Page 1 of 1

Remember me

Posted: Sat Dec 10, 2011 11:40 am
by YoussefSiblini
Hi,
I am trying to add a remember me to my login system,
What I am using is this:

Code: Select all

<?php 
// Open session and check if session isset the go to index page
session_start();
$header = '';
if (isset($_SESSION["manager"])) 
{
    header('Location: ../index.php');
}
else 
{
    $header = '../includes/header.php';
}
?>
<?php 
// check if the information is correct and pass him on
$incorrect = "";
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["email"]) && isset($_POST["password"])) {
	$email = $_POST["email"];
	$password = $_POST["password"];
	$returnurl = $_POST["returnurl"];
	
	$email = stripslashes($email);
	$password = stripslashes($password);
	$email = strip_tags($email);
	$password = strip_tags($password);
	$pass = md5($password);

	if (isset($_POST['remember'])) {
		$remember = $_POST['remember'];
	}

	// connect to my SQL
    require_once ('************');
	//query the person
    $sql = mysql_query("SELECT * FROM ********** WHERE *****='$email' AND ******='$pass' AND active='1'");
	// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
	// count the row nums
	$existCount = mysql_num_rows($sql); 
	if ($existCount == 1) { // evaluate the count
	     while($row = mysql_fetch_array($sql)){ 
             $id = $row["id"];
		 }
		 $_SESSION["id"] = $id;
		 $_SESSION["manager"] = $email;
		 $_SESSION["password"] = $pass;
		 $_SESSION["firstname"] = $firstname;
		 
    	 // Remember Me Section
    	 if($remember == "yes")
		 {
                    $encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id");
    			    setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
			        setcookie("passCookie", $pass, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
         } 
		 

		 if($returnurl != "")
		 {
			 header('Location: ' . $returnurl);
			 exit();
		 }
		 else
		 {
		     header('Location: ../index.php');
			 exit();
		 }
         
    } else {
		$incorrect = 'That information is incorrect, please try again<br/><br/>
		<span style=" display:inline-block; width:20px; font-weight:bold">&#183;</span> If this is your first login after registration please make sure that you activated your account by clicking the link we sent to you upon registration.<br/><br/>
		<span style=" display:inline-block; width:20px; font-weight:bold">&#183;</span> if you still having problem with your login please contact us or if you forgot your password, use the forgot password link below. ';
	}
};

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="Description" content="swaps, la swap, car swaps, swap site, home swap, house swap, swap shop, swapping site, swap stuff online, exchange"/> 
<meta name="Keywords" content="swaps, la swap, car swaps, swap site, home swap, house swap, swap shop, swapping site, swap stuff online, exchange"/> 
<title></title>

  <link rel="stylesheet" type="text/css" href="../css/style.css" />
   <!--[if IE]>
        <link rel="stylesheet" type="text/css" href="../css/style_IE.css" />
   <![endif]-->
<script type="text/javascript">
function MM_validateForm() { //v4.0
  if (document.getElementById){
    var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
    for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]);
      if (val) { nm=val.name; if ((val=val.value)!="") {
        if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
          if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
        } else if (test!='R') { num = parseFloat(val);
          if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
          if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
            min=test.substring(8,p); max=test.substring(p+1);
            if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
      } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; }
    } if (errors) alert('The following error(s) occurred:\n'+errors);
    document.MM_returnValue = (errors == '');
} }
  </script>
</head>

<body>
 <!--main begin -->
 <div id="main">
    
   <!--header begin -->
   
     <?php include_once "$header" ?>
     
   <!--header end -->
   
   <!--content begin -->
   <div id="content">
      <!--sub_Main_Content_Bg Begins -->
      <div class="sub_Main_Content_Bg">
        <div class="sub_Main_Content_Sub_Bg">
      <h3>Please enter you email and password to login:</h3>
      <div style="color:red"><?php echo $incorrect ?></div><hr/>
      
      <div id="login_Div">
      
        <form id="form1" name="form1" method="post" action="login.php">
          <div style="margin-bottom:10px">Email:</div>
          <input name="email" id="login_email" type="text" class="common_Text_Boxes"/>
          <br /><br />
          <div style="margin-bottom:10px">Password:</div>
          <input name="password" id="login_password"  type="password" class="common_Text_Boxes"/>
          <br/><br/>
          Remember me: <input name="remember" type="checkbox" id="remember" value="yes" checked="checked" />
          <br/><br/>
          <div style="margin-bottom:10px"><input name="button" type="submit" id="button" class="common_Button_Sub" onclick="MM_validateForm('login_email','','RisEmail','login_password','','R');return document.MM_returnValue" value="LOG IN" /></div>
        </form>
        <a href="forgot.php">Forgot password</a>
        
      </div>
      <div style="float:right">
        <?php include_once "../includes/side/search.php" ?>
      </div>
      
        </div>
      </div>
      <!--sub_Main_Content_Bg Ends -->
   </div>
   <!--content end -->
   
 
 </div>
 <!--main end -->
 
 
   <!--Footer begin -->
   
     <?php include_once "../includes/footer.php";?>
     
   <!--Footer end -->


</body>
</html>
But the remember me is not working, I am quit newb with php and I am using this code to learn :)

Re: Remember me

Posted: Sat Dec 10, 2011 12:07 pm
by Celauran
I don't see you checking if the cookie exists and redirecting accordingly. Also, don't store the password in the cookie. Don't store the password anywhere.

Re: Remember me

Posted: Sat Dec 10, 2011 12:22 pm
by YoussefSiblini
Thanks for your reply,

So do I need not to check sessions and check if cookie exists instead, and what shall I set than only email?

Re: Remember me

Posted: Sat Dec 10, 2011 3:46 pm
by Celauran
Sessions end when the browser is closed, so you can't use that to remember someone. You could store their ID in the cookie, or some token which matches a database table of valid sessions.

Re: Remember me

Posted: Sat Dec 10, 2011 3:54 pm
by YoussefSiblini
Thank you, this cleared it for me now :)