Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

trouble setting cookie and redirecting

Status
Not open for further replies.
jonlake

jonlake

MIS
Sep 17, 2003
76
US
I wrote a simple script to make sure a user is authorized to access a webpage (roster of area youth soccer leauge) then if they are authorized it will show the roster. Here is my script with some stuff edited out. There is only one username and password that everyone will use.

<?php
$USER=$_POST[user];
$PASSWORD=$_POST[password];
#Make sure username or password aren't blank or incorrect
if ((!$USER) || (!$PASSWORD)) {
echo "Please return the the <a href=\" login page</a>. Username and/or password were blank.";
exit;
} else if (($USER != "******") || ($PASSWORD != "******")) {
echo "Please return to the <a href=\" page</a>. Username and/or password were incorrect.";
exit;
}
#If username and password are correct, setcookie for auth #into roster.php
#and redirect to roster.php

*Here is where the problem is. If i use setcookie() and header() it won't set the cookie. But it will redirect to the roster page. The roster page has a script that says if cookie auth == "***" echo a bunch of html else show that the user is not authorized and a link back to login.html
If I do setcookie(), comment out the header(), and uncomment the echo it will set the cookie then they can click the link. It works but I would like to make it automated. I'm fairly new to php and new to programming(this is my first script used for something besides practice). *

setcookie("auth", "**", time()+3600, "/", "*****.***", 0);
Header("Location: #echo "
#<html>
#<body>
#<h1>Authorized</h1>
#Click <a href \" to continue to the roster
#</body>
#</html>";
?>

If anyone could give any suggestions i would appreciate it.

Thanks,
Jon
 
Sort by date Sort by votes
Also I fixed the link to /roster.php in the 4th line from the bottom.
 
Upvote 0 Downvote
Instead of using cookies you might want to look into session variables. The session will take care of setting the session cookie and the values will reside server side.
Code: 
<?
# start session
session_start();
#Make sure username or password aren't blank or incorrect
if ((!$_POST['user'] || (!$_POST['password'])) {
echo "Please return the the <a href=\"[URL unfurl="true"]http://www.*******.***/gsl/login.html\">[/URL] login page</a>. Username and/or password were blank.";
exit;
} else if (($_POST['user'] != "******") || ($_POST['password'] != "******")) {
echo "Please return to the <a href=\"[URL unfurl="true"]http://www.******.***/gsl/login.html\">login[/URL] page</a>. Username and/or password were incorrect.";
exit;
}
# set the session var
$_SESSION['authorized'] = true;
Header("Location: [URL unfurl="true"]http://www.******.***/gsl/roster.php");[/URL]
exit;
?>
#### in the roster script:
<?
session_start();
# check for authorization
if(!$_SESSION['authorized']){
   # redirect to login
    header("Location: [URL unfurl="true"]http://www.*****/gsl/login.php");[/URL]
    exit;
}
# roster display below.
 
Upvote 0 Downvote
Sessions may not work, either.

jonlake, with what web server are you running PHP? If it is IIS, you cannot use cookies and a "Location" HTTP header in the same communication.

When you use the "Location" HTTP header, the return status of the page request is set to 302. IIS does not send cookies on a communication with a return status of 302. This is a deliberate design decision on the part of Microsoft, based on a unique interpretation of the HTTP spec.

Unfortunately, PHP's session system, unless you send the session ID through the URL, must also use cookies.

The workaround is to use a client-side redirection, either client-side scripting or a META tag.


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
sleipnir214
Thank you for mentioning this. Maybe you could write an FAQ for this as it seems a fairly important point for IIS/PHP users.

jonlake
If you are using an Apache server the session solution would work. However, you could also use baisc authentication with an .htaccess file after generating a user and password. SInce you are just using one username and password that should also work.
I don't know how basic authentication is implemented with IIS, but there should be an analogous method for basic authentication.
 
Upvote 0 Downvote
Ok, thank you all for your help. The server is iis, so I think for now I will leave it how it is, clicking the link to the page.

Thanks,

Jon
 
Upvote 0 Downvote
You could put the files you want protecting in a subdirectory and password protect the directory the files are in to force them to enter a valid logon and password that way?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

c0deM0nK424
  • Locked
  • Question
Gutenberg Block Editor - page edits and updates not working since wp site migration
Replies
1
Views
852
spamjim
spamjim
lexer
  • Locked
  • Question
Fetching Data from Mysql and filling Inputs in a Form
Replies
0
Views
261
lexer
lexer
Gerrit Broekhuis
  • Locked
  • Question
PHP form with captcha and file upload
Replies
4
Views
430
Gerrit Broekhuis
Gerrit Broekhuis
PeDa
  • Locked
  • Question
PHP and CSS media queries 1
Replies
2
Views
641
PeDa
PeDa
PeDa
  • Locked
  • Question
mdash incorrectly rendering on Android phone (but not on PC) <- well not actually!
Replies
5
Views
783
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top