Well, when you set a cookie, it is sent in the headers, so the browser
isnt going to send the cookie back to the server until a refresh, the
best way is to either cash the userlog on details in the log in
function, so you need not refresh, or simply use a header("Location:
/"); or something to force the browser to reload the page.
-----Original Message-----
From: Richard Kurth [mailto:[EMAIL PROTECTED]]
Sent: 18 June 2001 23:28
To: [EMAIL PROTECTED]
Subject: [PHP] What is the deal with cookies
I have a script that authorizes the user and sets a cookie but when I
run the script it takes the username and password sets the cookie.
Verifies the cookie is set and then runs the rest of the code on the
page. except it does not pass on the user name. I have to do a manual
refresh to get it to pull the data from the database using the username
furnished by the cookie. Look at the code below. how can I overcome this
refresh problem.
This is the script that calls the userauth.php file look at the
userauth.php file below
include("../inc/dataconf.inc");
include("userauth.php");
include("../inc/function.inc");
conf();
$username = $user_name;
$db = MYSQL_CONNECT($roothostname,$rootusername, $rootpassword) OR
DIE("Unable to connect to database");
$query = "Select * from customers,datsubd,plans where datsubd.id =
customers.id and customers.cusername='$username'and
plans.planno=customers.plan"; $result=mysql_db_query($dbName,$query);
$row = mysql_fetch_array($result);
?>
<? include("top.inc");?>
<table width="100%" border="0" cellspacing="0" cellpadding="0"
align="center"> <tr>
<td colspan="3"></td>
</tr>
<tr>
<td width="25%" align="left" valign="top"><?php
include("left.inc");?> </td>
<td width="100%" align="center" valign="top">
#########################################################
Userauth.php
function query($query)
{
Global $roothostname,$rootusername, $rootpassword,$dbName;
// Connect to DB
if (!$link = @MYSQL_CONNECT($roothostname,$rootusername,
$rootpassword))
{
$result = 0;
die("db connect error");
}
else
{
// Select DB
if (!@mysql_select_db($dbName, $link))
{
$result = 0;
die("db select error");
}
else
{
// Execute query
if (!$result = @mysql_query($query, $link))
{
$result = 0;
die("db query error");
}
}
}
@mysql_close($link);
return $result;
}
function login_user($user_name, $password)
// Form our sql query
$result = query("SELECT * FROM customers WHERE cusername
='$user_name'");
$row = mysql_fetch_array($result);
if (($row["cusername"] == $user_name) AND ($row["cpassword"] ==
$password) AND ($user_name != ""))
// User has been authenticated, send a cookie
$user_id = $row["cusername"];
$encryptedpassword = md5($password);
SetCookie("LoginCookie", "$user_id-$encryptedpassword", time()+50);
// 3600 expires one hour from now you can increse this if you what it to
last longer
$success = 1;
} else
$success = 0;
}
return $success;
}
function verify_auth($cookie)
// Split the cookie up into userid and password
$auth = explode("-", $cookie);
$query = query("SELECT * FROM customers WHERE cusername =
'$auth[0]'");
$row = mysql_fetch_array($query);
$encryptedpassword = md5($row["cpassword"]);
if (($row["cusername"] == $auth[0]) AND ($encryptedpassword ==
$auth[1]) AND ($auth[0] != ""))
$success = 1;
} else
$success = 0;
}
return $success;
}
function display_loginform()
{
global $SCRIPT_URL,$user_name;
?>
<table width="400" border="1" align="center">
<form name=login action="<?$SCRIPT_URL?>" method=post>
<tr><td bgcolor=black><font face="Arial" color=white
size=2><b>Login<b></font></td></tr>
<tr><td><font face="Arial" color=black size=2>Name <input
name="user_name" value="" size=10> Password <input name="password"
type=password value="" size=10></font></td></tr> <tr><td><font
face="Arial" color=black size=2> <input type="submit" value="Login">
<input type=reset value="Clear"></font></td></tr> </form> </table> <?
exit;
}
//////////////// script entry point here
$SCRIPT_URL=getenv("SCRIPT_NAME");
if($LoginCookie) // if cookie exists, check authenticity
{
$authenticated=verify_auth($LoginCookie);
if($authenticated==0) display_loginform();
} else {
$login=login_user($user_name,$password);
if($login==0) display_loginform();
}
// if user has logged in, the script carries on here.... $cookie_var =
split("-", $LoginCookie); // this variable contains who the user is
logged in as!
$username = $cookie_var[0];
Best regards,
Richard
mailto:[EMAIL PROTECTED]
