Asked  7 Months ago    Answers:  3   Viewed   38 times

I've made a login, that sets a cookie with a value of the imputed email address, so in the global.php file, it stores an array of the users data using:

$email = $_COOKIE["PeopleHub"];
$getuserdata = mysqli_query($con, "SELECT * FROM Earth WHERE email='$email'");
$userdata = mysqli_fetch_array($getuserdata, MYSQLI_ASSOC);

The cookie isn't being set, I know this because I made a test file:

echo $_COOKIE["PeopleHub"];

It just made a blank page.

The login code (where the cookie is set):

<?php 
include "global.php";    
?>
<h2>Login</h2>
<?php 
    echo "We currently have <b>" . $usercount . "</b> members, <b>" . $onlinecount . "</b> of which are online. "; 
?>
<br>
<br>
<?php 
    if(isset($_POST["email"])){ 
        $email = $_POST["email"];
        $password = sha1($_POST["password"]);
        $check = mysqli_query($con, "SELECT * FROM Earth WHERE `email`='$email' AND `password`='$password'");
        $check = mysqli_num_rows($check);
        if($check == 1){
        setcookie("PeopleHub", $email, 0, '/');
        echo "We logged you in!";
        }
        else { 
            echo "We couldn't log you in!";
        }
    }
?>
<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
    Email <input name="email" placeholder="Email Address" required="" type="text"><br>
    Password <input name="password" placeholder="Password" required="" type="password"><br>
    <input type="reset" value="Start Over">
    <input type="submit" value="Login">
</form>

 Answers

89

You have to set cookies before any headers are sent out.

From the manual:

setcookie() defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including and tags as well as any whitespace.

This means you will need to look into output buffering if you wish to use this code as is.

<?php

ob_start();
echo "Hellon";

setcookie("cookiename", "cookiedata");

ob_end_flush();

?>

Depending on the contents of global.php, this might work for you. All I did was remove any output before setcookie() is called. If global.php contains any whitespace or HTML output in it this won't work:

<?php 
include "global.php";    

    if(isset($_POST["email"])){ 
        $email = $_POST["email"];
        $password = sha1($_POST["password"]);
        $check = mysqli_query($con, "SELECT * FROM Earth WHERE `email`='$email' AND `password`='$password'");
        $check = mysqli_num_rows($check);
        if($check == 1){
        setcookie("PeopleHub", $email, 0, '/');
        echo "We logged you in!";
        }
        else { 
            echo "We couldn't log you in!";
        }
    }
?>
<h2>Login</h2>
<?php 
    echo "We currently have <b>" . $usercount . "</b> members, <b>" . $onlinecount . "</b> of which are online. "; 
?>
<br>
<br>
<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
    Email <input name="email" placeholder="Email Address" required="" type="text"><br>
    Password <input name="password" placeholder="Password" required="" type="password"><br>
    <input type="reset" value="Start Over">
    <input type="submit" value="Login">
</form>
Wednesday, March 31, 2021
 
PedroKTFC
answered 7 Months ago
98

PHP superglobals are populated at script start-up time, and then are NOT modified or touched by PHP again for the life of the script. That means $_COOKIE represents the cookies that were sent to the server in the http request that fired up the script. It will NOT show any cookies you've added/changed/deleted during the life of the script. Those changes will only show up on the NEXT request.

The only exception to this is $_SESSION, which is populated when you call session_start().

If you need those values to be in $_COOKIE immediately, you'll have to add them manually, e.g.

setcookie('cookie', $value, ....);
$_COOKIE['cookie'] = $value;
Friday, June 25, 2021
 
Stefan
answered 4 Months ago
97

If you don't add a $path value to setcookie(), it defaults to "the current directory". This means that if you set the cookie from /web/DEV/Classes/SetCookie.php, the cookie gets set to /web/DEV/Classes/, and anything above that path won't see that cookie.

To fix this, add a specific $path to setcookie. If your app runs on the domain root (example.com), use '/'. If it's in a subfolder (example.com/myapp/), use '/myapp/'

setcookie("TestCookie", $var, time()+60*60*24*30, '/');
Thursday, August 5, 2021
 
user336786
answered 3 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :