1

There are 3 pages in my script 1. header.php 2. auth.php 3. home.php

The header file has the login code and the functions and database connections are in the auth.php.

Now login is working, the only thing is cookie, i mean I want to know how to add a remember function in the script please help. This is my code 1. header.php

include 'auth.php';
if(empty($_POST['submitlogin']) === false)
{
$username = $_POST['username'];
$password = $_POST['password'];  

if(empty($username) === true)
  {
      $errors[] = '<font color="#FFFFFF">You need to enter an username!</font>';

  } 

 if(empty($password) === true)
  {

      $errors[] = '<font color="#FFFFFF">You need to enter password!</font>';
  } 

else if(user_exists($username) === false )
  {

      if(empty($username) === true){}
      else
        $errors[] = '<font color="#FFFFFF">No such username has been found.</font>';
  } 

else if(user_active($username) === false)
  {

      $errors[] = '<font color="#FFFFFF">You haven\'t activated your account.</font>';
  }
else
  {

    $login = login($username, $password);
    if($login === false)
    {
        $errors[] = '<font color="#FFFFFF">The Username/Password Combination is incorrect</font>';
    } 
    else 
    {
        $_SESSION['user_id'] = $login;
        header('Location: home.php');
        exit();
    }
  }
}

2. auth.php code

session_start();
error_reporting(0);

require 'connect.php';


if(logged_in() === true){

  $session_user_id = $_SESSION['user_id'];
  $user_data = user_data($session_user_id, 'user_id', 'username', 'password',  'email', 'active', 'type');


  if(user_active($user_data['username']) === false)
    {
      session_destroy(); 
      header('Location: home.php');
      exit();
    }

        }else{

       }

    $errors = array();


  function user_data($user_id)
   {
  $data = array();
  $user_id = (int)$user_id;

  $func_num_args = func_num_args();
  $func_get_args = func_get_args();

  if($func_num_args > 1)
  {
     unset($func_get_args[0]); 

     $fields = '`' . implode('`, `', $func_get_args) . '`';
     $data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `edge_users` WHERE `user_id` = $user_id"));
     return $data;
  }
   }


   function user_active($username) 
   {
    $username = sanitize($username);
    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `edge_users` WHERE  `username` = '$username' AND `active` = 1"), 0)==1)?true: false;  }



    function login($username, $password)
     {
  $user_id = user_id_from_username($username);
  $username = sanitize($username);
  $password = md5($password);
  return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `edge_users` WHERE  `username` = '$username' AND `password` = '$password'"), 0)  == 1) ? $user_id : false;
      }

Html Form

  <form  method="post">
  Username
   <input type="text" name="username" style="padding: 5px; width:228px; height:15px;"  autocomplete="off" value="<?php echo $_POST['username'];?>"/>>         
   Password
   <input type="password" name="password" style="padding: 5px;  width:228px;height:15px;" />                                                                    
   <input type="checkbox" name="rememberme" /> Remember Me  

   <input type="submit" name="submitlogin"  style="background: #00c800; border:1px  solid  #00c800; color:#FFFFFF; padding:5px 10px 5px 10px; font-size:14px; float: right;"  value="Login" />
    </form>
Francisco Presencia
  • 8,732
  • 6
  • 46
  • 90
razor
  • 111
  • 1
  • 5
  • 18
  • Use `$_COOKIE` or `setcookie` if you want more control. – Halcyon Aug 30 '13 at 09:56
  • Could you please guide me where to use? – razor Aug 30 '13 at 09:59
  • Where you set the `$_SESSION` is where you can also set the cookie. P.s. Stackoverflow is meant for questions, not code requests. – Gerben Jacobs Aug 30 '13 at 10:01
  • After this line $_SESSION['user_id'] = $login;, use setcookie. To retrieve, use $_COOKIE – Saranya Sadhasivam Aug 30 '13 at 10:06
  • Suppose user is checking the remember me checkbox how to save his details and when next time he logins, the password should automatically set without typing – razor Aug 30 '13 at 10:11
  • Don't use `md5()` for password hashing; see [this answer](http://stackoverflow.com/questions/10916284/how-to-encrypt-decrypt-data-in-php/10945097#10945097) for details. – Ja͢ck Dec 14 '13 at 01:59

1 Answers1

0

Because you are using PHP sessions you need to extend the session.

After

$_SESSION['user_id'] = $login;

Add the following lines:

if (isset($_POST['rememberme'])) {
    $params = session_get_cookie_params();
    setcookie(session_name(), $_COOKIE[session_name()], time() + 60*60*24*30, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}

This will extend the PHP session cookie by 30 days if the remember me button is pushed.

On logout you probably want something like this:

$_SESSION = array();
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
session_destroy();

This will destroy your PHP session, so if someone has checked 'Remember me' and logs out and then logs in again without pressing 'Remember me' you do not remember them.

Luke
  • 2,851
  • 1
  • 19
  • 17