php cookie çalışmıyor

4 Cevap php

Ben doğrulama ile bir çerez kullanmaya çalışıyorum.

Bu sayfa kez kullanıcı ve pas giren işleri

   <?
    if ((!$_POST[username]) || (!$_POST[password])) {
        header("Location: show_login.html");
        exit;
    }
    $db_name = "testDB";
    $table_name = "auth_users";
    $connection = @mysql_connect("localhost", "user", "pass") or die(mysql_error());
    $db = @mysql_select_db($db_name, $connection) or die(mysql_error());
    $sql = "SELECT * FROM $table_name WHERE username ='$_POST[username]' AND password = password('$_POST[password]')";
    $result = @mysql_query($sql, $connection) or die(mysql_error());
    $num = mysql_num_rows($result);
        if ($num != 0) {
            $cookie_name = "auth";
            $cookie_value = "ok";
            $cookie_expire = "0";
            $cookie_domain = "domain.com.au";
            setcookie($cookie_name, $cookis_value, $cookie_expire, "/", $cookie_domain, 0);
            $display_block = "
            <p><strong>Secret Menu:</strong></p>
            <ul>
                <li><a href=\"secretA.php\">secret page A</a>
                <li><a href=\"secretB.php\">secret page B</a>
            </ul>"; 
        } else {
            header("Location: show_login.html");
            exit;
        }
    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Secret Area</title>
    </head>

    <body>
    <? echo "$display_block"; ?>


    </body>
    </html>

WHen clicking on either secretA.php or secretB.php I am redirected to log in again, it should work. here is the code. secretB.php

<?php

if ($_COOKIE[auth] == "ok") {
    $msg = "<p>Welcome to secret page B, authorised user! </P>";
} else {
    header( "Location: /show_login.html");
    exit;
}
?>
<HTML>
<HEAD>
<title>Secret Page B:</title>
</HEAD>
<BODY>

<? echo "$msg"; ?>

</BODY>
</HTML>

4 Cevap

İşte size berbat olabilir bir şeydir ...

setcookie($cookie_name, $cookis_value , $cookie_expire, "/", $cookie_domain, 0);

This if the great example of bad code.
Thanks for posting it. Many people can read it and learn from this.

Let me explain.
PHP can help you to find some obscure errors. Not every one but some of them.
For example, if you mistyped a variable name, PHP will throw an error... of course if you let PHP to say.
To make every error visible, error reporting level must be maxed. To do it, every script must contain this line:

error_reporting(E_ALL);

after you add it, if it was properly written code, you would see only one error message pointing to the mistyped variable. But.
Instead you will see a waterfall of errors. Because PHP cannot distinguish intentional errors from occasional ones.

Thus. It must be no intentional errors in the code, to let you see occasional ones.
This is the great lesson worth to remember.

Bu hatalar nelerdir?

  1. Strings in php being delimited by quotes.
    So, if you have a string username, it must be written as "username".
    And $_POST[username] become $_POST["username"].
    (and contrary, variables do not need quotes, so, echo "$msg"; must be echo $msg;)
  2. all variables must be set or checked for existence. so,
    if ((!$_POST[username]) || (!$_POST[password])) {
    must become
    if (!empty($_POST["username"]) OR !empty($_POST["password"])) {

Böyle bir kod ile sadece ara sıra hata görmek ve hemen düzeltmek mümkün olacaktır.

Bazen basit çözüm. Aynı şey bana da oldu. Ben localhost (Loki) koşuyordu. Benim güvenlik duvarı localhost'tan tüm çerez istekleri engelleme olduğunu öğrendim. Ben zaman ZoneAlarm kullanılır ama diğer güvenlik duvarları aynı etkiye sahip olabilir varsayalım. Hala işe yaramazsa görmek için güvenlik duvarını devre dışı bırakmayı deneyin.

Bu gibi php ile çerez ayarlamayı deneyin:

setcookie(<name>,<value>, time()+3600*24);

Bazen, localhost, çerezler kullanılarak belirlenen değil: $_COOKIE[<name>] = <value>

etiketler