Page 1 of 1

PHP Cookie when login help...

Posted: Wed Feb 11, 2009 5:59 pm
by tomsace
Hey!

I have come up with some sort of basic script for the moment.

Heres the code for my index of the admin section:

Code: Select all

<?php
 
// Define your username and password
$username = "admin";
$password = "password123";
 
if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) {
?>
 
<h1>Login</h1>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <p><label for="txtUsername">Username:</label>
    <br /><input type="text" title="Enter your Username" name="txtUsername" /></p>
    <p><label for="txtpassword">Password:</label>
    <br /><input type="password" title="Enter your password" name="txtPassword" /></p>
    <p><input type="submit" name="Submit" value="Login" /></p>
</form>
 
<?php
}
else {
?>
 
 
 
<?php
 
$id = (isset($_GET['id']) ? $_GET['id'] : "home");
 
@include('header.php');
 
switch($id)
{
 
case "home":
@include('home.php');
break;
 
case "insert":
@include('insert.php');
break;
 
case "password":
@include('password.php');
break;
 
case "reset":
@include('reset.php');
break;
 
}
@include('footer.php');
 
?> 
 
 
 
<?php
}
?>


So... The first section is the password protect code along with the login box.
The second part is my actual script which includes other pages.

My question is this:
The script works fine. But the problem is when I login the page shows, when I click to another page I have to then re-type the password in again! How can I stop this to just insert the password once and it 'remember me' for a while. I can only think of cookies but I have never used these before so I need help with this section.

Thanks.

Re: PHP Cookie when login help...

Posted: Wed Feb 11, 2009 6:09 pm
by bugrush
I would use sessions
maybe something like this:

Code: Select all

<?php
session_start();
 
// Define your username and password
$username = "admin";
$password = "password123";
 
if(isset($_POST['txtUsername']) && isset($_POST['txtPassword'])) {
    if($_POST['txtUsername'] == $username && $_POST['txtPassword'] == $password) {
        $_SESSION['admin']['login']['username'] = $username;
        $_SESSION['admin']['login']['password'] = $password;
    }
    header('Location: '.$_SERVER['REQUEST_URI']);exit;
}
 
//if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) {
if(@$_SESSION['admin']['login']['username'] != $username || @$_SESSION['admin']['login']['password'] != $passowrd) {
?>
 
<h1>Login</h1>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <p><label for="txtUsername">Username:</label>
    <br /><input type="text" title="Enter your Username" name="txtUsername" /></p>
    <p><label for="txtpassword">Password:</label>
    <br /><input type="password" title="Enter your password" name="txtPassword" /></p>
    <p><input type="submit" name="Submit" value="Login" /></p>
</form>
 
<?php
}
else {
?>
 
 
 
<?php
 
$id = (isset($_GET['id']) ? $_GET['id'] : "home");
 
@include('header.php');
 
switch($id)
{
 
case "home":
@include('home.php');
break;
 
case "insert":
@include('insert.php');
break;
 
case "password":
@include('password.php');
break;
 
case "reset":
@include('reset.php');
break;
 
}
@include('footer.php');
 
?>
 
 
 
<?php
}
?>

Re: PHP Cookie when login help...

Posted: Wed Feb 11, 2009 6:57 pm
by tomsace
Hi,

Thanks for the reply but this isn't working for me.

When I enter my login details its just asif the page refreshes, nothing happens??

Re: PHP Cookie when login help...

Posted: Thu Feb 12, 2009 6:35 am
by bugrush
umm yeah... there's a typo in my code.
turn on strict error reporting to find it.
use error_reporting(E_ALL); or change it in php.ini

Re: PHP Cookie when login help...

Posted: Thu Feb 12, 2009 10:38 am
by tomsace
Hi,

I already have script error reporting on but it doesnt detect anything?

Can you see where the error is?

Tom.

Re: PHP Cookie when login help...

Posted: Thu Feb 12, 2009 11:59 am
by bugrush
If you had error reporting level set to E_ALL you would have a php notice about undefined variable $passowrd on line 17... do some research.

Re: PHP Cookie when login help...

Posted: Thu Feb 12, 2009 1:56 pm
by tomsace
Was that the only error you recieved?
I have changed the misspell but still no success??

Re: PHP Cookie when login help...

Posted: Sat Feb 28, 2009 9:36 am
by nakeddeveloper
Hi, I'm also looking for a remember me script. I think I have a secure one but want to run it by you lot so see if you can pick holes in it as it seems simpler than what i've seen...
Basically if the user checks remember me when successfully logging on, it calls the remember me function
This function generates a random key and saves it along with the users IP in a cookie table along with a cookie containing just the key on the clients box.
When coming back to the site, it checks if the cookies key and client IP match in the table.
I believed this was a good way of doing it as it allows multiple machines and as far as I can see it prevents anyone being able to steal the cookie.
I'm new to web development but please feel free to call me a numpty if you see anything wrong, just constructive feedback would be nice, code below...

Code: Select all

 
function rememberme($userID)
  {
    $clientIP=@$REMOTE_ADDR;
    $key = "";
    $length = 30;
    srand((double)microtime()*1000000);
    $char_list = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
    $char_list .= "abcdefghijklmnopqrstuvwxyz";
    $char_list .= "1234567890";
    for($i = 0; $i < $length; $i++)
      {
        $key .= substr($strset,(rand()%(strlen($strset))), 1);
      }
    $dbconnection = mysql_connect($dbhost, $dbuser, $dbpassword);
    mysql_select_db($dbname, $dbconnection);
    mysql_query("INSERT INTO {$dbprefix}cookies (userID, clientip, key) VALUES ('$userID', '$clientIP', '$key')");
    mysql_close($dbconnection);
    
    setcookie("key", $key, time()+(60*60*24*7)));
  }
 

Code: Select all

 
function checkcookies()
  {
    $clientip=@$REMOTE_ADDR;
    if (isset($_COOKIE["userID"]))
      {
        $userID = $_COOKIE["userID"];
        $cookiekey = $_COOKIE["key"];
        $dbconnection = mysql_connect($dbhost, $dbuser, $dbpassword);
        mysql_select_db($dbname, $dbconnection);
        if(mysql_num_rows(mysql_query("SELECT userID FROM {$dbprefix}cookies WHERE (key = '$cookiekey') AND (clientIP = '$clientIP')"))
            {
              return $userID;
            }
          else
            {
              return null;
            }
        mysql_close($dbconnection);
      }
  }