Link to home
Start Free TrialLog in
Avatar of sangeetha
sangeetha

asked on

want to keep user logged in

I have a login page. I have a check box called 'Remember Me' . When the checkbox is clicked i want the user to be logged in during the next visit.

I am good with PHP, SESSIONS but i guess i have to use COOKIES for this. Here's my current script.

<form method="post" name="loginform" action="login.php">
<table border="0" cellspacing="0" cellpadding="1">
            
<tr> <td>User Name:</b></td>
<td><Input type="text" name="username" size=25 maxlength=45></td> </tr>
   
<tr>  <td><b>Password: </td>
<td><input type="password" name="password" size=25 maxlength=45></td>  </tr>
   
<tr>  <td><b>  Remeber Me: </b></td>
<td> <input type="checkbox" name="remember_user"></td> </tr>

<tr>  <td colspan="2"> <input type="submit" name="submit" value="Sign In"> </td> </tr>

</table>
</form>

I am not sure how i can accomplish this. Any help soon would be great.
ASKER CERTIFIED SOLUTION
Avatar of Diablo84
Diablo84

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Diablo84
Diablo84

explanation of above code:

if (isset($_COOKIE['autologin']) && !isset($_SESSION['username'])) {

this line checks that the cookie is set and the username session is not set (ie. the user has not yet been logged in and they have the autologin cookie set).

 $splitcookie = explode("|",$_COOKIE['autologin']);
 $cookie_u = $splitcookie[0];
 $cookie_p = $splitcookie[1];

the above code splits the data in the cookie so you have the user name in the first variable ($cookie_u) and the password in the second ($cookie_p).

$query = "SELECT * FROM tablename WHERE username='$cookie_u' AND password='$cookie_p' LIMIT 1;";

This runs a query on your database (you need to customise this query!!) selecting the required fields for the login (replace * with the fields you need - field1,field2,field3 etc to make the query more efficent). Notice it selects one row which matches the username and password set in the cookie. If  needed change "username" to the name of your username field and "password" to the name of your password field.

 if (mysql_num_rows($logincookie) < 1) {
  echo "Cookie Error - Auto Login Failed!<br>\n";
 }

This means that data was set in the cookie but an account no longer matches the data stored, normally this message wont be produced.

  $username = mysql_result($logincookie, 0, "username");
  $_SESSION['username'] = $username;

In the above code you are using the results returned by the database to set the session vars up (like you would when you handle the login normally), you may need to add some code here to set more data in sessions.
by the way, when the user logs out you will need to add this code to unset the cookie.

setcookie("autologin", "", time() - 3600);
Avatar of sangeetha

ASKER

Diablo84,

thanks for your reply. One question: If i store the password by the query, say,

INSERT INTO tablename($password) VALUES (password($password)); (example)

password is encrypted and stored in the DB. But, if i retrieve using SELECT query, how can decrypt it ?

Say, for example user enters password as : indian

it is stored in the DB as, say : 23fwferFRE343FEf3435 (for example).

while retrieving with password 'indian' how can i decrypt the password in DB. Or any other suggestions ?

Thanks.
you should just say...
"INSERT INTO tablename($password) VALUES(".md5($password).")";

and get it out like:
"SELECT * FROM tablename WHERE password='".md5('indian')."'";

Zac Charles
hmm, not 100% sure as i don't usually use mysql password function, i doubt it can be decrypted, most hashes cannot be decrypted however you might be able to work by encrypting the password in the select query, not sure how well it will work, eg:

$query = "SELECT * FROM tablename WHERE username='$cookie_u' AND password=password('$cookie_p') LIMIT 1;";

i would however use md5 encryption
when you set the cookie:

if (isset($_POST['remember_user'])) {
 $cookiedata = $_POST['username']."|".md5($_POST['password']);
 setcookie("autologin", $cookiedata, time() + 31536000);
}

when you select data from the database:

<?php
if (isset($_COOKIE['autologin']) && !isset($_SESSION['username'])) {
 $splitcookie = explode("|",$_COOKIE['autologin']);
 $cookie_u = $splitcookie[0];
 $cookie_p = md5($splitcookie[1]);
 $query = "SELECT * FROM tablename WHERE username='$cookie_u' AND password='$cookie_p' LIMIT 1;";
 $logincookie = mysql_query($query) or die(mysql_error());
 if (mysql_num_rows($logincookie) < 1) {
  echo "Cookie Error - Auto Login Failed!<br>\n";
 }
 else {
  //login and set session vars
  $username = mysql_result($logincookie, 0, "username");
  $_SESSION['username'] = $username;
 }
}
?>

and when you insert rows:

$password = md5($password);
INSERT INTO tablename(password) VALUES (password($password));
sorry last bit should be:

$password = md5($password);
INSERT INTO tablename(password) VALUES ('$password');
Diablo84,

Sorry for troubling you again. Why thi script doesn't work for SESSIONS. It just displays the Login form even if i store the values in SESSION.


<?php
session_start();
include("db_connect.php");
?>

<?php

if ( isset($_SESSION["sess_user"]) && !empty($_SESSION["sess_user"]))  {
            
             echo "<form name = 'logout' action = 'login.php' method='post'>";
             echo "<div class='submitFont'>You are currently logged in as " . $_SESSION['sess_user'] . "</div>";
             echo "<input type = 'submit' name = 'logout' value = '  Sign Out  ' class = 'submitFont'>";
             echo "</form>";
            
             exit;
            
       }      
   
          else if ( isset($_POST["login"]) && !empty($_POST["login"]) ) {
          
                $username = $_POST["username"];
                $password = $_POST["password"];
                 
                $SESSION["sess_user"] = $username;
                
                $selectUser = "SELECT * FROM phonecom_members WHERE username = '".$username."' AND password = '".$password."'";
                $result = mysql_query($selectUser) or die("<div class='errorMsgFont'> Select SQL Error: " . mysql_error() . " . Sorry for the inconvenience. Please try again later.</div>");
                
                $check_user = mysql_num_rows($result);
                
                if($check_user == 0)  {
                      echo "<br><div class='errorMsgFont'>User Name or Password is invalid. <a href='javascript:history.go(-1)'>Click here</a> to go back and try again.</div><br><br>";
                }
                
            }
        
   else {

?>

<!-- Show Form --> (form submits to the same page.)

<?php

 }

?>
most obvious error is

$SESSION["sess_user"] = $username;

should be

$_SESSION["sess_user"] = $username;
:-D

I found it just now.

Thanks again.
no problem :)

|)iablo