -Mensaje original- De: Balaravi, Bala (Ravi), ALABS [mailto:[EMAIL PROTECTED]] Enviado el: miércoles, 12 de febrero de 2003 12:41 Para: [EMAIL PROTECTED] Asunto: [PHP] setcookie on PHP?? I need to set a cookie within a document in PHP? setcookie didn't work. I guess it works only in PHP3 PHP4 Any good ideas?? Thanks Rave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] setcookie() in various browsers.. 3rd followup.. anyone?
This is with PHP 4.2 and register_globals off. I am setting cookies and starting a session in the following fashion: setcookie(EMAILADDR, $row[EMAIL], time()+2592000, '/', .$dn); where $dn = mydomain.com I want the cookies accessible sitewide .. at www.mydomain.com, mydomain.com, forums.mydomain.com, etc. in IE 5.5, IE 6.0, and NS 7.0, it seems this is being accomplished correctly. In NS 4.8 (and 4.7 I assume), the cookies are never even getting set. Can anyone tell me as to why? I've been prodding around cookie docs and trying to find something that works in all browsers, and a lot of people seem to have the same question.. Thanks! Chad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() in various browsers.. 3rd followup.. anyone?
On Wednesday 12 February 2003 05:44, Chad Day wrote: This is with PHP 4.2 and register_globals off. I am setting cookies and starting a session in the following fashion: setcookie(EMAILADDR, $row[EMAIL], time()+2592000, '/', .$dn); where $dn = mydomain.com I want the cookies accessible sitewide .. at www.mydomain.com, mydomain.com, forums.mydomain.com, etc. in IE 5.5, IE 6.0, and NS 7.0, it seems this is being accomplished correctly. In NS 4.8 (and 4.7 I assume), the cookies are never even getting set. Can anyone tell me as to why? I've been prodding around cookie docs and trying to find something that works in all browsers, and a lot of people seem to have the same question.. archives cookie handling I'm sure there's some interesting reading to be found. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Emerson's Law of Contrariness: Our chief want in life is somebody who shall make us do what we can. Having found them, we shall then hate them for it. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie() in various browsers.. 3rd followup.. anyone?
If you read the original cookie spec, written by Netscape, the cookie is set based on the preceding . (dot). So, if you set a cookie at www.domain.com (using the 5th parameter of setcookie), you can read it ONLY from www.domain.com. If you set it at .domain.com, as long as dot domain dot com is in the domain being used, it will work. The issue that is getting you is that if you set it for .domain (According to the original Netscape Spec), then domain.com DOES NOT MATCH, as domain.com does not have the initial dot. So, my guess is you are trying to write your cookie from domain.com with code that says write this for dot domain dot com (.domain.com), as in your example code. Since Netscape 4 and before follow the spec, they will not write the cookie, as you are trying to write it to a different domain than is setting it. (Those versions will also not read it.) The solution?? Leave your code the way is it, making sure that $dn never contains anything but the domain dot com (Only one dot). That will mean the cookie can be written and read from any domain containing .domain.com (dot domain dot com), such as you.domain.com, www.domain.com, anyCname_you_want.domain.com, etc. Then, make sure your site NEVER loads without the www. (or something dot domain). Kind of a pain, but since newer browsers aren't sticking to that original spec (not sure I.E. ever did), the issue is going away with time. HTH, Peter Janett New Media One Web Services New Upgrades Are Now Live!!! Windows 2000 accounts - Cold Fusion 5.0 and Imail 7.1 Sun Solaris (UNIX) accounts - PHP 4.1.2, mod_perl/1.25, Stronghold/3.0 (Apache/1.3.22), MySQL 3.23.43 PostgreSQL coming soon! http://www.newmediaone.net webmaster at newmediaone.net (303)828-9882 - Original Message - From: Jason Wong [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, February 11, 2003 10:14 PM Subject: Re: [PHP] setcookie() in various browsers.. 3rd followup.. anyone? On Wednesday 12 February 2003 05:44, Chad Day wrote: This is with PHP 4.2 and register_globals off. I am setting cookies and starting a session in the following fashion: setcookie(EMAILADDR, $row[EMAIL], time()+2592000, '/', .$dn); where $dn = mydomain.com I want the cookies accessible sitewide .. at www.mydomain.com, mydomain.com, forums.mydomain.com, etc. in IE 5.5, IE 6.0, and NS 7.0, it seems this is being accomplished correctly. In NS 4.8 (and 4.7 I assume), the cookies are never even getting set. Can anyone tell me as to why? I've been prodding around cookie docs and trying to find something that works in all browsers, and a lot of people seem to have the same question.. archives cookie handling I'm sure there's some interesting reading to be found. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Emerson's Law of Contrariness: Our chief want in life is somebody who shall make us do what we can. Having found them, we shall then hate them for it. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] setcookie() in various browsers..
Following up from Friday.. no replies over the weekend.. can anyone help? Thanks, Chad -Original Message- From: Chad Day [mailto:[EMAIL PROTECTED]] Sent: Friday, February 07, 2003 3:02 PM To: php general Subject: [PHP] setcookie() in various browsers.. This is with PHP 4.2 and register_globals off. I am setting cookies and starting a session in the following fashion: setcookie(EMAILADDR, $row[EMAIL], time()+2592000, '/', .$dn); where $dn = mydomain.com I want the cookies accessible sitewide .. at www.mydomain.com, mydomain.com, forums.mydomain.com, etc. in IE 6.0, and NS 7.0, it seems this is being accomplished correctly. In NS 4.8, the cookies are never even getting set. Can anyone tell me as to why? I've been prodding around cookie docs and trying to find something that works in all browsers, and a lot of people seem to have the same question.. Thanks! Chad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie function
Hi listers, I have some webspace on a Unix server running apache. Things look like this there: Path to dir with files - /home/username/public_html/ URL - www.somesite.net/~username setcookie(id,$randval,time()+3600,Q1,Q2,0); What do I plug into Q1 and Q2? I want to set cookie for only my part of the site and not the whole site. regards sukrit -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Setcookie() and header()
After I set a cookie and then send a redirect header, the cookie doesn't show up, but the browser successfully redirects. setcookie(test, blahblah, time() + 1440); header(Location: http://www.mywebsite.com/login.php;); However, if I take out the header() statement, then the cookie is successfully set. Anyone else having this problem? J. Alden Gillespy (aka Dogga) Microsoft Beta Tester: - Office 11 - Content Management Server (CMS) 2002 - Systems Management Server (SMS) 2003 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie() and header()
Unless I am mistaken, the typical behavior for most browsers is exactly as you described. Which is due to the browser receiving a Location header and acting on it, disregarding any other headers. (ex: cache/no-cache, cookies, etc) Anybody care to prove me wrong? While not the best route, you could alternatively use a meta-refresh for the redirect. This would give you the chance for the headers to be read and the cookie created. Hope that helps, Jason k Larson J. Alden Gillespy wrote: After I set a cookie and then send a redirect header, the cookie doesn't show up, but the browser successfully redirects. setcookie(test, blahblah, time() + 1440); header(Location: http://www.mywebsite.com/login.php;); However, if I take out the header() statement, then the cookie is successfully set. Anyone else having this problem? J. Alden Gillespy (aka Dogga) Microsoft Beta Tester: - Office 11 - Content Management Server (CMS) 2002 - Systems Management Server (SMS) 2003 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie() and header()
On Tue, 14 Jan 2003 22:34:49 -0700, you wrote: Unless I am mistaken, the typical behavior for most browsers is exactly as you described. Which is due to the browser receiving a Location header and acting on it, disregarding any other headers. (ex: cache/no-cache, cookies, etc) Anybody care to prove me wrong? Actually most browsers can handle receiving a cookie and being redirected in the same response. I have several applications that do this and I have no problems in later versions of IE, Mozilla, Netscape, or Opera (all that I can test with). I would wager that the original poster is using IIS, and I would also wager that they are running PHP in CGI mode, not ISAPI mode. IIS has a bug that occurs when a CGI program tries to set a cookie and redirect in the same response (detailed in Microsoft Knowledge Base article Q176113), but there is a workaround. I sent a post to this list back in August of last year which details the workaround: http://marc.theaimsgroup.com/?l=php-generalm=102929828515647w=2 If the original post isn't using IIS, then I'm not sure what's happening. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Setcookie() and header()
Accidentally replied to sender instead of list -- Wow. You hit the nail on the head. :) I installed PHP on IIS via the executable, so I gather I have one of two choices: -- Research your article and see how to work around the problem OR -- Use ISAPI. (how do I go about doing this? :) Thanks again for your help so far. J. Alden Gillespy (aka Dogga) Microsoft Beta Tester: - Office 11 - Content Management Server (CMS) 2002 - Systems Management Server (SMS) 2003 -Original Message- From: Michael Sims [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 1:08 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] On Tue, 14 Jan 2003 22:34:49 -0700, you wrote: Unless I am mistaken, the typical behavior for most browsers is exactly as you described. Which is due to the browser receiving a Location header and acting on it, disregarding any other headers. (ex: cache/no-cache, cookies, etc) Anybody care to prove me wrong? Actually most browsers can handle receiving a cookie and being redirected in the same response. I have several applications that do this and I have no problems in later versions of IE, Mozilla, Netscape, or Opera (all that I can test with). I would wager that the original poster is using IIS, and I would also wager that they are running PHP in CGI mode, not ISAPI mode. IIS has a bug that occurs when a CGI program tries to set a cookie and redirect in the same response (detailed in Microsoft Knowledge Base article Q176113), but there is a workaround. I sent a post to this list back in August of last year which details the workaround: http://marc.theaimsgroup.com/?l=php-generalm=102929828515647w=2 If the original post isn't using IIS, then I'm not sure what's happening. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setcookie() and header()
On Wed, 15 Jan 2003 01:36:26 -0500, you wrote: Wow. You hit the nail on the head. :) Well, I spent a good day or two hunting the problem down the first time I ran across it. Spending that much time on something tends to make it stick in your head. :) I installed PHP on IIS via the executable, so I gather I have one of two choices: -- Research your article and see how to work around the problem OR -- Use ISAPI. (how do I go about doing this? :) It's been several months since I've tried to use PHP with IIS, but when I did it was the general consensus that the ISAPI module wasn't stable enough for production sites. If that's still the case I'd probably stick with the CGI version. Of course things may have improved, I haven't been keeping up with the Windows side of things. Perhaps someone on the php-windows list would have some ISAPI experiences to share. If you decide to try and implement the workaround and run into problems, drop me a line. I have working code examples which deal with this problem that I'd be happy to share. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie IE6 problem
I'm setting a session cookie with the following code -
function setSessionCookie(){
$expires = time()+$this-session_expires;
$issetCookie = setcookie($this-cookiename,
$this-sess_id,
$expires,
/,
);
}
Occasionally setcookie seems to fail in IE6, or perhaps when I subsequently
retrieve the cookie as a part of the authentication code on each page IE6
fails to pick up the cookie - either way I get logged out.
Other browsers (NS4, IE5, IE5.5) seem okay.
Any Ideas?
Javier
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie IE6 problem
MS has introduced p3p policy in IE6 which has impacted on cookies etc. If
the site or host does not have a machine generated xml privacy statement,
then stability with regards
to cookies is not guaranteed. Do a search and read up about it. Check out
w3c's site.
- Original Message -
From: Javier Montserat [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, August 29, 2002 1:39 PM
Subject: [PHP] setcookie IE6 problem
I'm setting a session cookie with the following code -
function setSessionCookie(){
$expires = time()+$this-session_expires;
$issetCookie = setcookie($this-cookiename,
$this-sess_id,
$expires,
/,
);
}
Occasionally setcookie seems to fail in IE6, or perhaps when I
subsequently
retrieve the cookie as a part of the authentication code on each page IE6
fails to pick up the cookie - either way I get logged out.
Other browsers (NS4, IE5, IE5.5) seem okay.
Any Ideas?
Javier
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie IE6 problem
Thanks for the reply, a little more info below...
Speaking of cookies, any general thoughts on the relative merits of using
php's setcookie function vs. setting a cookie with a header() call? Are
both methods equal?
Will do more research later and post anything interesting on the IE6
issue...
. . . . .
php manual - setcookie notes
[EMAIL PROTECTED] wrote -
MSIE 6 has a inaccurate definition of third party cookies. If your domain is
hosted on one server and your PHP stuff is on another, the IE6 p3p
implementation considers any cookies sent from the second machine third
party.
Third party cookies will be blocked automatically in most privacy settings
if not accompanied by what MS considers an appropriate Compact Policy. In
order to make this new piece of tweakable garbage happy I'd suggest you'd
par exemple send
header('P3P: CP=NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM');
before sending your cookie from your second machine.
This header enables your cookie to survive any privacysetting.
MS has introduced p3p policy in IE6 which has impacted on cookies etc. If
the site or host does not have a machine generated xml privacy statement,
then stability with regards
to cookies is not guaranteed. Do a search and read up about it. Check out
w3c's site.
- Original Message -
From: Javier Montserat [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, August 29, 2002 1:39 PM
Subject: [PHP] setcookie IE6 problem
I'm setting a session cookie with the following code -
function setSessionCookie(){
$expires = time()+$this-session_expires;
$issetCookie = setcookie($this-cookiename,
$this-sess_id,
$expires,
/,
);
}
Occasionally setcookie seems to fail in IE6, or perhaps when I
subsequently
retrieve the cookie as a part of the authentication code on each page
IE6
fails to pick up the cookie - either way I get logged out.
Other browsers (NS4, IE5, IE5.5) seem okay.
Any Ideas?
Javier
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
Join the worlds largest e-mail service with MSN Hotmail.
http://www.hotmail.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie() failure
Can anyone tell me why the following setcookie()s fail?
?php
require(settings.php);
require(common.php);
if (!($link = mysql_connect($dbhost, $dbuser, $dbpass))) {
ReportError(An error was encountered while trying to establish a connection
to the mySQL server, using function mysql_connect(), with..\r\n Hostname:
$dbhost \n Username: $dbuser \n Password: $dbpass \r\n A possible problem is
that the hostname/username/password is incorrect, or the mySQL server is
down.);
}
if (!(mysql_select_db($dbname, $link))) {
ReportError(An error was encountered while trying to select the mySQL
database '$dbname', using funcion mysql_select_db().\r\nA possible problem
is that the specified database '$dbname' does not exist.);
}
$find_user = mysql_query(SELECT `user_id` FROM `users` WHERE `name` =
'$username' AND `password` = '$password');
if (mysql_num_rows($find_user) == 1) {
$title = Hello, $username!;
$message = Thanks for logging in! You can now use our forums, add comments
and add Tabs/Lyrics.;
$uid = mysql_fetch_row($find_user);
$expDate = mktime(12, 50, 30, 6, 20, 2010);
setcookie(tzusercookie, $uid, $expDate);
setcookie(tzpasscookie, $password, $expDate);
} else {
$title = There was an error logging you in;
$message = Could not log you in, check the username and password you
entered and try again.;
}
?
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
html
head
?php include(templates/$template/styles.css); ?
title?php echo($title); ? - Tabzilla.com/title
META http-equiv=Content-Type content=text/html; charset=ISO-8859-1
/head
body
?php include(templates/$template/head.php); ?
br
table width=100% cellspacing=0 cellpadding=0 bgcolor=white
border=0
trtd width=20% valign=top?php include(lnav.php); ?/tdtd
width=60%
table width=95% align=center bgcolor=#CFCFCF
height=30trtdb?php echo($title); ?/b/td/tr/table
br
table width=95% cellspacing=0 cellpadding=1 border=0
align=center
tr
td
?php echo($message); ?
/td
/tr
/table
/td
td width=20% valign=top?php include(rnav.php); ?/td/tr/table
?php include(footer.php); ?
/body
/html
--
-
[EMAIL PROTECTED]
http://www.cool-palace.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie question
I need to create a cookie that is accessible from more than 1 application, but on the same server. What would be the proper syntax? What I tried was setcookie (myCookie,$cookie_value,$timeToExpire,'/'); Right or wrong or impossible? Should I not have used the /? Thanks. -- Gaylen PHP KISGB v4.0.5 Guest Book http://www.gaylenandmargie.com/phpwebsite/ PHP KISSQ v1.0 Stock Quote http://www.gaylenandmargie.com/phpwebsite -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie then redirect
List,
I'm trying to set a cookie like this:
?php
function redirect() {
if ($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_NAME']) {
$to = func_get_arg(0);
header(HTTP/1.1 301\n);
header(Location:http://.$_SERVER['SERVER_NAME'].$to.\n);
header(Set-Cookie: sid=$sid;\n\n);
exit();
}
}
function login() {
[... validation code here ...]
// set my cookie
setcookie(sid, $sid);
return true;
}
if (login($token) == true) {
redirect(/somepage.php);
}
?
but this thing isn't working...seems like it's not writing the SID value
in the cookie. In other code (on /somepage.php for example) when I read
the cookie value ($_COOKIES['sid']) it can't find it. Ideas?
So how do I set cookies then redirect?
I'm using Apache 1.3.x, PHP 4.1.2, RH7.3
TIA
/B
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie then redirect + Answer
Read your data from $_COOKIE not $_COOKIES.
David Busby wrote:
List,
I'm trying to set a cookie like this:
?php
function redirect() {
if ($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_NAME']) {
$to = func_get_arg(0);
header(HTTP/1.1 301\n);
header(Location:http://.$_SERVER['SERVER_NAME'].$to.\n);
header(Set-Cookie: sid=$sid;\n\n);
exit();
}
}
function login() {
[... validation code here ...]
// set my cookie
setcookie(sid, $sid);
return true;
}
if (login($token) == true) {
redirect(/somepage.php);
}
?
but this thing isn't working...seems like it's not writing the SID value
in the cookie. In other code (on /somepage.php for example) when I read
the cookie value ($_COOKIES['sid']) it can't find it. Ideas?
So how do I set cookies then redirect?
I'm using Apache 1.3.x, PHP 4.1.2, RH7.3
TIA
/B
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie then redirect
David Busby wrote:
List,
I'm trying to set a cookie like this:
?php
function redirect() {
if ($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_NAME']) {
$to = func_get_arg(0);
header(HTTP/1.1 301\n);
header(Location:http://.$_SERVER['SERVER_NAME'].$to.\n);
header(Set-Cookie: sid=$sid;\n\n);
exit();
}
}
You can't do this. Your Set-Cookie header is not going to be included
in the HTTP response, so the browser never receives it. This is because
you are using a Location header on the same page, which is going to
take precedence. If you search the archives, you'll see more details
about this behavior and some other peoples' opinions.
You have two ways around this:
1. Use a meta refresh instead of a protocol-level redirect.
2. Redesign the flow of your application to better handle this behavior.
Happy hacking.
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie(), logout
I'm going over some code handed to me, a logout function:
function user_logout()
{
setcookie( 'user_name', '',(time()+28800), '/', '',0);
setcookie( 'id_hash', '',(time()+28800), '/', '',0);
}
Doesn't this mean the cookie will expire after 8 hrs? So what's this
really doing?
Moreover I found this contrib. note on the setcookie reference pg.:
Then why have I not seen anybody using the client's time?
Note:
Just as a note, You might want to use the client browers time to set your
expires, using your local time might mean your cookie wont expire for 24
hours.
-Pushkar S. Pradhan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
Hello jtjohnston, Saturday, May 11, 2002, 11:42:52 PM, you wrote: j This is a bug Feature/Change Request I made to: j http://bugs.php.net/bug.php?id=17158 j setcookie() states cookies must be sent before any other headers j are sent (this is a restriction of cookies, not PHP). j I argue this is a restriction of PHP, not cookies. j Here is my proof: j http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm j I can do this any time in body : j script jsetCookie(TestCookie,first time,expdate); jvar DisplayData = getCookie(TestCookie); jdocument.write(DisplayData); jsetCookie(TestCookie,second time,expdate); jvar DisplayData = getCookie(TestCookie); jdocument.write(DisplayData); j /script j I want to be able to setcookie() anytime I want, before and after I j declare any HTML. j This will never get changed, unless we ask for it. j I would appreciate your vote of support at: j http://bugs.php.net/bug.php?id=17158 j before the bug people close this thread. Are you kidding? -- Best regards, Olexandrmailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie() in 4.2.0
The following code doesn't work properly on PHP 4.1: ?php echo pBlah, blah/p; setcookie(kuku, abc); setcookie(lala, def); setcookie(zuzu, ghi); ? Because I wrote echo statement before setcookie. But it works on PHP 4.2. Is it due to output_buffering=4096 directive in php.ini? -- Best regards, Olexandr mailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] setcookie() in 4.2.0
Yes. Output buffering is good. Some people will say that you shouldn't use it, but should make sure to write all your code so that there can't be any output before any headers need to be sent. I disagree with this. While a good idea in principle, in practice it is all but impossible to keep going. (Or maybe I'm just too lazy to take the tremendous amount of time it would take to rewrite our code to not send output before headers...) Matthew Walker Senior Software Engineer ePliant Marketing -Original Message- From: Olexandr Vynnychenko [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 11, 2002 6:35 AM To: [EMAIL PROTECTED] Subject: [PHP] setcookie() in 4.2.0 The following code doesn't work properly on PHP 4.1: ?php echo pBlah, blah/p; setcookie(kuku, abc); setcookie(lala, def); setcookie(zuzu, ghi); ? Because I wrote echo statement before setcookie. But it works on PHP 4.2. Is it due to output_buffering=4096 directive in php.ini? -- Best regards, Olexandr mailto:[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setcookie()
This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. Here is my proof: http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm I can do this any time in body : script setCookie(TestCookie,first time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); setCookie(TestCookie,second time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); /script I want to be able to setcookie() anytime I want, before and after I declare any HTML. This will never get changed, unless we ask for it. I would appreciate your vote of support at: http://bugs.php.net/bug.php?id=17158 before the bug people close this thread. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
PHP is a server-side language and as such it deals with server-side issues. If you want to write javascript that sets a client-side Javascript cookie, go ahead. It has nothing to do with PHP and PHP will certainly not get in your way. -Rasmus On Sat, 11 May 2002, jtjohnston wrote: This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. Here is my proof: http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm I can do this any time in body : script setCookie(TestCookie,first time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); setCookie(TestCookie,second time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); /script I want to be able to setcookie() anytime I want, before and after I declare any HTML. This will never get changed, unless we ask for it. I would appreciate your vote of support at: http://bugs.php.net/bug.php?id=17158 before the bug people close this thread. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
Rasmus server-side / client-side, that's not the point. My point is PHP can, could and should be able to set a cookie after HTML is set. But of course, Jan has already closed the issue, as usual. http://bugs.php.net/bug.php?id=17158 PHP is a server-side language and as such it deals with server-side issues. If you want to write javascript that sets a client-side Javascript cookie, go ahead. It has nothing to do with PHP and PHP will certainly not get in your way. -Rasmus On Sat, 11 May 2002, jtjohnston wrote: This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. Here is my proof: http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm I can do this any time in body : script setCookie(TestCookie,first time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); setCookie(TestCookie,second time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); /script I want to be able to setcookie() anytime I want, before and after I declare any HTML. This will never get changed, unless we ask for it. I would appreciate your vote of support at: http://bugs.php.net/bug.php?id=17158 before the bug people close this thread. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- John Taylor-Johnston - ' ' ' Collège de Sherbrooke: ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/ - Université de Sherbrooke: http://compcanlit.ca/ 819-569-2064 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
If the issue has pissed you off in tha past, complain. Vote: http://bugs.php.net/bug.php?id=17158 Rasmus server-side / client-side, that's not the point. My point is PHP can, could and should be able to set a cookie after HTML is set. But of course, Jan has already closed the issue, as usual. http://bugs.php.net/bug.php?id=17158 PHP is a server-side language and as such it deals with server-side issues. If you want to write javascript that sets a client-side Javascript cookie, go ahead. It has nothing to do with PHP and PHP will certainly not get in your way. -Rasmus On Sat, 11 May 2002, jtjohnston wrote: This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. Here is my proof: http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm I can do this any time in body : script setCookie(TestCookie,first time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); setCookie(TestCookie,second time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); /script I want to be able to setcookie() anytime I want, before and after I declare any HTML. This will never get changed, unless we ask for it. I would appreciate your vote of support at: http://bugs.php.net/bug.php?id=17158 before the bug people close this thread. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- John Taylor-Johnston - ' ' ' Collège de Sherbrooke: ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/ - Université de Sherbrooke: http://compcanlit.ca/ 819-569-2064 -- John Taylor-Johnston - ' ' ' Collège de Sherbrooke: ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/ - Université de Sherbrooke: http://compcanlit.ca/ 819-569-2064 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
And you can do so if you turn on output buffering. Having PHP send off JavaScript to do this is a massive hack that has no place in PHP. Write your own setcookie wrapper function if that is what you want. -Rasmus On Sat, 11 May 2002, jtjohnston wrote: Rasmus server-side / client-side, that's not the point. My point is PHP can, could and should be able to set a cookie after HTML is set. But of course, Jan has already closed the issue, as usual. http://bugs.php.net/bug.php?id=17158 PHP is a server-side language and as such it deals with server-side issues. If you want to write javascript that sets a client-side Javascript cookie, go ahead. It has nothing to do with PHP and PHP will certainly not get in your way. -Rasmus On Sat, 11 May 2002, jtjohnston wrote: This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. Here is my proof: http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm I can do this any time in body : script setCookie(TestCookie,first time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); setCookie(TestCookie,second time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); /script I want to be able to setcookie() anytime I want, before and after I declare any HTML. This will never get changed, unless we ask for it. I would appreciate your vote of support at: http://bugs.php.net/bug.php?id=17158 before the bug people close this thread. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- John Taylor-Johnston - ' ' ' Collège de Sherbrooke: ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/ - Université de Sherbrooke: http://compcanlit.ca/ 819-569-2064 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] setcookie()
You've just pointed out that you're a clueless newbie, that's' all, and can't read a spec worth a whit. -Original Message- From: jtjohnston [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 11, 2002 4:50 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] setcookie() Rasmus server-side / client-side, that's not the point. My point is PHP can, could and should be able to set a cookie after HTML is set. But of course, Jan has already closed the issue, as usual. http://bugs.php.net/bug.php?id=17158 PHP is a server-side language and as such it deals with server-side issues. If you want to write javascript that sets a client-side Javascript cookie, go ahead. It has nothing to do with PHP and PHP will certainly not get in your way. -Rasmus On Sat, 11 May 2002, jtjohnston wrote: This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. Here is my proof: http://www.collegeSherbrooke.qc.ca/languesmodernes/cookie.htm I can do this any time in body : script setCookie(TestCookie,first time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); setCookie(TestCookie,second time,expdate); var DisplayData = getCookie(TestCookie); document.write(DisplayData); /script I want to be able to setcookie() anytime I want, before and after I declare any HTML. This will never get changed, unless we ask for it. I would appreciate your vote of support at: http://bugs.php.net/bug.php?id=17158 before the bug people close this thread. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- John Taylor-Johnston - ' ' ' Collège de Sherbrooke: ô¿ô http://www.collegesherbrooke.qc.ca/languesmodernes/ - Université de Sherbrooke: http://compcanlit.ca/ 819-569-2064 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setcookie()
On Sat, 11 May 2002, jtjohnston wrote: This is a bug Feature/Change Request I made to: http://bugs.php.net/bug.php?id=17158 setcookie() states cookies must be sent before any other headers are sent (this is a restriction of cookies, not PHP). I argue this is a restriction of PHP, not cookies. It's a benefit of PHP. Unlike certain other languages, PHP gives you finer control over how things are sent. The side-effect of this is that you are able to attempt things that don't make sense and can't work. If you want to use setcookie() anywhere within your PHP program, then just call ob_start() at the top of your code and go to town. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Setcookie problems...
Please help... When we are setting a cookie in a PHP page, that cookie cannot be accessed by any page in a different folder. When we move the pages into the same folder, the cookies worked fine. Can anyone shed some light on this?? Here is how we are setting the cookie: setcookie(cookiename, $value, time()+3600); Also, you are supposed to be able to leave the time out and the cookie will expire on session close, but when we leave the time out, no cookie is set. Any help here either? Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
