Jump to content

Search the Community

Showing results for tags 'pickled'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to PHP Freaks
    • Announcements
    • Introductions
  • PHP Coding
    • PHP Coding Help
    • Regex Help
    • Third Party Scripts
    • FAQ/Code Snippet Repository
  • SQL / Database
    • MySQL Help
    • PostgreSQL
    • Microsoft SQL - MSSQL
    • Other RDBMS and SQL dialects
  • Client Side
    • HTML Help
    • CSS Help
    • Javascript Help
    • Other
  • Applications and Frameworks
    • Applications
    • Frameworks
    • Other Libraries
  • Web Server Administration
    • PHP Installation and Configuration
    • Linux
    • Apache HTTP Server
    • Microsoft IIS
    • Other Web Server Software
  • Other
    • Application Design
    • Other Programming Languages
    • Editor Help (PhpStorm, VS Code, etc)
    • Website Critique
    • Beta Test Your Stuff!
  • Freelance, Contracts, Employment, etc.
    • Services Offered
    • Job Offerings
  • General Discussion
    • PHPFreaks.com Website Feedback
    • Miscellaneous

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Age


Donation Link

Found 1 result

  1. hey guys...i'm scratching my head over my authenticate method when it comes to remembering user or not! here are the setting for my sessions ini_set('session.gc_probability', 1); ini_set('session.gc_maxliftime', 60*60); session_set_cookie_params(60*60*7, '/'); now with the authentication there is 2 ways of being logged in. 1. if user wants to be remembered on log in, they have a authentication token saved in a session cookie and it if it matches with the users db row token the the user will log in automatically every time. 2. if user doesn't want to be remembered when they log in a user id and username is saved as a session where i then can confirm the in user db row when on site (sessions to be destroyed when browser closes) the problem and help i need is on number 2...because i have a lifetime on the sessions the user id and username always gets remembered even when browser is closed and re-opened...causing the user to be remembered when he/she doesn't want to be....how can i get around this issue please? some session values i want to remember and some i just don't! here is my method for authentication if needed. public function authenticate() { $db = $this->_db; $session = new Session; $session->start(); $user_id = $session->user_id; $username = $session->username; $identity = $this->_identity; $password = $this->_password; if ($session->authenication_token) { $parameters = array(":authentication_token" => $session->authentication_token); $query = "SELECT user_id, username, password, email_address, status, activation_code, timezone_offset, latitude, longitude, distance_unit, timestamp FROM users WHERE authentication_token = :token AND authenticated = 1"; $db->connect(); $result = $db->execute($query, $parameters); $row = $result->fetch_row(); $row_count = $result->row_count(); $result->free_result(); $db->close(); if ($row_count === 1) { $this->_authenticated = true; } } else if (!empty($id) && !empty($username)) { // check id and username with db // auth if successful } else if (!empty($identity) && !empty($password)) { if ($this->is_email_address($identity)) { $identity_column = "email_address"; } else { $identity_column = "username"; } $parameters = array(":identity" => $identity); $query = "SELECT user_id, username, password, email_address, status, activation_token, timezone_offset, latitude, longitude, distance_unit, timestamp FROM users WHERE " . $identity_column . " = :identity"; $db->connect(); $result = $db->execute($query, $parameters); $row = $result->fetch_row(); $row_count = $result->row_count(); $result->free_result(); $db->close(); if ($row_count === 1 && $this->verify_password($password, $row['password'])) { $this->_authenticated = true; if ($this->_remember) { $authentication_token = $this->get_token(); $session->authentication_token = $authentication_token; $parameters = array(':authentication_token' => $authentication_token, ':user_id' => $row['user_id'] ); $query = "UPDATE users SET authentication_token = :authentication_token WHERE user_id = :user_id"; $result = $db->execute($query, $parameters); } else { if ($session->authentication_token) { $session->destroy('authentication_token'); } $parameters = array(':user_id' => $row['user_id'] ); $query = "UPDATE users SET authentication_token = null WHERE user_id = :user_id"; $result = $db->execute($query, $parameters); } } } $this->record_login_attempt($identity); if ($this->_authenticated) { $session->user_id = $row['user_id']; $session->username = $row['username']; $session->login_time = time(); return true; } if ($this->brute_force_attack($identity)) { $this->block_account($identity); } return false; } help on this session matter would be extremely grateful...any criticism on how I'm doing things is also very welcome...thank you guy
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.