设置cookie,无法在不同的php文件中读取它们

时间:2017-07-17 05:47:42

标签: php cookies

我有一个小应用程序,现在是时候在所有内容之上加入登录游戏了。刚刚起步并在现实世界中运行(:P)

这是登录页面上的代码(login.php):

<!DOCTYPE html>
<html>
<head>
    <title>
        Login
    </title>
    <meta charset="UTF-8">
    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body>
<?php include_once("analyticstracking.php") ?>
    <form action="login.php" method="POST">



    <?php
            if (isset($_POST['user']) && isset($_POST['password']))
            {
                if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response']))
                {
                    $secret = '';
                    $verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response']);
                    $responseData = json_decode($verifyResponse);

                    if($responseData->success)
                    {                   
                        $user = $_POST['user'];
                        $password = $_POST['password'];

                        $salt = "d5f332312e3e390c81f6ef9f242c21bf9e472d6296ddd4bebddd0f54eb576f14";


                        $hpassword = hash('sha256', $salt . $password);

                        $_COOKIE['user'] = $user;
                        $_COOKIE['pass'] = $hpassword;

                        $auth = 1;
                        $_COOKIE['authorized'] = $auth;



                        setrawcookie("user", $user, time() + 28800, "/",'domaindig.eu');
                        setrawcookie("hpass", $hpassword, time() + 28800, "/",'domaindig.eu');
                        setrawcookie("authorized", $auth, time() + 28800, "/",'domaindig.eu');

                        print_r($_COOKIE);

                        header( 'Location: check.php');
                    }
                }
            }
    ?>

    username: <input name="user" type="user"><br>
    password: <input name="password" type="password"><br>
    <div class="g-recaptcha" data-sitekey=""></div>
    <input type="submit" value="Submit" /><br><br>
    </form>
</body>
</html>

正如您所看到的,我使用google recaptcha命令以防止强力登录。从那时起(当我插入repcatcha时),我的$ _SESSION变量都没有再次工作。所以,我决定使用cookies(新的体验,因为总是使用会话)。

到目前为止,非常好。

当我完成这个php页面的编码时,我继续完成php文件,check.php。在这个文件中,我检查凭据,如果一切都检查出来,我重定向到主页面和菜单(没有任何图表是的,只有纯PHP)。

我的问题是:

在第二个文件中,我看不到任何Cookie。我用print_r($ _ COOKIE);我只看到来自recaptcha的饼干。在登录页面上,我看到我试图设置的3个cookie,但在其他文件上,似乎我无法读取它们。我检查了多个浏览器和多台计算机,但运气相同。我已经验证,浏览器可以接受cookie,但似乎我犯了一个错误。

如果我的描述有些模糊,请告诉我,我会澄清。

这是我的check.php代码(使用cookie检查凭据):

<!DOCTYPE html>
<html>
<head>
    <title>
        check
    </title>
    <meta charset="UTF-8">
</head>
<body>
<?php include_once("analyticstracking.php") ?>
    <form action="check.php" method="POST">

        <?php
        if ($_COOKIE['authorized'] == 1)
        {
            if (isset($_COOKIE['user']) || isset($_COOKIE['hpass']))
            {
                require('ConnectToDB.php');

                $username = $_COOKIE['user'];
                $password = $_COOKIE['hpass'];

                $result="SELECT `password` FROM `users` WHERE username = '$username'";
                $tbl=mysqli_query ($conn, $result);

                $table = $tbl->fetch_assoc();
                $pass = $table['password'];

                if ($pass)
                {
                    if ($password == $pass)
                    {
                        $ip = $_SERVER['REMOTE_ADDR'];  
                        $date = date("Y-m-d H:i:s");

                        $result = "INSERT INTO `logins` ( `username`, `date`, `ip`) VALUES ('$username', '$date', '$ip')";
                        $tbl = mysqli_query($conn, $result);
                        $_COOKIE['authorized'] = 1;
                        echo "Login successfull! Redirecting.";


                        require 'ConnectToDB.php';

                        $alphanumeric[0] = "0";
                        $alphanumeric[1] = "1";
                        $alphanumeric[2] = "2";
                        $alphanumeric[3] = "3";
                        $alphanumeric[4] = "4";
                        $alphanumeric[5] = "5";
                        $alphanumeric[6] = "6";
                        $alphanumeric[7] = "7";
                        $alphanumeric[8] = "8";
                        $alphanumeric[9] = "9";
                        $alphanumeric[10] = "a";
                        $alphanumeric[11] = "b";
                        $alphanumeric[12] = "c";
                        $alphanumeric[13] = "d";
                        $alphanumeric[14] = "e";
                        $alphanumeric[15] = "f";
                        $alphanumeric[16] = "g";
                        $alphanumeric[16] = "h";
                        $alphanumeric[17] = "i";
                        $alphanumeric[18] = "j";
                        $alphanumeric[19] = "k";
                        $alphanumeric[20] = "l";
                        $alphanumeric[21] = "m";
                        $alphanumeric[22] = "n";
                        $alphanumeric[23] = "o";
                        $alphanumeric[24] = "p";
                        $alphanumeric[25] = "q";
                        $alphanumeric[26] = "r";
                        $alphanumeric[27] = "s";
                        $alphanumeric[28] = "t";
                        $alphanumeric[29] = "u";
                        $alphanumeric[30] = "v";
                        $alphanumeric[31] = "w";
                        $alphanumeric[32] = "x";
                        $alphanumeric[33] = "y";
                        $alphanumeric[34] = "z";
                        $alphanumeric[35] = "A";
                        $alphanumeric[36] = "B";
                        $alphanumeric[37] = "C";
                        $alphanumeric[38] = "D";
                        $alphanumeric[39] = "E";
                        $alphanumeric[40] = "F";
                        $alphanumeric[41] = "G";
                        $alphanumeric[42] = "H";
                        $alphanumeric[43] = "I";
                        $alphanumeric[44] = "J";
                        $alphanumeric[45] = "K";
                        $alphanumeric[46] = "L";
                        $alphanumeric[47] = "M";
                        $alphanumeric[48] = "N";
                        $alphanumeric[49] = "O";
                        $alphanumeric[50] = "P";
                        $alphanumeric[51] = "Q";
                        $alphanumeric[52] = "R";
                        $alphanumeric[53] = "S";
                        $alphanumeric[54] = "T";
                        $alphanumeric[55] = "U";
                        $alphanumeric[56] = "V";
                        $alphanumeric[57] = "W";
                        $alphanumeric[58] = "X";
                        $alphanumeric[59] = "Y";
                        $alphanumeric[60] = "Z";

                        global $session;
                        $session = "";

                        for ($i=0;$i<20;$i++)
                        {
                            $rnd = rand(0, 60);
                            $session .= $alphanumeric[$rnd];
                        }


                        $date = date("Y-m-d");
                        $ip = $_SERVER['REMOTE_ADDR']; 

                        $result = "INSERT INTO `sessions` ( `user`, `date`, `session_id`, `ip`, `login`) VALUES ('$username', '$date', '$session', '$ip', '1')";
                        $tbl = mysqli_query($conn, $result);                            

                        echo "All done";
                        echo '<script> window.location = "https://domaindig.eu/index.php" </script>';
                    }
                    else
                    {
                        echo "User found but password provided was wrong. Try again!";
                    //  echo '<script> window.location = "https://domaindig.eu/login.php" </script>';
                    }
                }
                else
                {
                    echo "Failure. Couldn't fetch password!!! Try again.";
                    //echo '<script> window.location = "https://domaindig.eu/login.php" </script>';
                }
            }
            else
            {
                echo "Something went wrong. Try login again!";
                //echo '<script> window.location = "https://domaindig.eu/login.php" </script>';
            }
        }
        else
        {
            echo "Unauthorized access!!";
            //echo '<script> window.location = "https://domaindig.eu/login.php" </script>';
        }

        ?>
    </form>
</body>
</html>

以下是我在登录页面上显示我的Cookie的图片:

enter image description here

我提前感谢大家。

2 个答案:

答案 0 :(得分:0)

首先,您需要确保两个PHP文件位于同一主机中。 Beacuse cookie只能在同一主机上,而不是ip。

例如: 您将login.php放入您的网站,用户用户使用此地址登录:

  

本地主机/登录

然后,用户可以访问此地址以获取他的cookie:

  

本地主机/ analyticstracking

答案 1 :(得分:-1)

尝试设置Cookie目录:

setcookie('name', 'value', time()+86400, '/');