sangeetha
asked on
want to keep user logged in
I have a login page. I have a check box called 'Remember Me' . When the checkbox is clicked i want the user to be logged in during the next visit.
I am good with PHP, SESSIONS but i guess i have to use COOKIES for this. Here's my current script.
<form method="post" name="loginform" action="login.php">
<table border="0" cellspacing="0" cellpadding="1">
<tr> <td>User Name:</b></td>
<td><Input type="text" name="username" size=25 maxlength=45></td> </tr>
<tr> <td><b>Password: </td>
<td><input type="password" name="password" size=25 maxlength=45></td> </tr>
<tr> <td><b> Remeber Me: </b></td>
<td> <input type="checkbox" name="remember_user"></td> </tr>
<tr> <td colspan="2"> <input type="submit" name="submit" value="Sign In"> </td> </tr>
</table>
</form>
I am not sure how i can accomplish this. Any help soon would be great.
I am good with PHP, SESSIONS but i guess i have to use COOKIES for this. Here's my current script.
<form method="post" name="loginform" action="login.php">
<table border="0" cellspacing="0" cellpadding="1">
<tr> <td>User Name:</b></td>
<td><Input type="text" name="username" size=25 maxlength=45></td> </tr>
<tr> <td><b>Password: </td>
<td><input type="password" name="password" size=25 maxlength=45></td> </tr>
<tr> <td><b> Remeber Me: </b></td>
<td> <input type="checkbox" name="remember_user"></td>
<tr> <td colspan="2"> <input type="submit" name="submit" value="Sign In"> </td> </tr>
</table>
</form>
I am not sure how i can accomplish this. Any help soon would be great.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
by the way, when the user logs out you will need to add this code to unset the cookie.
setcookie("autologin", "", time() - 3600);
setcookie("autologin", "", time() - 3600);
ASKER
Diablo84,
thanks for your reply. One question: If i store the password by the query, say,
INSERT INTO tablename($password) VALUES (password($password)); (example)
password is encrypted and stored in the DB. But, if i retrieve using SELECT query, how can decrypt it ?
Say, for example user enters password as : indian
it is stored in the DB as, say : 23fwferFRE343FEf3435 (for example).
while retrieving with password 'indian' how can i decrypt the password in DB. Or any other suggestions ?
Thanks.
thanks for your reply. One question: If i store the password by the query, say,
INSERT INTO tablename($password) VALUES (password($password)); (example)
password is encrypted and stored in the DB. But, if i retrieve using SELECT query, how can decrypt it ?
Say, for example user enters password as : indian
it is stored in the DB as, say : 23fwferFRE343FEf3435 (for example).
while retrieving with password 'indian' how can i decrypt the password in DB. Or any other suggestions ?
Thanks.
you should just say...
"INSERT INTO tablename($password) VALUES(".md5($password).") ";
and get it out like:
"SELECT * FROM tablename WHERE password='".md5('indian'). "'";
Zac Charles
"INSERT INTO tablename($password) VALUES(".md5($password).")
and get it out like:
"SELECT * FROM tablename WHERE password='".md5('indian').
Zac Charles
hmm, not 100% sure as i don't usually use mysql password function, i doubt it can be decrypted, most hashes cannot be decrypted however you might be able to work by encrypting the password in the select query, not sure how well it will work, eg:
$query = "SELECT * FROM tablename WHERE username='$cookie_u' AND password=password('$cookie _p') LIMIT 1;";
i would however use md5 encryption
$query = "SELECT * FROM tablename WHERE username='$cookie_u' AND password=password('$cookie
i would however use md5 encryption
when you set the cookie:
if (isset($_POST['remember_us er'])) {
$cookiedata = $_POST['username']."|".md5 ($_POST['p assword']) ;
setcookie("autologin", $cookiedata, time() + 31536000);
}
when you select data from the database:
<?php
if (isset($_COOKIE['autologin ']) && !isset($_SESSION['username '])) {
$splitcookie = explode("|",$_COOKIE['auto login']);
$cookie_u = $splitcookie[0];
$cookie_p = md5($splitcookie[1]);
$query = "SELECT * FROM tablename WHERE username='$cookie_u' AND password='$cookie_p' LIMIT 1;";
$logincookie = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($logincook ie) < 1) {
echo "Cookie Error - Auto Login Failed!<br>\n";
}
else {
//login and set session vars
$username = mysql_result($logincookie, 0, "username");
$_SESSION['username'] = $username;
}
}
?>
and when you insert rows:
$password = md5($password);
INSERT INTO tablename(password) VALUES (password($password));
if (isset($_POST['remember_us
$cookiedata = $_POST['username']."|".md5
setcookie("autologin", $cookiedata, time() + 31536000);
}
when you select data from the database:
<?php
if (isset($_COOKIE['autologin
$splitcookie = explode("|",$_COOKIE['auto
$cookie_u = $splitcookie[0];
$cookie_p = md5($splitcookie[1]);
$query = "SELECT * FROM tablename WHERE username='$cookie_u' AND password='$cookie_p' LIMIT 1;";
$logincookie = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($logincook
echo "Cookie Error - Auto Login Failed!<br>\n";
}
else {
//login and set session vars
$username = mysql_result($logincookie,
$_SESSION['username'] = $username;
}
}
?>
and when you insert rows:
$password = md5($password);
INSERT INTO tablename(password) VALUES (password($password));
sorry last bit should be:
$password = md5($password);
INSERT INTO tablename(password) VALUES ('$password');
$password = md5($password);
INSERT INTO tablename(password) VALUES ('$password');
ASKER
Diablo84,
Sorry for troubling you again. Why thi script doesn't work for SESSIONS. It just displays the Login form even if i store the values in SESSION.
<?php
session_start();
include("db_connect.php");
?>
<?php
if ( isset($_SESSION["sess_user "]) && !empty($_SESSION["sess_use r"])) {
echo "<form name = 'logout' action = 'login.php' method='post'>";
echo "<div class='submitFont'>You are currently logged in as " . $_SESSION['sess_user'] . "</div>";
echo "<input type = 'submit' name = 'logout' value = ' Sign Out ' class = 'submitFont'>";
echo "</form>";
exit;
}
else if ( isset($_POST["login"]) && !empty($_POST["login"]) ) {
$username = $_POST["username"];
$password = $_POST["password"];
$SESSION["sess_user"] = $username;
$selectUser = "SELECT * FROM phonecom_members WHERE username = '".$username."' AND password = '".$password."'";
$result = mysql_query($selectUser) or die("<div class='errorMsgFont'> Select SQL Error: " . mysql_error() . " . Sorry for the inconvenience. Please try again later.</div>");
$check_user = mysql_num_rows($result);
if($check_user == 0) {
echo "<br><div class='errorMsgFont'>User Name or Password is invalid. <a href='javascript:history.g o(-1)'>Cli ck here</a> to go back and try again.</div><br><br>";
}
}
else {
?>
<!-- Show Form --> (form submits to the same page.)
<?php
}
?>
Sorry for troubling you again. Why thi script doesn't work for SESSIONS. It just displays the Login form even if i store the values in SESSION.
<?php
session_start();
include("db_connect.php");
?>
<?php
if ( isset($_SESSION["sess_user
echo "<form name = 'logout' action = 'login.php' method='post'>";
echo "<div class='submitFont'>You are currently logged in as " . $_SESSION['sess_user'] . "</div>";
echo "<input type = 'submit' name = 'logout' value = ' Sign Out ' class = 'submitFont'>";
echo "</form>";
exit;
}
else if ( isset($_POST["login"]) && !empty($_POST["login"]) ) {
$username = $_POST["username"];
$password = $_POST["password"];
$SESSION["sess_user"] = $username;
$selectUser = "SELECT * FROM phonecom_members WHERE username = '".$username."' AND password = '".$password."'";
$result = mysql_query($selectUser) or die("<div class='errorMsgFont'> Select SQL Error: " . mysql_error() . " . Sorry for the inconvenience. Please try again later.</div>");
$check_user = mysql_num_rows($result);
if($check_user == 0) {
echo "<br><div class='errorMsgFont'>User Name or Password is invalid. <a href='javascript:history.g
}
}
else {
?>
<!-- Show Form --> (form submits to the same page.)
<?php
}
?>
most obvious error is
$SESSION["sess_user"] = $username;
should be
$_SESSION["sess_user"] = $username;
$SESSION["sess_user"] = $username;
should be
$_SESSION["sess_user"] = $username;
ASKER
:-D
I found it just now.
Thanks again.
I found it just now.
Thanks again.
no problem :)
|)iablo
|)iablo
if (isset($_COOKIE['autologin
this line checks that the cookie is set and the username session is not set (ie. the user has not yet been logged in and they have the autologin cookie set).
$splitcookie = explode("|",$_COOKIE['auto
$cookie_u = $splitcookie[0];
$cookie_p = $splitcookie[1];
the above code splits the data in the cookie so you have the user name in the first variable ($cookie_u) and the password in the second ($cookie_p).
$query = "SELECT * FROM tablename WHERE username='$cookie_u' AND password='$cookie_p' LIMIT 1;";
This runs a query on your database (you need to customise this query!!) selecting the required fields for the login (replace * with the fields you need - field1,field2,field3 etc to make the query more efficent). Notice it selects one row which matches the username and password set in the cookie. If needed change "username" to the name of your username field and "password" to the name of your password field.
if (mysql_num_rows($logincook
echo "Cookie Error - Auto Login Failed!<br>\n";
}
This means that data was set in the cookie but an account no longer matches the data stored, normally this message wont be produced.
$username = mysql_result($logincookie,
$_SESSION['username'] = $username;
In the above code you are using the results returned by the database to set the session vars up (like you would when you handle the login normally), you may need to add some code here to set more data in sessions.