Page 1 of 1

Simple PHP Question, I am new to PHP, Can't figure out how

Posted: Mon May 29, 2006 12:11 am
by tecktalkcm0391
How do you make a user stay logged in for a session, and then if the variable $stayloggedin = '1'; then they stay logged in even after they close their browser.

Posted: Mon May 29, 2006 12:14 am
by Flamie
you cant do it with just a variable because the variable gets deleted once the script is over.
If you want the user to stay logged in after they close their browser and reopen it use cookies ;o

Posted: Mon May 29, 2006 12:54 am
by tecktalkcm0391
the variable would only be needed on the process login page because that page out put the cookie to stay login in on. can anybody tell me a code that i could work off of to create a login.

Posted: Mon May 29, 2006 4:30 am
by twigletmac
Google is your friend :)
login script php

Mac

Posted: Mon May 29, 2006 10:36 am
by Ambush Commander
None of the scripts out there are very good, unfortunantely.

What you're trying to achieve is remember_me. Issue the user a special token in a cookie called remember_me which you also store in a database. When the user turns their browser back on, check the remember_me token, and, if it's valid, log the user in automatically.

Posted: Mon May 29, 2006 11:05 am
by toasty2
You could store their ip in a database and some info saying if they should be logged in or not.

Posted: Mon May 29, 2006 11:16 am
by Ambush Commander
You could store their ip in a database and some info saying if they should be logged in or not.
Definitely do not do that. IP != identity, especially for AOL users and people behind NAT.

Re: Simple PHP Question, I am new to PHP, Can't figure out h

Posted: Mon May 29, 2006 11:27 am
by Christopher
tecktalkcm0391 wrote:How do you make a user stay logged in for a session, and then if the variable $stayloggedin = '1'; then they stay logged in even after they close their browser.
You can use PHP's built-in session library to do this. On your log-in page do:

login.php

Code: Select all

if ($username_and_password_verified) {
    session_start();
    $_SESSION['loggedin'] = 1;
    // show logged-in page
} else {
    // show log-in form
}
And on other pages that the user must be logged-in to access do:

mypage.php

Code: Select all

session_start();
if (isset($_SESSION['loggedin']) && ($_SESSION['loggedin'] == 1)) {

    // show the page

} else {
    // send the to the log-in page
    header('Location: login.php');
}
Remember that you need to call session_start() before you can access the $_SESSION superglobal array.

Posted: Mon May 29, 2006 2:49 pm
by Oren
Small fix to arborint's code:
Change:

Code: Select all

if (isset($_SESSION['loggedin']) && ($_SESSION['loggedin'] == 1)) {
Into:

Code: Select all

if (isset($_SESSION['loggedin']) && ($_SESSION['loggedin'] === 1)) {
Some might argue that this adds nothing, but my answer would be: it won't decrease security and that's for sure, so why not? (and it is also a little bit faster than '==')
:wink: