Jump to content


Photo

Adding cookies option to a login script


  • Please log in to reply
10 replies to this topic

#1 feri_soft

feri_soft
  • Members
  • PipPipPip
  • Advanced Member
  • 147 posts

Posted 14 September 2006 - 10:32 AM

Hi, i have this login script:
<?
/* Check User Script */
session_start();  // Start Session

include 'db.php';
include 'funcs.php';
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];




if((!$username) || (!$password)){
    echo "Please enter ALL of the information! <br />";
    include 'login_form.html';
    exit();
}

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
    while($row = mysql_fetch_array($sql)){
    foreach( $row AS $key => $val ){
        $$key = stripslashes( $val );
    }
        // Register some session variables!
		session_register('username');
		$_SESSION['username'] = $username;
		session_register('userid');
		$_SESSION['userid'] = $userid;
        session_register('first_name');
        $_SESSION['first_name'] = $first_name;
        session_register('last_name');
        $_SESSION['last_name'] = $last_name;
        session_register('email_address');
        $_SESSION['email_address'] = $email_address;
        session_register('special_user');
        $_SESSION['user_level'] = $user_level;
        $_SESSION['auth'] = true;
        mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
        
        header("Location: success.php");
    }
} else {
    echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
    Please try again!<br />";
	$_SESSION['auth'] = false;
    include 'login_form.html';
}
?>

How can i add cookies support ot it...and can you give me some advises how the script can be safer with the cookies.Because this is raw example i have filtered the inputs already etc...but i dont know how to create secure cookies so no one can change them in harmful way.Thanks in advance...


Hmm...There is one requerment the session globals must remain because theyare very important ids,usernames so on...

#2 HuggieBear

HuggieBear
  • Members
  • PipPipPip
  • Advanced Member
  • 1,899 posts
  • LocationEngland, UK

Posted 14 September 2006 - 12:04 PM

You need to use setcookie create a cookie.

<?php
// Cookie parameters
	$name = "username";
	$value = "HuggieBear";
	$path = "/";   // This specifies where the cookie will be valid from.  / (forward slash) is root
	$domain = "yourdomian.com";   // This will make the cookie available to the whole domain
	$expire = time() +3600;   // Set the cookie to expire in an hour	
	setcookie($name, $value, $expire, $path, $domain);  // Set the actual cookie
?>

Regards
Huggie
Advice to MySQL users: Get phpMyAdmin and test your queries work there first, take half the hassle out of diagnosis, also check the reserved words list.

Links: PHP Docs :: RegEx's :: MySQL :: DevGuru :: w3schools

#3 feri_soft

feri_soft
  • Members
  • PipPipPip
  • Advanced Member
  • 147 posts

Posted 14 September 2006 - 12:20 PM

And then how tocheck if exists and login

#4 HuggieBear

HuggieBear
  • Members
  • PipPipPip
  • Advanced Member
  • 1,899 posts
  • LocationEngland, UK

Posted 14 September 2006 - 12:46 PM

Oh, I see, you want to add the cookie after they've logged in to say they've logged in.

In that case, set something like this:

<?php
// Cookie parameters
	$name = "authenticated";
	$value = "y";
	$path = "/";   // This specifies where the cookie will be valid from.  / (forward slash) is root
	$domain = "yourdomian.com";   // This will make the cookie available to the whole domain
	$expire = time() +3600;   // Set the cookie to expire in an hour	
	setcookie($name, $value, $expire, $path, $domain);  // Set the actual cookie
?>

Then at the top of your pages:

<?php
	if ($_COOKIE['authenticated'] != "y"){
		header("Location: login.php");
	}
	else {
		// Your page content here
	}
?>

Regards
Huggie
Advice to MySQL users: Get phpMyAdmin and test your queries work there first, take half the hassle out of diagnosis, also check the reserved words list.

Links: PHP Docs :: RegEx's :: MySQL :: DevGuru :: w3schools

#5 feri_soft

feri_soft
  • Members
  • PipPipPip
  • Advanced Member
  • 147 posts

Posted 14 September 2006 - 01:31 PM

And then if the cookie isthere just rewrite my script launching the sessionstart and so on...?

#6 feri_soft

feri_soft
  • Members
  • PipPipPip
  • Advanced Member
  • 147 posts

Posted 16 September 2006 - 05:41 AM

IDEAS???

#7 HuggieBear

HuggieBear
  • Members
  • PipPipPip
  • Advanced Member
  • 1,899 posts
  • LocationEngland, UK

Posted 16 September 2006 - 06:07 AM

Yeah, that sounds good to me.

<?php
	if ($_COOKIE['authenticated'] != "y"){
		header("Location: login.php");
	}
	else {
		session_start();
	}
	// Rest of code here ...
?>

Regards
Huggie
Advice to MySQL users: Get phpMyAdmin and test your queries work there first, take half the hassle out of diagnosis, also check the reserved words list.

Links: PHP Docs :: RegEx's :: MySQL :: DevGuru :: w3schools

#8 feri_soft

feri_soft
  • Members
  • PipPipPip
  • Advanced Member
  • 147 posts

Posted 16 September 2006 - 09:18 AM

but i must put the username and password in the cookie to start the session,shouldn't i???

#9 HuggieBear

HuggieBear
  • Members
  • PipPipPip
  • Advanced Member
  • 1,899 posts
  • LocationEngland, UK

Posted 16 September 2006 - 09:23 AM

No, I think you're confusing session variables with cookies.  You don't need to use session_start() with cookies at all.

Regards
Huggie
Advice to MySQL users: Get phpMyAdmin and test your queries work there first, take half the hassle out of diagnosis, also check the reserved words list.

Links: PHP Docs :: RegEx's :: MySQL :: DevGuru :: w3schools

#10 feri_soft

feri_soft
  • Members
  • PipPipPip
  • Advanced Member
  • 147 posts

Posted 17 September 2006 - 09:42 AM

But then how to determain who is the user with that cookie if the cookie value is true ....!?

#11 feri_soft

feri_soft
  • Members
  • PipPipPip
  • Advanced Member
  • 147 posts

Posted 18 September 2006 - 05:00 PM

BUMP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users