Page 1 of 1

Best to make people login and stay logged in?

Posted: Sun May 23, 2004 9:25 pm
by jonas
Hey, I'm new here but I figured I'd just jump right into it.

I'm coding a site right now that is going to be a pretty big database site. So far I'm doing a lot of thinking and planning on paper to get all my ideas down but I seem to have run into a problem but it isn't too big.

Basically, what is the best way to keep users logged in?
I'm thinking session variables, but I haven't worked much with those but obviously am willing to learn.

Say they go to the login page, type in their Username/Password and does the DB check and its ok. Then it will bring them back to the main page and it should know they are logged in. Obviously I could do it through setting a variable login=1 but I don't really want to pass that through every link as it's not very 'me' friendly to code :)

I was thinking that maybe the way would be to store the login variable somewhere while the browser is open that it could check on each page and if it is 1 then display the logged in stuff, if not well then it wont.
When the browser closes, it gets rid of the 1 and its 0 now.

I know it's possible and with all the thinking I've been doing to plan this site out I might have overlooked something but I'd like some feedback and ideas. Tutorial links would be great too!

Also, I'm new to cookies aswell. Anyone care to show me a tutorial on saving user information in a cookie so they dont have to login unless they clear that cookie?

Thanks, I've been looking for a good PHP community to join and I'm hoping this is the one! It looks like it is!

jonas

Posted: Sun May 23, 2004 9:56 pm
by d3ad1ysp0rk
Good job describing the perfect situation for sessions ;)

http://php.net/session :)

Posted: Sun May 23, 2004 9:59 pm
by jonas
Haha, I told you I've been planning this thing on paper (gotta do SOMETHING at work :)) and when I really get thinking about it, I think too much!

Thanks a lot. I'll read this up.

How about the cookie thing? I think those are my only 2 problems right now.

Also, I would like to keep my URL's as variable free as possible. I want it to be easily searchable and bookmark-able.

Nothing is worse than finding the perfect information and not remebering the URL to tell your friends because of all the extra stuff in the URL.
So I'd prefer if the login method puts nothing in the URL (at least, that users can see)

Posted: Sun May 23, 2004 10:08 pm
by d3ad1ysp0rk
As long as they have cookies enabled, nothing that you didnt specifically put in a link will go there (if they have them disbaled, "sid=487bfdhfds89494" will go there so the browser can keep track of the session id for them (and keep the variables intact), but that doesnt matter, because if their friend is logged in, they only need the part before sid=biiufe9843)

Cookies will make the variables stay past the time the browser has been closed.
So, if you want a "stay logged in" feature (so when they return they dont have to login again), then use cookies (and sessions if you'd like), if not, just use sessions.

Posted: Sun May 23, 2004 10:15 pm
by jonas
I'm going to have a 'stay logged in' feature, but only if they checkmark the box.

I want my site to be very search engine and user friendly. As much as possible and I know it is possible to keep variables out of URLs.

Pretty much the only place where I will use URL variables is for my forums where the board ID will be passed to the next page so that page can pull down the topics for that board.

Pretty much I'm programming Gamefaqs.com if you are interested in seeing what I plan on making.
So far the login thing was just something I haven't thought of until now.

How would you code it so they would stay logged in?
I'm new to sessions, well a little bit. If they click the checkbox then it should use cookies otherwise it should use session.
Where should I start?

Posted: Mon May 24, 2004 5:37 am
by d3ad1ysp0rk
on login.html or whatever:

Code: Select all

<form action="login.php" method="post">
Username: <input type="text" name="user" /><br />
Password: <input type="password" name="pass" /><br />
Stay logged in? <input type="checkbox" name="stay_logged" /><br />
<input type="submit" name="submit" value="Login" /></form>
login.php:

Code: Select all

<?php
if(empty($_POST['user']) || empty($_POST['pass'])){
echo "Error. You must fill in both a username and password to login.";
header("Location: login.html");
}

$result = mysql_query("SELECT * FROM members WHERE username = '" .$_POST['username']. "' AND password = '" .md5($_POST['password'])"'");
if(mysql_num_rows($result) > 0){
$_SESSION['user'] = $_POST['username'];
if($_POST['stay_logged']){
setcookie("user",$_POST['user'],time()+60*60*24);
setcookie("pass",md5($_POST['pass']),time()+60*60*24);
}
}
?>

Posted: Mon May 24, 2004 11:36 am
by jonas
Alright. That's pretty much what I have minus the $_POST

I'll look that up and see what that does ..

Posted: Mon May 24, 2004 11:46 am
by d3ad1ysp0rk
$_POST, $_GET, $_SESSION, and $_COOKIE specify exactly which array to take the information from.

With register globals on, if you don't specify, it can easily become a security hazard.

Posted: Mon May 24, 2004 1:58 pm
by jonas
Oh ok.

I'm currently setting up my database for my site, so when I get to coding each page... I'll make sure I do that.

Another problem I seem to have overlooked is if I want this to be as search engine friendly as possible then how can I automate making a page?

Basically, I want to be able to add a new game to my database and then to make people be able to get information on that game I'd have to put the gameID in the link, right?
Well, http://www.gamefaqs.com used to do it like that. I'm not out to copy them, as my site I am making is different but I like the way his urls look. Nice and clean. So when I make a page, instead of having 1 page that every game is called from... can I generate a page for each one somehow and place them in a specific folder?

I'm just a bit confused today. Too much thinking, sorry if that wasn't clear.

Also, the way I'm setting my site up is that users will be able to submit reviews/faqs/codes etc to the site through their accounts and it will go into a queue table in my database. I will have a backend queue page which will list everything in queue and I can ok it (sending it to the real table that displays on the site) or delete it right there.

Just a little more information on my site. If you are interested in knowing more MSN me at matthew@prophecydesigns.com
(Im building front end, back end, forums, queue system and some other things for this site)

Posted: Mon May 24, 2004 3:35 pm
by jonas
To elaborate a bit:

I'd rather have my url display:
http://www.bolt3.com/ps2/games/1101.php

than

http://www.bolt3.com/ps2/games.php?gameID=1101

(Don't click on those, they don't work yet, :))

That's what I mean. The second way isn't exactly bad, but the first way is just cleaner.

Posted: Mon May 24, 2004 3:39 pm
by feyd
sounds like a good place for either mod_rewrite, or a specialized custom 404 handler.

Posted: Mon May 24, 2004 3:43 pm
by jonas
I'll look up that mod_rewrite

I suppose the second URL isn't that bad. I mean my forums will be like that....

I think at first, I'll make my site with the second URL. Then as I complete it and have a solid site finished I'll look into doing the mod_rewrite.