News:

Happy New Year! Yes, the current one, not a previous one; this is a new post, we swear!

Main Menu

[PHP] Cookies..

Started by Joe, June 07, 2006, 04:25:52 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Joe

Here's my three-hour's worth of work on cookies. I never really figured out how to delete a cookie so ?logout won't work. You have to redirect yourself to ?info manually, and for some reason the cookie explode function won't work. Anyhow, here it is (test).
Quote from: Camel on June 09, 2009, 04:12:23 PMI'd personally do as Joe suggests

Quote from: AntiVirus on October 19, 2010, 02:36:52 PM
You might be right about that, Joe.


Warrior

You use set_cookie(blah, "", time);
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

iago

Quote from: Warriorx86] link=topic=6119.msg72804#msg72804 date=1149678173]
You use set_cookie(blah, "", time);
Isn't that what he's doing?


rabbit

No, he does nothing:        case "logout":        // logging out, duh
            break;


Secondly, md5 blows.  Change them to SHA1.
You should also call error_reporting(E_ALL) and do an isset() check on your get variables.  You should also set a cookie expiration date.  Setting cookies good until the browser closes is a stupid thing to do, and can be replaced by the $_SESSION superglobal (that's what it was made for).

Nextly, you should return all of your strings, and never print from functions, unless you're doing OOP (which you're not).

Furthermore, hange the password box to a password type.  Also, "Translate"?  WTF?

You have a problem:
QuoteCookie: a722c63db8ec8625af6cf71cb8c2d939 test1
Logged in as test1
Account doesn't exist.
I can't be logged in with a non-existant account.  It doesn't make sense.  You could be tracing these problems out with error_reporting(E_ALL);

iago

You're being overly picky for no reason. 

Quote from: rabbit on June 07, 2006, 08:21:44 AM
No, he does nothing:        case "logout":        // logging out, duh
            break;

I thought he meant in general, I didn't realize he was talking about the logging out.

Quote from: rabbit on June 07, 2006, 08:21:44 AM
Secondly, md5 blows.  Change them to SHA1.
In this context, md5 vs sha1 makes absolutely no difference.

Quote from: rabbit on June 07, 2006, 08:21:44 AM
You should also call error_reporting(E_ALL) and do an isset() check on your get variables.
Useful advice for developing, in general, but he's releasing the software so setting it to E_ALL would be annoying for others.

Quote from: rabbit on June 07, 2006, 08:21:44 AM
  You should also set a cookie expiration date.  Setting cookies good until the browser closes is a stupid thing to do, and can be replaced by the $_SESSION superglobal (that's what it was made for).
That's true, but then this wouldn't be a demonstration of cookies, would it?  There's nothing wrong with a login cookie expiring at close, even if session is better.  It's definitly not "stupid". 

Quote from: rabbit on June 07, 2006, 08:21:44 AM
Nextly, you should return all of your strings, and never print from functions, unless you're doing OOP (which you're not).
Both ways are fine. 

Quote from: rabbit on June 07, 2006, 08:21:44 AM
Furthermore, hange the password box to a password type.
Again: demonstration. 

Quote from: rabbit on June 07, 2006, 08:21:44 AM
You have a problem:
QuoteCookie: a722c63db8ec8625af6cf71cb8c2d939 test1
Logged in as test1
Account doesn't exist.
I can't be logged in with a non-existant account.  It doesn't make sense.  You could be tracing these problems out with error_reporting(E_ALL);
You don't have to be an asshole when you report a bug. 

Joe

As for E_ALL, I was expecting the programmer who implements a changed version of this to add their own error checking, etc. Also, printing from functions was just the quick-and-sloppy approach I took to this, trying to get the concept to work even if it required breaking coding style (which can always be fixed later).

Also, you can very well be logged in from a nonexistant account. Hack your cookies file and put in "ffffffffffffffffffffffffffffffff acct_that_doesnt_exist".
Quote from: Camel on June 09, 2009, 04:12:23 PMI'd personally do as Joe suggests

Quote from: AntiVirus on October 19, 2010, 02:36:52 PM
You might be right about that, Joe.


Warrior

You're mutilating PHP..stop it.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

rabbit

Quote from: iago on June 07, 2006, 09:48:43 AM
You're being overly picky for no reason. 
I'm criticizing his code and trying to help him learn how to better implement his ideas in PHP.  I'm not trying to be mean or anything.

Quote from: iago on June 07, 2006, 09:48:43 AM
Quote from: rabbit on June 07, 2006, 08:21:44 AM
Secondly, md5 blows.  Change them to SHA1.
In this context, md5 vs sha1 makes absolutely no difference.
md5 is infitely easier to collide than sha1, and if someone hijacked an admin cookie, they could easily log in as the superuser.

Quote from: iago on June 07, 2006, 09:48:43 AM
Quote from: rabbit on June 07, 2006, 08:21:44 AM
You should also call error_reporting(E_ALL) and do an isset() check on your get variables.
Useful advice for developing, in general, but he's releasing the software so setting it to E_ALL would be annoying for others.
I keep E_ALL on on all of my projects, and trap the errors, though it is just personal preference.

Quote from: iago on June 07, 2006, 09:48:43 AM
Quote from: rabbit on June 07, 2006, 08:21:44 AM
  You should also set a cookie expiration date.  Setting cookies good until the browser closes is a stupid thing to do, and can be replaced by the $_SESSION superglobal (that's what it was made for).
That's true, but then this wouldn't be a demonstration of cookies, would it?  There's nothing wrong with a login cookie expiring at close, even if session is better.  It's definitly not "stupid". 
I'm just saying it would be a more effective demonstration of cookies if he did something that only cookies could do, like carrying a login over multiple sessions.

Quote from: iago on June 07, 2006, 09:48:43 AM
Quote from: rabbit on June 07, 2006, 08:21:44 AM
Nextly, you should return all of your strings, and never print from functions, unless you're doing OOP (which you're not).
Both ways are fine. 
Gah..I supposed, but it bugs me.

Quote from: iago on June 07, 2006, 09:48:43 AM
Quote from: rabbit on June 07, 2006, 08:21:44 AM
Furthermore, hange the password box to a password type.
Again: demonstration. 
It's what the "password" type is for.

Quote from: iago on June 07, 2006, 09:48:43 AM
Quote from: rabbit on June 07, 2006, 08:21:44 AM
You have a problem:
QuoteCookie: a722c63db8ec8625af6cf71cb8c2d939 test1
Logged in as test1
Account doesn't exist.
I can't be logged in with a non-existant account.  It doesn't make sense.  You could be tracing these problems out with error_reporting(E_ALL);
You don't have to be an asshole when you report a bug. 

Wasn't trying to be.  I was just pointing out that something went wrong and conflicting messages were printed.  Anyway, that "could" is should*, my bad.

Sidoh

Tip: use <?php.  I think I've told you that before.

rabbit

Yeah, I completely overlooked that.

<? is used by XML as well, so you should always do <?php and <?xml, instead of just plain old <?.  Also, though it's not *required*, php?> works just as well, but isn't all that helpful unless you're mixing XML and PHP

Warrior

Quote from: iago on June 07, 2006, 09:48:43 AM
Quote from: rabbit on June 07, 2006, 08:21:44 AM
Nextly, you should return all of your strings, and never print from functions, unless you're doing OOP (which you're not).
Both ways are fine. 

I strongly suggest learning to seperate core code from display code. It applies in almost every programming language and is a plus for organization. It's a bitch to upgrade code which is riddled with a bunch of HTML. Please, do yourself a favor. Both ways are not fine. I'm warning you.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Joe

This was a demonstration of how cookies can be used, not how to write PHP.
Quote from: Camel on June 09, 2009, 04:12:23 PMI'd personally do as Joe suggests

Quote from: AntiVirus on October 19, 2010, 02:36:52 PM
You might be right about that, Joe.


Warrior

You should always write good PHP. That's a bad demonstration at most.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Sidoh

That's like writing an English paper on how to use semicolens, but failing to use other aspects of the language correctly.  It's just stupid.

Chavo

<insert generic comment about poor programming habits here>

actually, I'm sure I would be saying more than that if it was in a language that I knew better :)