I don't know what's going on with my cookies, I basically have a system that generates a random code, stores it in a cookie and also in a database. When the user logs back in, along with username/password authentication, this cookie has to match the database too in order to pass through the login phase (it's basically a system to authorise certain machines to access).
The problem is: Basically, I have set up a method to check the cookie data before I log in, it's just a page that prints the cookie data that I can access without logging in. This is located in '/includes/check_cookies.php'. I also have the main login script, that is meant to read the cookie data before anything and see if the 'auth_code' matches the database entry, if it does, allow access providing the username and password is correct etc etc, if it doesn't, it will generate a new 'auth_code' and store it in a table and the cookie. This is based on whether the user is an admin or a standard user, admin's can auth themselves there and then, standard users can't. Say i log in for the first time right now, I'm an admin, so can authorise myself, and it works a treat, i can logout and back in without a hitch. BUT, if i then went home tonight and came back tomorrow morning, attempted to log in, I would be told that my computer isn't authorised again, even though, when checked, the cookie entry matches the database within my check_cookies file, but a new one is generated in the login script? I'm seriously baffled.
But anyway, here's the relevant code (I will use the admin code):
$auth_code = $_COOKIE['auth_code'];
echo $auth_code . "<br>";
// Check Cookie Auth Code Vs Database Auth Code
$auth_query = "SELECT * FROM authorised_computers WHERE auth_code = '".$auth_code."';";
$auth_result = mysqli_query($link,$auth_query);
if($auth_result->num_rows == 0) {
$auth = 0;
} else {
$auth = 1;
}
if($auth == 1) {
setcookie('admin',$admin,$cookie_expire,'/');
setcookie('login_time',$date,$cookie_expire,'/');
$_SESSION['logged_in'] = "true";
header('Location: ../logs.php');
} elseif($auth == 0) {
setcookie('auth_code',$no_generator,$cookie_expire,'/');
setcookie('admin',$admin,$cookie_expire,'/');
setcookie('login_time',$date,$cookie_expire,'/');
$_SESSION['logged_in'] = "false";
header('Location: admin_auth.php');
}
Basically the code is setting $auth to '0' and following that route.
Below is the cookie data from the login script:
Array
(
[auth_code] => 13367320 // Does not match database
[admin] => 1
[acc_id] => 1
[user_id] => 10001
[login_time] => 2015/07/29 10:25:20
)
And cookie data from before the login attempt:
Array
(
[auth_code] => 342221-32 // Matches the Database
[admin] => 1
[acc_id] => 1
[user_id] => 10001
[login_time] => 2015/07/29 10:25:35
)
Basically, the new auth code shouldn't have been generated as the cookie data already matched the Database, so should have just gone straight through.
I have a feeling that it may be an issue with the cookies expiring, but i have set the cookies to: $cookie_expire = time() + (21*365*24*60*60); so they shouldn't be. I might be missing something blatant, but then again, my understanding of Cookies isn't the greatest. Any help would be much appreciated!
";` <- that's gonna break it – CD001 Jul 29 '15 at 10:09