0

I'm trying to make remember me checkbox works in my login system .. so here is what I did...

my code :

  if(password_verify($password, $hashed_password)){

                            session_start();
                            session_regenerate_id(true);
                            $_SESSION['username'] = $username;
                            $_SESSION['firstname'] = $firstname;

                            $days = time() + 300;
                            setcookie('remember_me', $_POST['username'], $days,"/", NULL);
                            header("location: index.php");

the checkbox :

 <label class="css-input switch switch-sm switch-primary">

                                <input type="checkbox" id="login-remember-me" name="remember" <?php if(isset($_COOKIE['remember_me'])) {
                                  echo'checked="checked"';
}
else {
echo '';
}
?> ><span></span> Remember me?
                            </label>

checking for isset checkbox : 

 <?php
 if(isset($_POST['remember'])) {
 setcookie('remember_me', $_POST['username'], $days);
 }
 elseif(!isset($_POST['remember'])) {
   if(isset($_COOKIE['remember_me'])) {
     $past = time() - 100;
     setcookie('remember_me', 'gone', $past);
   }
 }
  ?>

is it right what I'm doing? because I don't see this cookie in "All cookies and site data" in google chrome ...

........

Plus how I can log out a user when he is idle?

Alan Moe
  • 1
  • 2
  • Probably unrelated but I have to mention it you have `if(!isset($_COOKIE['remember_me'])) { echo''; } else { echo checked="checked"';}`, just reverse that so no need for the pointless echo and have `if (isset($_COOKIE['remember_me'])) { echo 'checked="checked"';` – James Mar 31 '18 at 21:32
  • What does "remember me" actually do? Keep the user logged in, or just remember their username in the form, but they still have to enter the password? – Mike Mar 31 '18 at 21:35
  • never mind; I deleted my comment about not closing the checkbox input. I noticed you had it buried in a conditional. edit: oh, that got deleted too, heh. – Funk Forty Niner Mar 31 '18 at 21:36
  • @Mike the main thing of the code is to make the user have access even if the session expired .. that's what I'm trying to do... – Alan Moe Mar 31 '18 at 21:41
  • "*make the user have access even if the session expired*" sounds wrong. The session expiring means they should be logged out. – James Mar 31 '18 at 21:43
  • @AlanMoe So all I have to do to log in as any user I want is to set a cookie with their username as a value, and poof. I'm in? No, that's not right. https://stackoverflow.com/questions/244882/what-is-the-best-way-to-implement-remember-me-for-a-website – Mike Mar 31 '18 at 21:53

0 Answers0