Cookies!

Hi all!

I've decided to use cookies for the personal pages of those who login.

I've tried this code from a book and guess what?....it's not working!

Please tell me what's wrong with it:

<?php

if ($_COOKIE[auth] == "ok") {

$msg = "<P>Welcome to secret page A, authorized user!</p>";

} else {

header( "Location: http://localhost/PatientsFront.html");
exit;
}

?>

<HTML>
<HEAD>
<TITLE>Secret Page A</TITLE>
</HEAD>
<BODY>

<? echo "$msg"; ?>

</BODY>
</HTML>


This is where I set the cookie values in the login page:

if ($num != 0) {
$cookie_name ="auth";
$cookie_value ="ok";
$cookie_expire ="0";
$cookie_domain ="localhost";

setcookie($cookie_name,$cookie_value,$cookie_expir
e,"/", $cookie_domain,0);

$display_block ="
<p><strong>Secret Menu:</strong></p>
<ul>
<li><a href=\"secretA.php\">secret page A</a>
<li><a href=\"secretB.php\">secret page B</a>
</ul>";
}.....


I don't know where the problem is...When I click the "secretA.php" link after being authorised it takes me back to the login page again. Are the cookie values not being recorded?

PLEASE help me out

PS. what is the correct notation:
if ($_COOKIE[auth] == "ok")

or is it:
if ($_COOKIE[auth] = "ok") ???

Thanks a lot

Hi Sara!
Hum... normally the cookie values can be only used on the next page. Are you setting the cookie values in the same page that you're trying to check them?!
If this doesn't solves the problem, try modidy this part of your code:

if ($_COOKIE["auth"] == "ok") {
$msg = "<P>Welcome to secret page A, authorized user!</p>";
} else {
header( "Location: http://localhost/PatientsFront.html");
exit;
}

"um... normally the cookie values can be only used on the next page"

not normally, always. you can't check a cookie on the same page you set it. that's why detecting whether or not cookies are enabled is a major pain in the ass.



That would set the cookie and redirect them if it wasn't already set. the big number is setting the cookie duration to 1 month, you can set that however you want.

Additionally, I won't go into another lesson (as i've already done many times) about why you SHOULD NOT use double quotes. Just suffice to say, use single quotes as much as possible. It saves escaping double quotes and it saves parser time. $var = 'this'.$that; is much faster than $var = "this $that"; (something like 4x faster if I'm not mistaken).

can you check if your cookie is actually being set? if it isn't it might be a error in your setcookie() syntax.

That's correct, I benchmarked the two a couple weeks ago, and it was around 3-4x faster.

Hi all!

Ok I tried everything!Single,double quotes...spaces...can't think of anything wrong!!!

Here are the three main pages:

1)The login page:

<HTML>
<HEAD>
<TITLE>Patients Login Page</TITLE>
</HEAD>
<body bgcolor="#FFFFFF">
<p align="center"><font face="Trebuchet MS" color="#000080" size="6"><span style="BACKGROUND-COLOR: #ffffff"><b>e-</b></span><b><span style="background-color: #ffffff">Clinic</span></b></font></p>
<p align="center"><span style="background-color: #ffffff"><font face="Trebuchet MS" color="#000080" size="5">Patients
Login</font></span></p>
<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
<FORM METHOD="POST" ACTION="do_patient.php">
<P align="center"><STRONG><font face="Times New Roman">Patient Username:</font></STRONG><BR>
<INPUT TYPE="text" NAME="username" SIZE=25 MAXLENGTH=25></p>
<P align="center"><font face="Times New Roman"><b>Password:</b></font><BR>
<INPUT TYPE="password" NAME="password" SIZE=25 MAXLENGTH=25></p>
<P align="center"><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login"></P>
</FORM>
</BODY>
</HTML>

2)The php file that does the processing and sets the cookie:

<?php
if ( (!$_POST[username]) || (!$_POST[password]) ) {
echo("You have not completed the form.<br>
<li><a href=\"PatientsFront.html\"> Please try again.</a>");
exit();
}

$db_name = "eclinic";
$table_name = "patient_users";

$connection = @mysql_connect("localhost", "root", "") or die(mysql_error());

$db = @mysql_select_db($db_name, $connection) or die(mysql_error());

$sql = "SELECT * FROM $table_name WHERE p_username = '$_POST[username]' AND password = password('$_POST[password]')";

$result = @mysql_query($sql,$connection) or die(mysql_error());

$num = mysql_num_rows($result);

if ($num != 0) {
$cookie_name ="auth";
$cookie_value ="ok";
$cookie_expire ="0";
$cookie_domain ="localhost";

setcookie($cookie_name, $cookie_value, $cookie_expire, "/", $cookie_domain, 0);

$display_block ="
<p><strong>Secret Menu:</strong></p>
<ul>
<li><a href=\"secretA.php\">secret page A</a>
<li><a href=\"secretB.php\">secret page B</a>
</ul>";
} else {

echo("You are NOT authorized.<br>
<li><a href=\"PatientsFront.html\">Please enter the correct username and password</a>");
exit();
}

?>

<HTML>
<HEAD>
<TITLE>Login Page Response</TITLE>
</HEAD>
<BODY>
<? echo "$display_block"; ?>
</BODY>
</HTML>

3)And finally the actual "secret A" page that I'm supposed to access if I've been authorized:

<?php
if ($_COOKIE["auth"] == "ok") {

$msg = "<P>Welcome to secret page A, authorized user!</p>";

} else {

header( "Location: http://localhost/PatientsFront.html");
exit;
}

?>

<HTML>
<HEAD>
<TITLE>Secret Page A</TITLE>
</HEAD>
<BODY>

<? echo "$msg"; ?>

</BODY>
</HTML>


Please help me out people ....I haven't got much time left..
Sara

Hi Sara!
I've made modifications in your files.
Download the zip file, test it and see if it fit your needs.

Hi all!
Oh ramz thanks so much.It worked just as it should.
Now I just got to modify it to my needs. Might take a while though cuz I got courseworks and other stuff to do but if I getany problems I'll just post them here.

Thanx sooooo much.
Sara

Hi all!

I can't figure out how to display the details of the people who login when they go to their pages. I want to show their details on their personal page.
But I don't know how to do that. I can only manage to show their login name.Their details are in another table in the same database.
How do I use the login name to extract their details from another table?

Thanx a lot!
Sara

Hi Sara!

If you post the name of the tables and their fields, it would be easier to fix this problem, but here's a tip of what you might be looking for.

$sql = "SELECT table1.field1, table1.field2, table2.field1 FROM table1, table2 WHERE table1.field1 = table2.field1 AND table1.username = '$username'";

Hi all!
Ok, this is the basic structure.

Table 1:
Field 1: doctor_username
Field 2: doctor_password

Table 2:
Field 1: doctor_username
Field 2: doctor_firstName
Field 3: doctor_lastName
Field 4: doctor_email
Field 5: doctor_phone

I can display the ‘doctor_username’ after checking that they’re logged in from Table 1. How do I use the same ‘doctor_username’ to get their details from Table 2?

Thanks a lot!
Sara

Hi Sara!
This is what you're looking for:

$sql = "SELECT Table2.doctor_firstName, Table2.doctor_lastName, Table2.doctor_email, Table2.doctor_phone FROM Table1, Table2 WHERE Table1.doctor_username = Table2.doctor_username ORDER BY Table2.doctor_firstName";

Hi all!
I'm having problems in displaying the patients details.

This is the part where I'm getting errors:

$login_name = "$_POST[p_username]";



$sql2 = "SELECT firstName FROM patient_details WHERE p_username = $login_name";

$firstName = mysql_query($sql2) or die(mysql_error());

$sql3 = "SELECT lastName FROM patient_details WHERE p_username = $login_name";

$lastName = mysql_query($sql3) or die(mysql_error());

$sql4 = "SELECT email FROM patient_details WHERE p_username = $login_name";

$email = mysql_query($sql4) or die(mysql_error());

$sql5 = "SELECT phone FROM patient_details WHERE p_username = $login_name";

$phone = mysql_query($sql5) or die(mysql_error());


$display_block = "<p><strong>Hello login_name</strong></p>";

$display_block .= "<p><strong>Hello $firstName $lastName</strong></p>";

$display_block .= "<p><strong>Your email is $email</strong></p>";

$display_block .= "<p><strong>Your phone number is $phone</strong></p>";


I can show the $login_name but I'm having trouble with the other details.Please tell me how to fix it.
Thanx a lot
Sara

$login_name = $_POST["p_username"];

$sql2 = "SELECT firstName, lastName, email, phone FROM patient_details WHERE p_username = '$login_name'";

$query = mysql_query($sql2) or die(mysql_error());
if(mysql_num_rows($query) > 0) {
while($result = mysql_fetch_array($query)) {
$display_block = "<p><strong>Hello $login_name</strong></p>";
$display_block .= "<p><strong>Hello " . $result['firstName'] . " " . $result['lastName'] . "</strong></p>";
$display_block .= "<p><strong>Your email is " . $result['email'] . "</strong></p>";
$display_block .= "<p><strong>Your phone number is " . $result['phone'] . "</strong></p>";
}
}

Hi All!Hi Ramz! U saved me again! Hehe
It worked just right.....NOW I can start on the appointments.
Gonna work on that as soon as possible. Thanx a lot everyone, especially u Ramz.

Sara