For some reason This php script won't echo anything:
<?php setcookie("pop",'hi',time()+604800); echo $HTTP_COOKIE_VARS['pop']; ?>Answer1:
$HTTP_COOKIE_VARS is deprecated as of PHP 4.1.0, try
Once the cookies have been set, they can be accessed on the <strong>next page load</strong> with the $_COOKIE or $HTTP_COOKIE_VARS arrays. Note, superglobals such as $_COOKIE became available in PHP 4.1.0. Cookie values also exist in $_REQUEST.</blockquote>
via <a href="http://us.php.net/setcookie" rel="nofollow">Documentation</a>.
It might be that you can access it on the same page load.Answer3:
When you set a cookie, its value will be send to the client together with the page.
$HTTP_COOKIE_VARS) contains the cookie information that was <strong>sent by the client together with the request</strong>. Since you just set the cookie, the client will only be able to send the information on the next request.
The <a href="http://php.net/manual/en/function.setcookie.php" rel="nofollow">manual puts it like this</a>:<blockquote>
Once the cookies have been set, they can be accessed <em>on the next page load</em> with the $_COOKIE or $HTTP_COOKIE_VARS arrays.</blockquote> <hr />
It's still the same problem. If the name and password are that of the admin, you're just setting a cookie, which happens silently. Then, you're echoing the contents of the cookie that were sent with the request, which is probably empty, so it doesn't echo anything.
What you really shouldn't be doing is storing the admin name and password in a cookie. It's <strong>Bad™</strong>. Anyone with access to the machine could just look at the cookie to get sensitive login information. Furthermore, the information will be transmitted with every request, most likely in plain text, so any proxy or sniffer can pick up the login information as well. Either encrypt them before storing them in the cookie or use proper sessions.