Hey hey,
Having me some fun trying to figure out where I’m going wrong with my login script. 'Bout ready to pull my hair out, but rather than do that, maybe you guys can help me.
I’ve got a simple login situation. Usernames are in a dropdown, they enter a password, if password is successful, cookies are assigned. However, even with the cookie assigned my if(isset($_COOKIE[“cookiename”])) is still validating to false EVEN THOUGH the cookies exist.
If I refresh (resubmit) the form THEN the cookie validates. I’m so confused on this.
I suppose a visual would make more sense.
Attached below are the steps of my process in order and where I’m having an issue.
Here’s the login code.
First, the HTML form.
<form method="post">
<fieldset class="login_form">
<legend>Please enter password to access this page</legend>
<font color="red"></font><br />
<p><label for="access_login">Login:</label><!--<input type="input" name="access_login" />--><select name="access_login"><option value="A&K">A&K</option><option value="CEA">CEA</option><option value="CSSI">CSSI</option><option value="Nexus">Nexus</option></select></p><p><label for="access_password">Password:</label>
<input type="password" name="access_password" /></p><p><label> </label><input type="submit" name="Submit" value="Submit" /></p>
</fieldset>
</form>
Now, the page where I validate stuff.
<?PHP
include("includes/header.php");
include("includes/login_include.php");
if (isset($_COOKIE['slp_name'])) {
// get page info
$page_title = $_COOKIE['slp_name'];
$meta_keywords = "";
$meta_description = "";
$content = $_COOKIE['slp_name'];
} else {
$page_title = "Oops!";
$meta_keywords = "";
$meta_description = "";
$content = "<h1>Oops.</h1><p>It seems that your company page does not exist or hasn't been created yet.</p>";
}
//***********************************************************************************
// Page Output!
//***********************************************************************************
$template = get_template("templates/main_page.htm");
$template = str_replace("%PAGE-TITLE%",$page_title,$template);
$template = str_replace("%META-KEYWORDS%",$meta_keywords,$template);
$template = str_replace("%META-DESCRIPTION%",$meta_description,$template);
$template = str_replace("%CONTENT%",$content,$template);
include("includes/footer.php");
print $template;
?>
Now, the login include.
<?PHP
// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);
// User will be redirected to this page after logout
define('LOGOUT_URL', 'index.php');
// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 30);
// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);
$pw_match_found = false;
##################################################################
# SETTINGS END
##################################################################
// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
// logout?
if (isset($_GET['logout'])) {
setcookie("aa_verify", '', $timeout, '/'); // clear password;
setcookie("slp_name", '', $timeout, '/');
header('Location: ' . LOGOUT_URL);
exit();
}
if (!function_exists('showLoginPasswordProtect')) {
// show login form
function showLoginPasswordProtect($error_msg,$login_opts) {
$login_form = get_template("templates/login_form.htm");
if ($error_msg != "") {
$login_form = str_replace("%ERROR-MESSAGE%",$error_msg,$login_form);
} else {
$login_form = str_replace("%ERROR-MESSAGE%","",$login_form);
}
$login_form = str_replace("%LOGIN-OPTIONS%",$login_opts,$login_form);
print $login_form;
// stop at this point
die();
}
}
// user provided password
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
// Company name
$sql = "SELECT
id,
company_name,
pass
FROM
company_table
ORDER BY
company_name";
$result = &$db->query($sql);
while ($p = $result->fetch()) {
// Sort through all the data 'till we find a match.
if ($_POST["access_login"] == $p["company_name"]) {
// now we gotta check the password to see if it matches.
if ($_POST["access_password"] == $p["pass"]) {
// match
$pw_match_found = true;
}
}
}
if ($pw_match_found == false) {
showLoginPasswordProtect("Incorrect password.",$login_options);
} else {
setcookie("aa_verify", md5($login.'%'.$pass), $timeout, '/');
setcookie("slp_name", html_entity_decode($login), $timeout, '/');
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
} else {
// check if password cookie is set
if (!isset($_COOKIE['aa_verify'])) {
showLoginPasswordProtect("",$login_options);
}
// check if cookie is good
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['aa_verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("aa_verify", md5($lp), $timeout, '/');
setcookie("slp_name", html_entity_decode($login), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("",$login_options);
}
}
?>
I can’t figure out WHY it won’t register that the cookie has been set after login was successful AND the cookie IS set.
The images below go like this:
One - Correct password is entered
Two - Cookies are set, but the logic doesn’t SEE them as being set.
Three - You can see the cookies are set when I use the web dev plug-in for Firefox.
Four - I hit refresh…
Five - I hit “Resend”
Six - Suddenly the cookies are recognized.
They need to be recognized at step two. Please help.