COOKIE problems

[samoht]

hello,

 

I am trying to setup a simple password protected site with a cookie so that users that have entered the password wont have to enter it again for 1 month. so I have a simple index.php page with the passowrd field on it in the root directory. then my site is in a sub directory /cms/ and the index.php page there checks for the $_POST value to set the cookie and let the user continue on.

 

Like this:

<?php 
//check if user has entered password and needs cookie set
if(isset($_POST['fpass']) && !isset($_COOKIE['fpass'])) setcookielive('fpass', $_POST['fpass'], strtotime( '+1 Month' ));



function setcookielive($name, $value='', $expire=0, $path='', $domain='', $secure=false, $httponly=false) {
    //set a cookie as usual, but ALSO add it to $_COOKIE so the current page load has access
    $_COOKIE[$name] = $value;
    return setcookie($name,$value,$expire,$path,$domain,$secure,$httponly);
}



defined( '_VALID_MOS' ) or die( 'Restricted access' );

//check if user has not entered password
if (!isset($_COOKIE['fpass']) || $_COOKIE['fpass'] == "") header('location: http://www.example.com');
//check if the user has a cookie set but is on a new session
if (isset($_COOKIE['fpass']) && !isset($_POST['fpass'])) header('location: http://www.example.com/disclaimer.php');

...

The disclaimer.php page is actually the default landing page that users need to start on (after entering a password that is).

 

Couple of problems:

[*]This just loops back to the disclaimer page

[*]how do I send the user to the disclaimer page at the beginning of each session even if the Cookie is set

 

thanks for any help

•