jalexan123
asked on
Creating A "Remeber Me" Cookie?
Hi,
I have a login page where a user uses their username and password to login. However if they come back to the site later on they have to enter those details again.
Does anyonw know how I can get a "Remeber Me" function working? I am just starting out in the world of php so I am not sure where to start. I am using a MySQL database.
Thanks
Jon
I have a login page where a user uses their username and password to login. However if they come back to the site later on they have to enter those details again.
Does anyonw know how I can get a "Remeber Me" function working? I am just starting out in the world of php so I am not sure where to start. I am using a MySQL database.
Thanks
Jon
https://www.experts-exchange.com/questions/21086125/want-to-keep-user-logged-in.html
ASKER
Hi,
Many thanks ldbkutty, I had read that one before. I was a bit confused(yeah, it's not that easy!) as my passwords are not encrypted in the database. So I wasn't sure which bits I needed to edit :(
Thanks
Jon
Many thanks ldbkutty, I had read that one before. I was a bit confused(yeah, it's not that easy!) as my passwords are not encrypted in the database. So I wasn't sure which bits I needed to edit :(
Thanks
Jon
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Thanks for the help!!
Will get onto it right away!!
Cheers
Jon
Thanks for the help!!
Will get onto it right away!!
Cheers
Jon
ASKER
Hi Again,
Do I need to set up any fields in the MySQL database? I have inserted and tried to use the remember me button, everything was going well until I get this error :-
Table 'db2d3d.tablename' doesn't exist
Thanks
Jon
Do I need to set up any fields in the MySQL database? I have inserted and tried to use the remember me button, everything was going well until I get this error :-
Table 'db2d3d.tablename' doesn't exist
Thanks
Jon
You have to give the actual table name in which you store the username, password.
In this line :
$query = "SELECT * FROM tablename WHERE username='$cookie_user' AND password='$cookie_pass' LIMIT 1;";
Replace the "tablename" with your original table name and fields "username" , "password" with user name, password table columns. Similarly in this line :
$username = mysql_result($logincookie, 0, "username");
you have to repace "username" with the user name column of your table.
In this line :
$query = "SELECT * FROM tablename WHERE username='$cookie_user' AND password='$cookie_pass' LIMIT 1;";
Replace the "tablename" with your original table name and fields "username" , "password" with user name, password table columns. Similarly in this line :
$username = mysql_result($logincookie,
you have to repace "username" with the user name column of your table.
ASKER
Doh! Sorry for my stupidity, thanks, will make the changes now!
Thanks
Jon
Thanks
Jon
ASKER
Hi,
Well, it seems to be working, I say seems because I can't tell. How do you test whether a cookie is working? The thing is the session always kept you logged in for 30 minutes anyway unless you logged out, I don't really want to sit here for the next 2 hours trying my cookies! Is there anyway to test it is working?
Thanks
Jon
Well, it seems to be working, I say seems because I can't tell. How do you test whether a cookie is working? The thing is the session always kept you logged in for 30 minutes anyway unless you logged out, I don't really want to sit here for the next 2 hours trying my cookies! Is there anyway to test it is working?
Thanks
Jon
ASKER
And saying that, I can see the cookie when I view cookies in Firefox, is it easy to encrypt the cookie password or is that going to be just too much?
Thanks
Jon
Thanks
Jon
print_r($_COOKIE); will list all the existing cookies. Or simply try this :
<?php
print_r($_COOKIE);
if(isset($_COOKIE["usernam e"])) {
echo "Username cookie is set : " . $_COOKIE["username"];
}
else {
echo "Username cookie not set!";
}
?>
<?php
print_r($_COOKIE);
if(isset($_COOKIE["usernam
echo "Username cookie is set : " . $_COOKIE["username"];
}
else {
echo "Username cookie not set!";
}
?>
It depends on the encryption alogorithm you use. MD5 is a good one way encryptng hashing algorithm. Encrypt the password with MD5 and store it in the database (and ofcourse in the cookie).
ASKER
Thanks, this is the message I get :-
Array ( [autologin] => jonj161|mypassword [PHPSESSID] => e903135cdcfd7e5bd6ae917191 b8a9dc ) Username cookie not set!
Hmm, must have made a wrong turn :(
It is strange because this is what firefox is saying :-
Name autologin
Value jonj161%7Cmypassword
Host localhost
Path /mysite/
Expires 15 March 2006 10:31:10
?
Array ( [autologin] => jonj161|mypassword [PHPSESSID] => e903135cdcfd7e5bd6ae917191
Hmm, must have made a wrong turn :(
It is strange because this is what firefox is saying :-
Name autologin
Value jonj161%7Cmypassword
Host localhost
Path /mysite/
Expires 15 March 2006 10:31:10
?
Oops, sorry the cookie name is "autologin", not username. Cookie works in your case as you can see it in the array. However you can do this if you want :
<?php
if(isset($_COOKIE["autolog in"])) {
echo "Autologin cookie is set : " . $_COOKIE["autologin"];
}
else {
echo "Autologin cookie not set!";
}
?>
<?php
if(isset($_COOKIE["autolog
echo "Autologin cookie is set : " . $_COOKIE["autologin"];
}
else {
echo "Autologin cookie not set!";
}
?>
ASKER
Hi,
Ok, message now says
Autologin cookie is set : jonj161|mypassword
So I assume that is OK? and working?
Ok, I am going to accept your excellent answers ldbkutty, and I am willing to start a new question if needed, but is there anywhere that can tell me how to do the encryption and limit cookie times, I want them permanently logged in unless they log out, did that make sense?
Thanks
Jon
Ok, message now says
Autologin cookie is set : jonj161|mypassword
So I assume that is OK? and working?
Ok, I am going to accept your excellent answers ldbkutty, and I am willing to start a new question if needed, but is there anywhere that can tell me how to do the encryption and limit cookie times, I want them permanently logged in unless they log out, did that make sense?
Thanks
Jon
ASKER
Also, do I need to place any code on each user accessable page or just in the login page?
Thanks
Jon
Thanks
Jon
ASKER
Actually about the cookie unset thing, I found this in Diablo84's comments :-
setcookie("autologin", "", time() - 3600);
But where exactly would I place that?
Thanks
Jon
setcookie("autologin", "", time() - 3600);
But where exactly would I place that?
Thanks
Jon
Cookie lifetime is set in the setcookie method itself.
> setcookie("autologin", $cookiedata, time() + 31536000);
The 31536000 represents the number of seconds to expire. You can do it as :
setcookie("autologin", $cookiedata, time() + 60*60*24*30*12);
so the lifetime of the cookie is one year from the current time.
Dont forget to remove the cookie if the user logs out. Removing cookie can be done like this :
setcookie("autologin", "", time() - 3600);
you can notice the subtraction of 1 hour(60*60) from the current time denotes the cookie has been expired already.
>> Also, do I need to place any code on each user accessable page or just in the login page?
You should have SESSION maintained for the user. Assuming you have a common file named "login.php" which is called in every authenticated page, you have to put the code (above cookie code) in login.php.
Structure is like this :
<?php
if(isset($_COOKIE["autolog in"])) {
// call the cookie using the code given.
}
else {
// first time login or cookie expired. Call with normal procedure.
}
?>
> setcookie("autologin", $cookiedata, time() + 31536000);
The 31536000 represents the number of seconds to expire. You can do it as :
setcookie("autologin", $cookiedata, time() + 60*60*24*30*12);
so the lifetime of the cookie is one year from the current time.
Dont forget to remove the cookie if the user logs out. Removing cookie can be done like this :
setcookie("autologin", "", time() - 3600);
you can notice the subtraction of 1 hour(60*60) from the current time denotes the cookie has been expired already.
>> Also, do I need to place any code on each user accessable page or just in the login page?
You should have SESSION maintained for the user. Assuming you have a common file named "login.php" which is called in every authenticated page, you have to put the code (above cookie code) in login.php.
Structure is like this :
<?php
if(isset($_COOKIE["autolog
// call the cookie using the code given.
}
else {
// first time login or cookie expired. Call with normal procedure.
}
?>
ASKER
We seem to have posted at the same time, yes login.php is in every authenticated page, but where do I put the
setcookie("autologin", "", time() - 3600);
Does that go in the same page and how does it know someone has logged out? There is a logout button.
Thanks
Jon
setcookie("autologin", "", time() - 3600);
Does that go in the same page and how does it know someone has logged out? There is a logout button.
Thanks
Jon
> There is a logout button.
Say logout.php is called when logout button is entered, put the code in logout.php
Say logout.php is called when logout button is entered, put the code in logout.php
Including the secookie("autologin", "", time() - 3600); can be put anywhere in that logout.php but make sure it is fired. (not within any IF.. ELSE loop)
If unclear, post the action page of logout button (logout.php)
If unclear, post the action page of logout button (logout.php)
ASKER
Ah cool, Cheers ldbkutty, I will do that!!!!
Anyway just one other thing about the encryption, is there anywhere I can find out about that, or is it easier to start a new question?
Cheers
Jon
Anyway just one other thing about the encryption, is there anywhere I can find out about that, or is it easier to start a new question?
Cheers
Jon
typo... its setcookie... not secookie
would be better if it is a new question :)
ASKER
Cool!!! Will start one right now!! I tried the logout.php with the new line of code and it works great. Before when you used to signout it still showed the cookie but now it says not-set!
Thanks
Jon
Thanks
Jon