Page 1 of 1
Remeber me option ..
Posted: Thu Mar 17, 2005 7:29 pm
by Jim_Bo
Hi,
I have a login script that is functioning very well .. I would like to add a remeber me option to it .. But have no idea where to start ..
Any help on this would be greatly appreciated ..
Thanks
Posted: Thu Mar 17, 2005 7:33 pm
by John Cartwright
Posted: Thu Mar 17, 2005 8:29 pm
by Jim_Bo
Hi,
Yea I have been there allready .. But didnt make alot of sence of it ..
Seemed complicated for what I allready have .. I just wanted to add the remeber me to the login form I allready have ..
I just thought there would be a simplified workaround / tutorial ..
Thanks
Posted: Thu Mar 17, 2005 8:32 pm
by feyd
the most basic: call setcookie(). When a page is requested, check for the cookie and verify its contents.
Posted: Thu Mar 17, 2005 8:39 pm
by John Cartwright
You might want to randomly create a key that is put into the cookie, along with their userid, and ip address. When they log in, set the cookie, and also add the key you randomly created in their user row in the database.
The Key should most likely be random, and possibly encrypted.
When they visit the site, check to see if the key matches their key in the user row in the database and check to see if their IP matches.
Too bad if their IP address changes...
You have to ask yourself, easibility vs security
So if their cookie matches the database, give them the proper credentials.
This is a slightly more secure way

, nonetheless, cookies can be stolen.
Posted: Thu Mar 17, 2005 9:43 pm
by infolock
the only problem with that is with us that have dynamic ip's. meaning if we reconnect to our dialup isp, we're sol if we can't obtain the exact same ip.
however, for security on a high profile sensative site, it would be a nice addition.
best thing is, as feyd said, use a cookie..
Posted: Thu Mar 17, 2005 10:03 pm
by Jim_Bo
Hi,
Thanks guys .. Almost sounds like the to hard basket
I have read a little .. but havnt got a great understanding as yet ..
But it would be a handy feature .. Security at this point is not a major issue ..
Thanks
Posted: Thu Mar 17, 2005 10:48 pm
by shiznatix
i would recomend doing as fyed said and just setting a cookie if somtin like $_POST[rememberme] isset then set the cookie with username and password and then set $username and $password to the cookie values if the cookies are set and checking the db with those. if you want i can post some code but rite now im playing counter-strike

Posted: Thu Mar 17, 2005 11:26 pm
by s.dot
simple
set a checkmark box for the remember me option perhaps called $rememberme
then your code would look like this
Code: Select all
if($rememberme){
setcookie("cookiename", "content", "how_long_to_remember_for"); } ELSE {
setcookie("cookiename", "content"); }
That is the shortened, unsecure way of doing what you are trying to do.