[SOLVED] "Remember Me" - Setting Cookies

[hoopplaya4]

Hi All:

 

I've been reading some tutorials on this one and have been attempting to set a cookie when a user logs in successfully and clicks the "Remember Me" checkbox.  However, upon a successful login, it appears that the cookie is not being set.

 

Here's my form (simple):

 

<form action="scripts/process_login.php" method="POST">

   <input type="text" name="username" maxlength="30" value="" placeholder="Username" />

   <input type="password" name="password" maxlength="30" value="" placeholder="Password" />

   <span>Remember me?</span><input type="checkbox" name="remember" value="yes" >

   <input type="submit" value="Login">

</form>

 

And here's my login script:

 

<?php
session_start();
session_register('sessUsrFirstName');
session_register('sessUsrLastName');
session_register('username');
session_register('password');
session_register('sessUsrID');
session_register('sessPosition');
session_register('admin');
session_register('sessUsrEmail');

$strLOGONOK = 0;

$usrName = $_POST["username"];
$usrPassword = $_POST["password"];

$sql = "SELECT usrID, usrFirst, usrLast, usrPosition, usrAdmin, usrEmail, usrLogin, usrPassword FROM tblUsers";
$sql .=" WHERE (usrPassword = '$usrPassword') AND (usrLogin = '$usrName') AND (usrActive = 1)";


//print($sql);

require("../connection.php");


$rs=mysql_db_query($DBname,$sql,$link);

if ($rs) {

     while ($row=mysql_fetch_array($rs)){

		$strLOGONOK = 1;
		$_SESSION['sessUsrFirstName'] = $row['usrFirst'];
	$_SESSION['sessUsrLastName'] = $row['usrLast'];
	$_SESSION['sessUsrEmail'] = $row['usrEmail'];
	$_SESSION['sessUsrID'] = $row["usrID"];
	$_SESSION['sessPosition'] = $row['usrPosition'];
	$_SESSION['admin'] = $row['usrAdmin'];
	$_SESSION['username'] = $row['usrLogin'];
	$_SESSION['password'] = $row['usrPassword'];

	} //end while
  } // end if


   else {$strLOGONOK = 0;}


   mysql_close($link);


if ($strLOGONOK == 1){

if($_POST['remember] == "yes") {
    $expire = time() + 1728000; // Expire in 20 days  
    setcookie('user', "username", $expire);
    setcookie('pass', "password", $expire);
}

if($_SESSION['admin'] == 1) {


  print" <script>
    window.location=\"../secure/admin.php\"
   </script> ";

}
}

else {

print" <script>
  window.location=\"../index.php?msg=1\"
  </script> ";

  }
?>

 

So then, when a user is redirected to secure/admin.php, I've set at the top of the page for it to display:

<?php print_r($_COOKIE); ?>

 

And all it displays is: "Array ( [phpSESSID] => 9e3d0e30fb3c802fba846422eddb0071 )"

 

So, it looks like it's not setting the cookie.  Any ideas on how to get this working for me?  Thanks!

[gevans]

<?php
if($_POST['remember] == "yes") {
    $expire = time() + 1728000; // Expire in 20 days  
    setcookie('user', "username", $expire);
    setcookie('pass', "password", $expire);
}

 

should be

 

<?php
if($_POST['remember'] == "yes") {
    $expire = time() + 1728000; // Expire in 20 days  
    setcookie('user', "username", $expire);
    setcookie('pass', "password", $expire);
}

[ialsoagree]

Be wary of saving the password unencrypted (if you are).

 

Every page request to your server means that the user's password is zooming all over the internet for anyone to intercept. Even if the user is already logged in their browser still submits ALL cookies that go to that site.

[gevans]

Be wary of saving the password unencrypted (if you are).

 

Every page request to your server means that the user's password is zooming all over the internet for anyone to intercept. Even if the user is already logged in their browser still submits ALL cookies that go to that site.

 

That's a very good point, I hadn't even looked at the string you were saving within setcookie(). You're not actually storing their details just the strings 'username' and 'password'. I'd recommend only using the username in the cookie and maybe a UID that will match up with a stored one in the db, that way someone can't just re-create a cookie with a username and find themself loffed in as anyone.

[hoopplaya4]

Thanks for the replies. You're right about the encryption, I actually stripped it down just to keep things simple. I'm not in front of a computer right now, but I'll try the change in a bit. Thanks.

[hoopplaya4]

Okay, so I tried making the changes as you suggested, but I am still getting the same issue.  Those cookies I am trying to create are not being displayed. 

 

Any other suggestions on why this wouldn't be working?

[gevans]

Why don't you show your code then we can see if there's any errors with your syntax

[hoopplaya4]

That's all the code I'm using in my first post above.

 

:-\

[gevans]

what code are you using to call them on the next page?

[hoopplaya4]

I'm using:

 

<?php print_r($_COOKIE); ?>

 

 

Also, I know it's not a browser issue on my end, because I can manually set a cookie at the top of the admin.php page by placing

<?  setcookie('user', "demoa", $expire); ?>

right after session start.  And the cookie is being displayed fine with print_r.

 

Do sub-directories have anything to do with it?  For example, I'm setting the cookie in scripts/process_login.php and trying to view the cookie in secure/admin.php

[hoopplaya4]

Any ideas?

[hoopplaya4]

Ok, so I think it does have something do with the directory in which the cookie is set.

 

As I previously mentioned, the cookie is being set in /scripts/process_login.php, so I created a test file:  /scripts/test.php.  This test is able to display the cookie.

 

I guess I'm going to have to do some research on it, and how to set the path.

[hoopplaya4]

Looks like I totally overlooked this (http://us3.php.net/setcookie) somehow:

 

path

 

    The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain . If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain . The default value is the current directory that the cookie is being set in.