Jump to content

Recommended Posts

By default, sessions also use cookies. A session ID is stored in a cookie, so the server can keep track of which request relates to which session. It is possible to pass the session ID around in the URL.

 

By default, sessions last till the browser is closed. This can be changed, however.

 

And yes, you'll need to use cookies for a remember me feature.

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522177
Share on other sites

So to not take up room on the forum, i will post my question here.

I have a login page, when the user has logged in the page redirects to the create cookie page then this page redirects to the "next page",

my problem is that there is a gap when redirecting where you can see the login page once logged in, how can i make it so that when you log in you go straight to the "next page" and the cookie is created.

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522187
Share on other sites

Erm, i kinda understand, can i show you what happens,

http://deanwhitehouse.awardspace.co.uk/login.php

the admin username is:

Blade280891

and password:

Natasha

 

the non-admin username is:

Bob

and password:

BOB

 

How would i create the cookies in the same page, do i put my create cookie code into the if, instead of the redirection code??

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522193
Share on other sites

erm because i have already sent a header on the first page, therefore won't i recieve an error.

 

here is some of the code if this helps

in the login code

	if ($user_level == 1) {
		echo "<meta http-equiv='refresh' content='2; url=../includes/setcookie.php?u=$username&p=$user_password'>";
	} 
	elseif ($user_level == 2){    
		echo "<meta http-equiv='refresh' content='2; url=../includes/setcookie.php?u=$username&p=$user_password'>";
	}
}
else{
	echo 'Login failed. Username and Password did not match database entries.';    
    }

 

cookie code

<?php
$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'"));

$userright = array($login_check['user_name'], $login_check['userlevel']);
$s_userpass = serialize($userpass);

setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>";

?>

 

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522206
Share on other sites

You can send multiple headers out. It's just the that you can't send headers after the data.

 

There shouldn't be any need to output data(HTML) while you are processing the HTTP POST request. If you outputing HTML data while processing the login form, move the code that processes the login for to a seperate page or someting.

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522211
Share on other sites

ok, when i tried this code, i get a cannot modify header error for a split second then it works.

if ($user_level == 1) {
	$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = 	'$_GET[p]'"));

$userright = array($login_check['user_name'], $login_check['userlevel']);
$s_userpass = serialize($userpass);

setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
echo "<meta http-equiv='refresh' content='0; url=../index.php'>";

	} 
	elseif ($user_level == 2){    
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'"));

$userright = array($login_check['user_name'], $login_check['userlevel']);
$s_userpass = serialize($userpass);

setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>";
	}
}

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522218
Share on other sites

Why are you using serialize() on the password before putting it in the cookie?

 

Are the only headers you are sending out is the cookies ( via setcookie )?

 

Have you checked to make sure that you are not sending out any data before setting the cookies

 

Header errors: http://www.phpfreaks.com/forums/index.php/topic,37442.0.html

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522225
Share on other sites

I didn't write the cookie code so i do not no what to change in it etc.

this is the whole login code, without the form

<?php
require_once '../includes/main.inc.php';
require_once '../includes/db_connect.php';
require_once '../includes/config_table.inc.php';
require_once '../includes/header.php';
require_once '../includes/footer.php';
require_once '../nav_bar.php';

$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
$_SESSION['username'] = $row['user_name'];
$_SESSION['user_level'] = $row['userlevel'];

$user_name = $_POST["user_name"];        
$user_password = $_POST["user_password"];    
$verify_username = strlen($user_name);
$verify_pass = strlen($user_password);
if ($verify_pass > 0 && $verify_username > 0)
{
$salt = substr($user_password, 0, 2);
$userPswd = crypt($user_password, $salt);
$sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1){
$row = mysql_fetch_assoc($result);
$user_level = $row['userlevel'];
	if ($user_level == 1) {
	$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = 	'$_GET[p]'"));

$userright = array($login_check['user_name'], $login_check['userlevel']);
$s_userpass = serialize($userpass);

setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
echo "<meta http-equiv='refresh' content='0; url=../index.php'>";

	} 
	elseif ($user_level == 2){    
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'"));

$userright = array($login_check['user_name'], $login_check['userlevel']);
$s_userpass = serialize($userpass);

setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>";
	}
}
else{
	echo 'Login failed. Username and Password did not match database entries.';    
    }
}

else
{
    echo "Form was not completed. Please go back and make sure that the form was fully completed.";    
}


mysql_close();
?>

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522228
Share on other sites

Assuming that the header.php, footer.php and nav_bar.php files are the ones that are printing the HTML, this is what I would do. This should only print out HTML if there was an error. IF there aren't any errors, the you should be able to send headers when ever you want

<?php
require_once '../includes/main.inc.php';
require_once '../includes/db_connect.php';
require_once '../includes/config_table.inc.php';

$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
$_SESSION['username'] = $row['user_name'];
$_SESSION['user_level'] = $row['userlevel'];

// Only include the header and footers if you have to print errors
function print_error($err_message)
{
require_once '../includes/header.php';
require_once '../includes/footer.php';
require_once '../nav_bar.php';
echo $err_message;
exit;
}

$user_name = $_POST["user_name"];        
$user_password = $_POST["user_password"];    
$verify_username = strlen($user_name);
$verify_pass = strlen($user_password);
if ($verify_pass > 0 && $verify_username > 0)
{
$salt = substr($user_password, 0, 2);
$userPswd = crypt($user_password, $salt);
$sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1){
	$row = mysql_fetch_assoc($result);
	$user_level = $row['userlevel'];
	if ($user_level == 1) {
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = 	'$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);

		setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
		echo "<meta http-equiv='refresh' content='0; url=../index.php'>";

	} 
	elseif ($user_level == 2){    
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);

		setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
		echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>";
	}
}
else{
	print_error( 'Login failed. Username and Password did not match database entries.');    
}
}

else
{
print_error( "Form was not completed. Please go back and make sure that the form was fully completed.");    
}


mysql_close();
?> 

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522235
Share on other sites

er im not sure, all my code is in PHP not html but i think i no what to change.

Also is there a way of redirecting back to the page the user was on.

E.g they login on home.php

and they get redirected to home.php

not to the a set page.

Would i use $_server

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522236
Share on other sites

Yes, that is the way I handle it in my scripts

 

I have an include file ('login.php') that I include in every page I want protected. It checks if the user is logged it, and if it isn't it will print the login form and set the from 'action' to the $_SERVER['REQUEST_URI']. Then the user POSTs the login form and once again the include file ('login.php') catches it ( because the login form has a different name then all of the other form names ), then if the information is correct, it will just refresh the page ( to remove the 'Are you sure you want to submit this data again' message that some browsers display if you hit refresh on a page that was a result of POSTing a form) and the next time around the session variablse will be setup and it will let it go though back to the page that included the file ('login.php').

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522240
Share on other sites

Can u have a look at this code and see why it doesn't work

<?php
require_once '../includes/main.inc.php';
require_once '../includes/db_connect.php';
require_once '../includes/config_table.inc.php';

$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
$_SESSION['username'] = $row['user_name'];
$_SESSION['user_level'] = $row['userlevel'];

// Only include the header and footers if you have to print errors
function print_error($err_message)
{
require_once '../includes/header.php';
require_once '../includes/footer.php';
require_once '../nav_bar.php';
echo $err_message;
exit;
}

$user_name = $_POST["user_name"];        
$user_password = $_POST["user_password"];    
$verify_username = strlen($user_name);
$verify_pass = strlen($user_password);
if ($verify_pass > 0 && $verify_username > 0)
{
$salt = substr($user_password, 0, 2);
$userPswd = crypt($user_password, $salt);
$sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1){
	$row = mysql_fetch_assoc($result);
	$user_level = $row['userlevel'];
	if ($user_level == 1) {
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = 	'$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);

		setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
		echo "<meta http-equiv='refresh' content='0; url=../index.php'>";

	} 
	elseif ($user_level == 2){    
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);

		setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
		echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>";
	}
}
else{
	print_error( 'Login failed. Username and Password did not match database entries.');    
}
}

else
{
print_error( "Form was not completed. Please go back and make sure that the form was fully completed.");    
}


mysql_close();
?> 

admin centre code

<?php
require_once '../includes/main.inc.php';
require_once '../includes/db_connect.php';
require_once '../includes/config_table.inc.php';
require_once '../includes/header.php';
require_once '../includes/footer.php';
require_once '../nav_bar.php';


if ($_SESSION['is_valid'] == true){
if ($_SESSION['user_level'] == 2){
echo "incorrect permissions";
}
if ($_SESSION['user_level'] == 1){
echo "<table class='admin'><form method='post' action='writ_pref.php'>
<tr><td>
Home Page:</td><td>  
<input type='text' name='main_page' value='$main_page'><br></td></tr>
<tr><td>
Site Name:</td><td>  
<input type='text' name='site_title' value='$site_title'><br></td></tr>
<tr><td>
Disclaimer:  </td><td>
<input type='text' name='site_disclaimer' value='$site_disclaimer'><br></td></tr>
<tr><td>
Intro:</td><td>  
<input type='text' name='intro' value='$intro'><br></td></tr>
<tr><td></td><td><input type='submit' value='Continue' name='check'>
</td></tr></form>
</table>";
}
}
else 
{
echo "login";
}
//table where user enters the sites details

?>

 

Any ideas

i have worked out that the login form doesn't work now.

the form requries all the files mentioned, so when u added this

function print_error($err_message)
{
require_once '../includes/header.php';
require_once '../includes/footer.php';
require_once '../nav_bar.php';
echo $err_message;
exit;
}

it stopped the code working.

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522254
Share on other sites

could this code be a problem,

<?php
session_start();
echo ("<title>$site_title</title>");
echo ("<link rel='stylesheet' type='text/css' href='../Themes/style.css' />");
echo ("<table class='title'><tr><td align='center'><h1>$custom_header</h1></td></tr></table>");
?>

 

this is header

 

footer

<?php
echo "<p class='disclaimer'>$site_disclaimer</p>";
?>

 

and nav bar

<?php 
if ($_SESSION['is_valid'] == true){
if ($_SESSION['user_level'] == 2){
echo "<table class='nav_bar'><tr><td>
<a class='nav_bar' href='$home_page/$main_page'>$home</a>
</td></tr><tr><td>Logged In</td></tr></table>";
}
if ($_SESSION['user_level'] == 1){
echo "<table class='nav_bar'><tr><td>
<a class='nav_bar' href='$home_page/$main_page'>$home</a>
</td></tr><tr><td>
<a class='nav_bar' href='/admin/admin_centre.php'>Admin Centre</a>
</td></tr></table>";
}
}
else
{
echo "
<table class='nav_bar'><tr><td>
<a class='nav_bar' href='$home_page/$main_page'>$home</a>
</td></tr></table>";
}
?>

 

and home.php

<html>
<table id="time"><tr><td><?php echo gmdate('l jS \of F Y');?><br><?php echo gmdate('h:i:s A');?></td></tr></table>
</html>
<?php
require_once 'includes/main.inc.php';
require_once 'includes/db_connect.php';
require_once 'includes/config_table.inc.php';
require_once 'includes/header.php';
require_once 'includes/footer.php';
require_once 'nav_bar.php';
?>
<?php
if (is_dir(install)) {
     echo "<p class='exists'><br>Please remove the install folder</p>";
} else {
echo "Please go to the admin centre to cutomise the site";
}
echo "$intro";
?>

is it because the session_start(); is in the header?

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522272
Share on other sites

Yes, my function 'print_error()' was just a guess at based on the names of your include files. I didn't know what files were need and which ones weren't. Make sure that you use the right include files.

 

All of those files you listed in the last reply output HTML data. Are any of the included before the login code gets a chance to run?

Link to comment
https://forums.phpfreaks.com/topic/102034-remeber-me/#findComment-522280
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.