So, I have a simple script that allows you to choose between any of your "team names". When you choose and sumbit, it is then supposed to do a php setcookie with the value of the selection which is a hashed version of the team name.
Here is the relevant code:
<?php
include 'include/db.php';
if(isset($_POST['submitteam'])) {
$team_hash = $_POST['teams'];
setcookie('ver_aet', $team_hash, time()+2592000);
header('Location: index.php');
}
$email = $_COOKIE['ver_ame'];
//Find the User Id from the Email Hash
$sql_finduid = "SELECT * FROM users_sensitive WHERE email_hash = '$email'";
$sql_finduid_result = mysql_query($sql_finduid);
while ($row = mysql_fetch_array($sql_finduid_result)) {
$user_id = $row['user_id'];
} //End Find User Id
/*
$sql_finduid = mysql_query("SELECT user_id FROM users WHERE email = '$email'");
$user_id = mysql_result($sql_finduid) or die(mysql_error());
*/
//Find the Team Id from the User Id above
$sql_findteams = "SELECT * FROM team_members WHERE user_id = '$user_id'";
$sql_findteams_result = mysql_query($sql_findteams);
if(mysql_num_rows($sql_findteams_result) < 1){
header('Location: registerteam.php?ver_ame=' . $email);
} else {
while ($row = mysql_fetch_array($sql_findteams_result)) {
$team_id = $row['team_id'];
/*
$sql_finduid = mysql_query("SELECT user_id FROM users WHERE email = '$email'");
$user_id = mysql_result($sql_finduid) or die(mysql_error());
*/
if((mysql_num_rows($sql_findteams_result)) <= 1) {
$sql_findteamname = "SELECT * FROM teams WHERE team_id = '$team_id'";
$sql_findteamname_result = mysql_query($sql_findteamname);
while ($row = mysql_fetch_array($sql_findteamname_result)) {
$team_name = $row['team_name'];
$team_hash = $row['team_name_hash'];
}
setcookie('ver_aet', $team_hash, time()+2592000);
header('Location: index.php');
} else {
//setcookie('ver_ame', $teamname_hash, time()+2592000);
//setcookie('ver_aet', $email, time()+2592000);
//header('Location: index.php'); ?>
and the HTML
Select the team you would like to view: <br />
<form method="post" action="<?PHP echo $_SERVER['PHP_SELF']; ?>">
<select name="teams">
<?PHP
$sql_findteams = "SELECT * FROM team_members WHERE user_id = '$user_id'";
$sql_findteams_result = mysql_query($sql_findteams);
while ($row = mysql_fetch_array($sql_findteams_result)) {
$team_id = $row['team_id'];
/*
$sql_finduid = mysql_query("SELECT user_id FROM users WHERE email = '$email'");
$user_id = mysql_result($sql_finduid) or die(mysql_error());
*/
$sql_findteamname = "SELECT * FROM teams WHERE team_id = '$team_id'";
$sql_findteamname_result = mysql_query($sql_findteamname);
while ($row = mysql_fetch_array($sql_findteamname_result)) {
$team_name = $row['team_name'] . " ";
$team_hash = $row['team_name_hash'] . "<br />";
?>
<option value="<?= $team_hash; ?>"><?= $team_name . $team_hash; ?></option>
<?PHP
}
}
?>
</select>
<input type="submit" name="submitteam" value="Submit" />
</form>
</div>
</div>
</div>
basically, "if the submit button is clicked, set the cookie for the name of the team. If not clicked, continue. Find the cookie of your email, find out how many teams you belong to, if there is one team, make that your team cookie and continue, if not, show all available teams and allow the user to select one. loop"
I currently have the $team_hash echoing just to show that it is pulling the correct hash number (and it is). When I hit submit, it loops to the top of the page and does the setcookie statement. It sets a cookie but the cookie seems to end up having random percent signs throughout it after it is set.
What should be set: d2fea5c982b6cb3f5bffc4998d96cbe5 What is actually set: d2fea5c982b6cb3f5bffc4998d96cbe5%3Cbr+%2F%3E
Where are these extra things coming from?
You have a <br/> in there somehow, and PHP is url encoding it.
Right here
$team_hash = $row['team_name_hash'] . "<br />";
The problem is that you're adding <br /> at the end of the hash when you're doing $team_hash = $row['team_name_hash'] . "<br />"; and when you're setting the value of the option, you're using $team_hash which contains a <br />. When you're doing the set cookie, the <br /> gets URL encoded hence why it's at the end of your cookie.
Simple change the line to:
$team_hash = $row['team_name_hash'];