cookie/session login help

[NSW42]

heya all,

 

my script below works to a point that is, but I seem to be having issues with the cookie part, sometimes if you drop the browser, you have to log back in again, and the other issue i seem to be having is, when the stroke of midnight comes, anyone and everyone gets logged out and has to log back in again, seems to me that the cookies are not working for some unknown reason, in one of my other sites I use cookie login and never have to login again unless I actually delete the cookies, any help on this brain draining issue is really appreciated.

 

$email = mysql_real_escape_string(str_replace("'","",$HTTP_POST_VARS["email"]));
  $password=str_replace("'", "", $HTTP_POST_VARS["password"]);
  $password=md5($password);

        $sql="select * from members where member_email like '$email' and member_password like '$password' and enabled = '1'";
        $result=mysql_query($sql);
        $num_rows=mysql_num_rows($result);
        $RSUser=mysql_fetch_array($result);
  if ($num_rows==0)
  {
        print ("<script language='JavaScript'> window.location='index.php?err=1'; </script>");
  }
  else
  {
  //if($RSUser["email_verify"]==0)
  //{
  //      print ("<script language='JavaScript'> window.location='login.php?err=2'; </script>");
  //}
  //else
  //{
        $posted_on=date("d/m/Y");
        $ip_address=$_SERVER['REMOTE_ADDR'];


      $sql="update members set last_login = '$posted_on', last_ip = '$ip_address' where member_id = $RSUser[member_id]";
      $upd=mysql_query($sql);
      
      $sql="update members set next_email = 0 where member_id = $RSUser[member_id]";
      $upd = mysql_query($sql);
      
      $now_time = strtotime("now");

      $sql="update members set last_login_time = $now_time where member_id = $RSUser[member_id]";
      $upd_member = mysql_query($sql);


  $_SESSION["logged_in"]="yes";
  $_SESSION["member_id"]=$RSUser["member_id"];
  $_SESSION["member_name"]=$RSUser["member_name"];
  $_SESSION["member_lname"]=$RSUser["member_lname"];
  $_SESSION["member_email"]=$RSUser["member_email"];
  $_SESSION["member_password"]=$password;
  $allowed_info=$pack->get_pack_value($id,'Mails');
  if($allowed_info["id"]!=Null)
  {
     $_SESSION["mails_allowed"]="yes";
  }
  




  if($HTTP_POST_VARS["remember_email"]=="on")
  {
   setcookie("exact[email]","$RSUser[member_email]", time()+30000000);
  }
  setcookie("exact[logged]",1,time()+30000000);
  setcookie("exact[member_email]","$RSUser[member_email]",time()+30000000);
  setcookie("exact[member_password]","$password",time()+30000000);

[jackpf]

Sessions are deleted when you close the browser. As for the midnight thing, Idk about that- it must be down to your PHP configuration.

 

If you want users to be able to stay logged in for long periods of time, you'll have to use cookies, as they're stored on the user's pc rather than the server

 

[NSW42]

yeh i realise this, but is there an easy way round to editing the code in the script.

[jackpf]

Just change all $_SESSION[]; to setcookie();

 

Then check for the cookie in all your protected pages.

[NSW42]

can you give me a quick example jack, so I dont screw it up

 

 

 

Thanks

[jackpf]

No problem

 

Ok,

 

Where you've got this

$_SESSION["member_id"]=$RSUser["member_id"];

 

To use a cookie instead, you could use this

$user = $RSUser["member_id"];
setcookie('memberId', $user, 0, '/', '.yourdomain.com'); //change the yourdomain.com to your domain

 

It's basically doing this:

 

setcookie('cookie_name', 'cookie_value', expire_time, 'path', 'domain');

 

If you need more help, go here:

 

http://uk2.php.net/setcookie

 

Hope this helps.