1

So let's say my domain is named example. And I have created a subdomain named sub where everything is stored. I have a login system, and the login system stores cookies for values: team, lastLogin and auth. After I login, I check the cookies and all the cookies are set correctly. Now, I have a code that looks like this:

<?php

setlocale(LC_TIME, array('no_NB .UTF-8','no_NB@euro','no_NB','norwegian'));
include "db_connect.php"; // Using database connection file here
date_default_timezone_set('Europe/Oslo');


if (isset($_COOKIE["auth"])) {
    $stmt = $link -> prepare('SELECT ident FROM users WHERE auth = ?');
    $stmt -> bind_param('s', $_COOKIE["auth"]); 
    $stmt -> execute();
    $stmt -> store_result();
    $stmt -> bind_result($myIdent);
    if($stmt->num_rows == 0) {
        logout();
    }
    $stmt -> fetch();
    $stmt -> close();
    
    $auth = $_COOKIE["auth"];
    
    if (isset($_COOKIE["team"])) {
        $myTeam = $_COOKIE["team"];
    }
    
    if (isset($_COOKIE["lastLogin"])) {
        $lastLogin = $_COOKIE["lastLogin"];
    }
    
} else {
    logout();
}

function logout() {
    
    $past = time() - 3600;
    foreach ( $_COOKIE as $key => $value )
    {
        setcookie( $key, $value, $past, '/' );
    }
    
    header("Location: login.php");
    exit;
}

if (isset($_GET['selectedTeam'])) {
    $selectedTeam = $_GET["selectedTeam"];
} else {
    $selectedTeam = $myTeam;
}
?>

<!DOCTYPE html>
<html>
<head>
    <title>Home</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel='stylesheet' href='https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css'>
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
    <script src="https://kit.fontawesome.com/f10f36656a.js" crossorigin="anonymous"></script>
</head>

<body>
    <center>
        <div class="selectedTeam" style="color:black;margin: 5px;">
            <form action="#" method="POST">
                <label for="teams">Velg Team:</label>
                <select name="teams" id="teams" onchange="selectedTeam()" style="background:none;border:none;font-weight: bold;font-size:12px;">
                    <option value="both">Alle Teams</option>
                    <option value="2">Team 2</option>
                    <option value="3">Team 3</option>
                </select>
            </form>
        </div>
    </center>
</body>

<script>
var my_var = <?php echo json_encode($selectedTeam); ?>;
document.getElementById('teams').value = my_var;

function selectedTeam() {
    window.location.href = "https://sub.example.com/index.php?selectedTeam=" + document.getElementById('teams').value;
}
</script>

So when I am logged in, I am team 2, and have value 2 in team cookie. But when changing the dropdown select to team 3, it reloads the page and gets me automatically logged out. Why is that? What am I doing wrong?

Camilla
  • 49
  • 4
  • What's in the `auth` cookie? – Barmar Apr 16 '21 at 22:50
  • Add some `echo` statements to the script so you can see which condition is causing you to be logged out. – Barmar Apr 16 '21 at 22:52
  • If you insert `console.log(document.getElementById('teams').value);` as the first line of the `selectedTeam()` function, what comes up in your console after you change the dropdown select to team 3? – Rounin Apr 16 '21 at 22:54
  • @Barmar It is a authentication key that the user get when he has logged in. It changed everytime he logges in. – Camilla Apr 16 '21 at 22:55
  • But what actual value is in it? Is the `'SELECT ident FROM users WHERE auth = ?'` query succeeding? – Barmar Apr 16 '21 at 22:56
  • And why don't you ever use `$myIdent`? – Barmar Apr 16 '21 at 22:57
  • 1
    @Rounin If I do that the console displays number 3 if I select that, and after a millisecond if redirects to loginscreen and console is blank. – Camilla Apr 16 '21 at 22:59
  • @Mouri The form doesn't submit, she's doing everything in the `selectedTeam()` function. – Barmar Apr 16 '21 at 23:00
  • And what happens if you simply point your browser manually at: `https://sub.example.com/index.php?selectedTeam=3` instead of the function sending you to that web address? Are you logged out then? – Rounin Apr 16 '21 at 23:00
  • Maybe add `var_dump($_COOKIE);` to see all the cookie settings that the script sees. – Barmar Apr 16 '21 at 23:01
  • i think your cookie is being expired. check with $past = time() + 86400 – Mouri Apr 16 '21 at 23:09
  • I have auto redirect from domain.com to https://sub.domain.com/ in cPanel. Not sure if that is the issue. But now it just happens sometimes. This makes no sense to me. – Camilla Apr 16 '21 at 23:16
  • Next time please provide a *MINIMAL* verifiable example. There are only 3 lines of code in the above that are relevant to your problem.... `if (isset($_COOKIE["auth"])) { } else { logout(); }` – symcbean Apr 17 '21 at 00:29

0 Answers0