Member_2_5230414
asked on
Adding remeber me to login
How can i add a remember me function to this code?
<?php
$failed = false;
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
if ($email=='' || $password=='') {
$failed = true;
}
if (!$failed) {
$sql = 'SELECT id FROM users WHERE email=\'' . $email . '\' AND password=\'' . $password . '\'';
$rs = mysql_query($sql);
if (mysql_num_rows($rs)==0) {
$failed = true;
}
else {
$row = mysql_fetch_assoc($rs);
$gg = guid();
$sql = 'UPDATE users SET guid=\'' . $gg . '\', last_login=NOW() WHERE id=\'' . $row["id"] . '\'';
mysql_query($sql);
$_SESSION["user_id"] = $row["id"];
$_SESSION["user_guid"] = $gg;
}
mysql_free_result($rs);
}
mysql_close();
if ($failed) header('Location:login.html?login=failed');
//elseif ($_POST['redirect']=='checkout') header('Location:checkout1.html');
else header('Location:profile.html');
?>
This is usually done with a cookie. Please look at this article and see the "remember me" parts. It will show you the complete design pattern.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391.html
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@runnerjp2005: Wow, was it too much trouble to read the article? It has the specific code you need. You can copy it and install it on your server to see it in action.
To anyone who is looking at this answer in the future: Please do not store meaningful data, like a username in a cookie. Cookies are like data base keys. They should contain pointers, but never meaningful values. Because they are external data, they are inherently tainted. The correct way to deal with a cookie is to use it as a key to look up valid information on the server. If the cookie points to valid information, you can use that information. It the cookie does not point to valid information, you simply ignore the cookie.
To anyone who is looking at this answer in the future: Please do not store meaningful data, like a username in a cookie. Cookies are like data base keys. They should contain pointers, but never meaningful values. Because they are external data, they are inherently tainted. The correct way to deal with a cookie is to use it as a key to look up valid information on the server. If the cookie points to valid information, you can use that information. It the cookie does not point to valid information, you simply ignore the cookie.
That is good logic only if you have a database. I only suggested it as a general reference and procedure not as a "must do it this way' kind of thing but good point Ray.
ASKER
Open in new window