We help IT Professionals succeed at work.

Adding remeber me to login

Member_2_5230414
Member_2_5230414 used Ask the Experts™
on
How can i add a remember me function to this code?

<?php
$failed = false;
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);

if ($email=='' || $password=='') {
	$failed = true;
}
	
if (!$failed) {
	$sql = 'SELECT id FROM users WHERE email=\'' . $email . '\' AND password=\'' . $password . '\'';
	$rs = mysql_query($sql);
		
	if (mysql_num_rows($rs)==0) {
		$failed = true;
	}
	else {
		$row = mysql_fetch_assoc($rs);
		$gg = guid();
		$sql = 'UPDATE users SET guid=\'' . $gg . '\', last_login=NOW() WHERE id=\'' . $row["id"] . '\'';
		mysql_query($sql);
			
		$_SESSION["user_id"] = $row["id"];
		$_SESSION["user_guid"] = $gg;
	}
	mysql_free_result($rs);
}
	
mysql_close();

if ($failed) header('Location:login.html?login=failed');
//elseif ($_POST['redirect']=='checkout') header('Location:checkout1.html');
else header('Location:profile.html');
?>

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
the login box looks like this
<form action="<?=$secureaddress?>login_save.php" method="post" class="basic">
							<fieldset>
							<ul>
							<li><label for="signup-email">Email</label><input id="signup-email" name="email" type="text" value="" class="rounded_5" /></li>
									<li><label for="signup-password">Password</label><input id="signup-password" name="password" type="password" value="" class="rounded_5" /></li>
									<li class="group"><input type="submit" value="" class="button signup" /></li>
									<li class="lost">
										<strong>Lost your password?</strong>
										<a href="login_forgotten.html">&raquo; click here</a>
									</li>
									<li class="noaccount">
										<strong>No account yet?</strong>
										<a href="login_create.html">&raquo; register</a>
									</li>
							</ul>
							</fieldset>
						</form>

Open in new window

Most Valuable Expert 2011
Top Expert 2016

Commented:
This is usually done with a cookie.  Please look at this article and see the "remember me" parts.  It will show you the complete design pattern.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391.html
Principal Data Engineer
Commented:
Basically, you set a cookie with the username and hashed password (never store real text passwords - hash them first) if the remember me checkbox is checked. Set the expiry time to
a year from now so it won't expire. In your php code you try and open the cookie and get the stored information back as a string. you then use explode() to separate the string into the parts you need (username and password hashed) and use that for the login info.

If the user un-checks the remember me box you simply set the cookie the same way but set the expiry time for an hour ago so it expires instantly and therefore when you try to retrieve the cookie it will not be there so you can't retrieve the data and load it into the login form.

That's a basic rundown anyway. If you need specific code I can give it to you when I get home.
Most Valuable Expert 2011
Top Expert 2016

Commented:
@runnerjp2005: Wow, was it too much trouble to read the article?  It has the specific code you need.  You can copy it and install it on your server to see it in action.

To anyone who is looking at this answer in the future:  Please do not store meaningful data, like a username in a cookie.  Cookies are like data base keys.  They should contain pointers, but never meaningful values.  Because they are external data, they are inherently tainted.  The correct way to deal with a cookie is to use it as a key to look up valid information on the server.  If the cookie points to valid information, you can use that information.  It the cookie does not point to valid information, you simply ignore the cookie.
Mark BradyPrincipal Data Engineer

Commented:
That is good logic only if you have a database. I only suggested it as a general reference and procedure not as a "must do it this way' kind of thing but good point Ray.