Remeber me option ..
Moderator: General Moderators
Remeber me option ..
Hi,
I have a login script that is functioning very well .. I would like to add a remeber me option to it .. But have no idea where to start ..
Any help on this would be greatly appreciated ..
Thanks
I have a login script that is functioning very well .. I would like to add a remeber me option to it .. But have no idea where to start ..
Any help on this would be greatly appreciated ..
Thanks
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
You might want to randomly create a key that is put into the cookie, along with their userid, and ip address. When they log in, set the cookie, and also add the key you randomly created in their user row in the database.
The Key should most likely be random, and possibly encrypted.
When they visit the site, check to see if the key matches their key in the user row in the database and check to see if their IP matches.
Too bad if their IP address changes...
You have to ask yourself, easibility vs security
So if their cookie matches the database, give them the proper credentials.
This is a slightly more secure way
, nonetheless, cookies can be stolen.
The Key should most likely be random, and possibly encrypted.
When they visit the site, check to see if the key matches their key in the user row in the database and check to see if their IP matches.
Too bad if their IP address changes...
You have to ask yourself, easibility vs security
So if their cookie matches the database, give them the proper credentials.
This is a slightly more secure way
the only problem with that is with us that have dynamic ip's. meaning if we reconnect to our dialup isp, we're sol if we can't obtain the exact same ip.
however, for security on a high profile sensative site, it would be a nice addition.
best thing is, as feyd said, use a cookie..
however, for security on a high profile sensative site, it would be a nice addition.
best thing is, as feyd said, use a cookie..
Last edited by infolock on Thu Mar 17, 2005 11:15 pm, edited 1 time in total.
- shiznatix
- DevNet Master
- Posts: 2745
- Joined: Tue Dec 28, 2004 5:57 pm
- Location: Tallinn, Estonia
- Contact:
i would recomend doing as fyed said and just setting a cookie if somtin like $_POST[rememberme] isset then set the cookie with username and password and then set $username and $password to the cookie values if the cookies are set and checking the db with those. if you want i can post some code but rite now im playing counter-strike 
simple
set a checkmark box for the remember me option perhaps called $rememberme
then your code would look like this
That is the shortened, unsecure way of doing what you are trying to do.
set a checkmark box for the remember me option perhaps called $rememberme
then your code would look like this
Code: Select all
if($rememberme){
setcookie("cookiename", "content", "how_long_to_remember_for"); } ELSE {
setcookie("cookiename", "content"); }