PHP - Can't create cookies

Question

I'm a beginner PHP programmer, and I can't set cookies.

I keep getting this error:

Notice: Undefined index: user in D:\XAMPP\htdocs\Bank\verify.php on line 28

Notice: Undefined index: pass in D:\XAMPP\htdocs\Bank\verify.php on line 28

In the code, I'm just setting a cookie with value of $_POST['user'] and $_POST['pass'] from a form and printing it out, but it won't work.

setcookie("user",$_POST['user'],3600);
setcookie("pass",$_POST['pass'],3600);
echo $_COOKIE["user"] . " " . $_COOKIE["pass"];  // This is line 28

And here's my form:

<form action="verify.php" method="post">
    Username: <input name="user" /><br />
    Password: <input name="pass" type="password" /><br />
    <input type="submit" value="Submit" />
</form>

Anybody know why this happens? Please help.

Thanks.

Answer 1

Cookies are used next time you visit the page. So there are 3 general solutions: 1. Save it to cookie and for first time, just echo POST variables instead of COOKIE. Code will look like this:

setcookie('user', $_POST['user'], time()+3600); // notice time() function
setcookie('pass', $_POST['pass'], time()+3600); // you cant use absolute value here

if (!isset($_COOKIE['user'])) echo $_POST['user'] . ' ' . $_POST['pass'];
    else echo $_COOKIE['user'] . ' ' . $_COOKIE['pass'];

, but if you really want to store password in cookie (very bad idea), then at least hash it. Code with hashing could look like this:

setcookie('pass', hash(whirlpool/*algorithm*/, $_POST['pass']/*text*/), time()+3600);

, then when you check the password, just hash it and compare hashes.

---

2. solution is session, but it will work only until you close your browser, then whole session is erased.

---

3. and probably best solution is to store user+password in mySQL database or in .txt file on server side. Still, don't forget to hash it, because even in database, someone can steal these informations using some hack. Even if you think, that your web is secure - better safe than sorry.

---

Thats it to your solution. Just a quick note: If you want to store passwords to anything important, always hash it, prefarably use salted hash. Try to google it, there are many articles about hashing on the internet.Look at this site: http://php.net/manual/en/faq.passwords.php

Answer 2

You cannot send and receive cookie in the same request. Here is a modification you should try

if(isset($_POST['user']) && isset($_POST['pass'])){

setcookie("user",$_POST['user'],3600);
setcookie("pass",$_POST['pass'],3600);

header("location:".$_SERVER['PHP_SELF']);

}
if(isset($_COOKIE['user']) && isset($_COOKIE['user']))
{
echo $_COOKIE["user"] . " " . $_COOKIE["pass"];  // This is line 28

}

However, it advisable to use sessions instead. Start by going through PHP_SESSION

Answer 3

$_COOKIE is only for cookies that were passed in the request (from the web client) to the script, not the cookies that you've set in the script to be sent to the client. So "user" and "pass" will not be in $_COOKIE until after you send them to the client and the client sends them back.

Also, please tell me you're not setting a password in a cookie? This is extremely bad security as cookie's are not remotely secure. The normal technique is to create a PHP session which stores data only on the web server, and then just put the session id in a cookie. For information on sessions in PHP, see the php online manual.

Answer 4

setcookie();

tells PHP to send a cookie to the browser the next time it sends a response to the browser

$_COOKIE

is the cookies that were received from the browser when the browser sent the request to PHP

You're trying to set and receive in the same request

EDIT

PS I understand you're just learning, but I hope you're not planning on storing user id and password in cookies where everyone on the internet can see them