Php setcookie无法使用记住登录脚本
嘿,我正在实现一个“记住登录”,但不能让cookie在登录功能中工作。会话cookies都很好。 不知何故,setcookie函数没有设置cookie。我有其他脚本,它可以很好地工作,但我不明白,为什么这不工作。。。。我错过什么了吗 Login.phpPhp setcookie无法使用记住登录脚本,php,mysql,cookies,login,login-script,Php,Mysql,Cookies,Login,Login Script,嘿,我正在实现一个“记住登录”,但不能让cookie在登录功能中工作。会话cookies都很好。 不知何故,setcookie函数没有设置cookie。我有其他脚本,它可以很好地工作,但我不明白,为什么这不工作。。。。我错过什么了吗 Login.php sec_session_start(); if (login($email, $password, $mysqli) == true) { //Success! } function sec_session_start() {
sec_session_start();
if (login($email, $password, $mysqli) == true) {
//Success!
}
function sec_session_start() {
ini_set('session.save_path', '/tmp');
$session_name = 'sec_session_id';
$secure = false;
$httponly = true;
if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
$cookieParams = session_get_cookie_params();
session_set_cookie_params(
$cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
session_name($session_name);
session_start();
session_regenerate_id();
}
function login($email, $password, $mysqli) {
if ($stmt = $mysqli->prepare("
SELECT
id,
email,
password,
salt
FROM users
WHERE email = ?
LIMIT 1
")) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($userID, $email, $db_password, $salt);
$stmt->fetch();
$now = time();
$password = hash('sha512', $password . $salt);
if ($stmt->num_rows == 1) {
if (checkbrute($userID, $mysqli) == true) {
return false;
} else {
if ($db_password == $password) {
$user_browser = $_SERVER['HTTP_USER_AGENT'];
$userID = preg_replace("/[^0-9]+/", "", $userID);
$secretKey = hash('sha512', $user_browser . $userID . "158avcv");
$token = hash('sha512', $now . $user_browser); // generate a token, should be 128 - 256 bit
$mysqli->query("INSERT INTO users_sessions(token,userId) VALUES ('$token','$userID')");
$cookie = $userID . ':' . $token;
$mac = hash('sha512', $cookie . $secretKey);
$cookie .= ':' . $mac;
//////////////// THIS IS NOT WORKING //////////////
setcookie('hanterasRemember', $cookie);
///////////////////////////////////////////////////
$_SESSION['userID'] = $userID;
$email = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $email);
$_SESSION['email'] = $email;
$loginString = hash('sha512', $password . $user_browser);
$_SESSION['login_string'] = $loginString;
return true;
} else {
return false;
}
}
} else {
return false;
}
}
Functions.php
sec_session_start();
if (login($email, $password, $mysqli) == true) {
//Success!
}
function sec_session_start() {
ini_set('session.save_path', '/tmp');
$session_name = 'sec_session_id';
$secure = false;
$httponly = true;
if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
$cookieParams = session_get_cookie_params();
session_set_cookie_params(
$cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
session_name($session_name);
session_start();
session_regenerate_id();
}
function login($email, $password, $mysqli) {
if ($stmt = $mysqli->prepare("
SELECT
id,
email,
password,
salt
FROM users
WHERE email = ?
LIMIT 1
")) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($userID, $email, $db_password, $salt);
$stmt->fetch();
$now = time();
$password = hash('sha512', $password . $salt);
if ($stmt->num_rows == 1) {
if (checkbrute($userID, $mysqli) == true) {
return false;
} else {
if ($db_password == $password) {
$user_browser = $_SERVER['HTTP_USER_AGENT'];
$userID = preg_replace("/[^0-9]+/", "", $userID);
$secretKey = hash('sha512', $user_browser . $userID . "158avcv");
$token = hash('sha512', $now . $user_browser); // generate a token, should be 128 - 256 bit
$mysqli->query("INSERT INTO users_sessions(token,userId) VALUES ('$token','$userID')");
$cookie = $userID . ':' . $token;
$mac = hash('sha512', $cookie . $secretKey);
$cookie .= ':' . $mac;
//////////////// THIS IS NOT WORKING //////////////
setcookie('hanterasRemember', $cookie);
///////////////////////////////////////////////////
$_SESSION['userID'] = $userID;
$email = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $email);
$_SESSION['email'] = $email;
$loginString = hash('sha512', $password . $user_browser);
$_SESSION['login_string'] = $loginString;
return true;
} else {
return false;
}
}
} else {
return false;
}
}