0
<?php
$utype = $_POST['type'];
$username=$_POST['username'];
$pre = $_POST['pre'];
$fname = $_POST['fname'];
$fname = ucwords($fname);
$lname = $_POST['lname'];
$lname = ucwords($lname);
$address = $_POST['address'];
$city = $_POST['city'];
$city = ucwords($city);
$province=$_POST['province'];
$pcode = $_POST['pcode'];
$pcode = mb_strtoupper($pcode);
$area_code = $_POST['area_code'];
$number1= $_POST['number1'];
$number2= $_POST['number2'];
$phnum = "(".$area_code.")".$number1."-".$number2;
$email = $_POST['nemail'];
$opass=$_POST['pass1'];
$pass = md5($_POST['pass1']);
$time=date("F j, Y");
$status="Not Activated";
                                                   if($email=="" || $username=="" || $fname=="" || $lname=="" || $address=="" or $pass==""){                                                   die("<script language='JavaScript'>
                                                                    window.alert('Not Enough Data Provided!')</script>
                                                                    <meta http-equiv='REFRESH' content='0; r    egister.php'>");;
                                                            }
include 'db_connect.php';
$sql = "select * from estatedeal_login where username = '".strtolower($username)."' OR     email = '".strtolower($email)."'";

            $result=mysql_query($sql);
        $row=mysql_fetch_array($result);
            if($row){
                                                        die("<script language='JavaScript'>
                                                            window.alert('Username/E-mail address already Exists!')</script>
                                                            <meta http-equiv='REFRESH' content='0; register.php'>");;
            }


$sql="INSERT INTO estatedeal_login (username, email, password, utype, opass, time, status)
                VALUES ('$username', '$email', '$pass', '$utype', '$opass', '$time', '$status')";

$result=mysql_query($sql);
                if($result){
                        $sql2="Select uid from estatedeal_login where email='$email' AND password='$pass'";
                        $result2=mysql_query($sql2);
                        $row=mysql_fetch_array($result2);
                        $uid=$row["uid"];   



                        $sql3="INSERT INTO estate_userinfo(uid, pre, fname, lname, address, city, province, pcode, phnum, email) VALUES ('$uid', '$pre', '$fname', '$lname', '$address', '$city', '$province', '$pcode', '$phnum', '$email')";
                        $result3=mysql_query($sql3) or die("<script language='JavaScript'>
                                                            window.alert('Sorry, Database Error!')</script>
                                                            <meta http-equiv='REFRESH' content='0; register.php'>");;
                        if ($result3){

                                        $hour = time() + 3600*2; 
                                        setcookie('USERNAME_COOKIE', $email, $hour);
                                        setcookie('PASSWORD_COOKIE', $pass, $hour);
                                        if($utype=="Realtor"){ die("<meta http-equiv='REFRESH' content='0; regRealtor.php'>");; }
                                    echo "<script language='JavaScript'>
                                    window.location ='main.php';</script>";
                                    }
    }
    else{
        die(mysql_error());
    }
?>

Above is my code. It inserts the datafields correctly in mysql but does not setting the cookies on the client side. If I try login using the information i have inserted in the database, The same code for setting up cookies works fine on the login page. Is there any more options to set the cookies.?

    $hour = time() + 3600*2; 
 setcookie('USERNAME_COOKIE', $email, $hour);
 setcookie('PASSWORD_COOKIE', $pass, $hour);
Raj_4Ever
  • 25
  • 1
  • 3

4 Answers4

0

I stronly recommend you to learn about $_SESSION and how to clean variables that you read from $_POST or $_GET before inserting anything in the database;

http://php.net/manual/en/function.mysql-real-escape-string.php Also take into account the warnings that you see on the page that I sent you.

SAnDAnGE
  • 438
  • 2
  • 6
0

Not a direct answer to your question, but possibly useful:

In stead of cookies, you could use SESSION, take a look at this question: Cookie VS Session.

You might also like to take a look at UserCake which implements user management using SESSION. The following is a snipet from UserCake (login.php):

      //Passwords match! we're good to go'

      //Construct a new logged in user object
      //Transfer some db data to the session object
      $loggedInUser = new loggedInUser();
      $loggedInUser->email = $userdetails["email"];
      $loggedInUser->user_id = $userdetails["id"];
      $loggedInUser->hash_pw = $userdetails["password"];
      $loggedInUser->title = $userdetails["title"];
      $loggedInUser->displayname = $userdetails["display_name"];
      $loggedInUser->username = $userdetails["user_name"];

      //Update last sign in
      $loggedInUser->updateLastSignIn();
      $_SESSION["userCakeUser"] = $loggedInUser;

To me at least, this feels so much cleaner then calling setcookie('USERNAME_COOKIE', $email, $hour);.

Community
  • 1
  • 1
ilent2
  • 5,171
  • 3
  • 21
  • 30
0

1 Try putting ob_start()

<?php
ob_start()

2 try putting path argument

setcookie('USERNAME_COOKIE', $email, $hour,'/');
setcookie('PASSWORD_COOKIE', $pass, $hour,'/');
albertdiones
  • 735
  • 5
  • 10
0

Use session instead of cookie. Sessions are more secured than cookies & stored on servers.

Use session_start(); at the start of PHP file & then store anything inside session like this

$_SESSION['email'] = $email;

& take values stored in session by session_start() function at start of file

$email = $_SESSION['email'];

Sessions are more secured as they are stored on server not browser.

Kailash Ahirwar
  • 771
  • 3
  • 14