php - How can I send data from server from mysql and set cookie?
Get the solution ↓↓↓Here is some php+mysql.
<?php
require('Cookie.php');
require('User.php');
require('DbConnection.php');
$user = new User($_POST['login'], $_POST['pass']);
$dbConn = new DbConnection();
$conn = $dbConn->getConnection();
$isExistUser = "SELECT * FROM users WHERE login = '$user->login' and pass = '$user->pass'";
$result = mysqli_query($conn, $isExistUser) or die(mysqli_error($conn));
$count = mysqli_num_rows($result);
//$cookie = $result->fetch_assoc()['sessid'];
if($count !== 1 ){
echo json_encode(array('islogin' => false));
}else{
//setcookie('SID', $cookie , time() + (60*60*24*365), '/', 'hostenko.net', null, true);
echo json_encode(mysqli_fetch_object($result));
}
$dbConn->closeConnection();
?>
When I use this, I get data from db on the front side, but when I uncomment:
//$cookie = $result->fetch_assoc()['sessid'];
and try to set cookie,
//setcookie('SID', $cookie , time() + (60*60*24*365), '/', 'hostenko.net', null, true);
-it returns null.
What's the problem??
Answer
Solution:
First off, most imporantly, at login you should be generating a new session ID, not reusing one that is stored in your database. The point where the user logs in should be used to start all session properties fresh. As droopsnoot said, you should be storing a hash of the password, not the password itself, this is a fundamental basic security procedure, not people's esoteric opinions.
<?php
//require('Cookie.php'); //Not sure what's in here
require('User.php'); //Add to this class a hash of the password $user->pwhash
//require('DbConnection.php'); //Can't tell what's in here
session_destroy();
ini_set('session.cookie_lifetime', 0); //Pick your time here
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.use_strict_mode', 1);
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 1);
ini_set('session.cookie_samesite', 'Strict');
ini_set('session.use_trans_sid', 0);
ini_set('session.hash_function', 'sha512');
ini_set('session.sid_length', '64'); //Use the generated sid
session_start();
$forhash=random_bytes(256); //I prefer to create my own
$hash = openssl_digest($forhash, "sha256");
$sid = base64_encode($hash);
$sid = substr($sid, 10, 64);
$_SESSION['sessionID']=$sid;
$obj = new stdClass();
$obj->dateread = date("D M j G:i:s T Y");
$obj->message = '';
$obj->error = '';
if(!($login=@$_POST["login"])){
echo '<p>No login was entered.</p>';
exit;
}else {
$login=$_POST["login"];
}
if(!($pass=@$_POST["pass"])){
echo '<p>No pass was entered.</p>';
exit;
}else {
$pass=$_POST["pass"];
}
$user = new User($login, $pass); //do not store the password in this object, only store the hash
$db = new mysqli('localhost', $dbuser, $userpw, $database);
if (mysqli_connect_errno()) {
echo 'Error: Could not connect to database.';
$obj->error = $obj->error.'Could not connect to database. '.__FILE__.__LINE__;
error_log(json_encode($obj));
exit;
}else{
$obj->message = $obj->message.'Successfully connected to database. ';
}
$query = "UPDATE users SET sessid = ? WHERE login = ? AND pwhash = ?";
$stmt = $db->prepare($query);
$stmt->bind_param('sss', $sid, $login, $user->pwhash);
$stmt->execute();
if($db->affected_rows == 1){
echo echo json_encode(array('islogin' => true)); //or whatever else you might do here
}else{
echo json_encode(array('islogin' => false));
exit;
}
$db->close();
?>
Then, on subsequent other pages, while the user is logged in:
<?php
session_start();
if(!isset($_SESSION['sessionID']))
{
echo 'You are not logged in. Please <a href="https://yousite.com/logout.php">click here</a>.';
exit;
}else{
$sid = $_SESSION['sessionID'];
}
require('User.php');
//require('DbConnection.php'); //Still don't know what's here
$user = new User;
$obj = new stdClass();
$obj->dateread = date("D M j G:i:s T Y");
$obj->message = '';
$obj->error = '';
$db = new mysqli('localhost', $dbuser, $userpw, $database);
if (mysqli_connect_errno()) {
echo 'Error: Could not connect to database.';
$obj->error = $obj->error.'Could not connect to database. '.__FILE__.__LINE__;
error_log(json_encode($obj));
exit;
}else{
$obj->message = $obj->message.'Successfully connected to database. ';
}
$query = "SELECT email, phone, whatever FROM users WHERE sessid = ?";
$stmt = $db->prepare($query);
$stmt->bind_param('s', $sid);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($email, $phone, $whatever);
if (mysqli_connect_errno()) {$obj->error = 'Error: Could not connect to database. ';
echo json_encode($obj);
error_log(json_encode($obj));
exit;
}
else{
if($stmt->num_rows == 1) {
echo json_encode(array('islogin' => true)); //or whatever else you might do beside this
while($stmt->fetch()){
$user->setEmail($email);
$user->setPhone($phone);
$user->setWhatever($whatever);
}
} elseif($stmt->num_rows == 0) {
$obj->message=$obj->message.'Session not found. ';
echo json_encode(array('islogin' => false));
} else {
$obj->error = 'Database Error: Sessions not 1 or 0. ';
echo json_encode($obj);
error_log(json_encode($obj));
exit;
}
}
$db->close();
?>
Answer
Solution:
An easy alternative to "cookies" is localStorage
While it is not the "prettiest" method, it works.
localStorage.setItem('cookieconsent', true);
You can remove an item like so:
localStorage.removeItem('cookieconsent');
And you can also get the value of an item.
localStorage.getItem('cookieconsent');
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: uncaught error: call to undefined function mysqli_connect()
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.