Jump to content

Archived

This topic is now archived and is closed to further replies.

feri_soft

Adding cookies option to a login script

Recommended Posts

Hi, i have this login script:
[code]<?
/* Check User Script */
session_start();  // Start Session

include 'db.php';
include 'funcs.php';
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];




if((!$username) || (!$password)){
    echo "Please enter ALL of the information! <br />";
    include 'login_form.html';
    exit();
}

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
    while($row = mysql_fetch_array($sql)){
    foreach( $row AS $key => $val ){
        $$key = stripslashes( $val );
    }
        // Register some session variables!
session_register('username');
$_SESSION['username'] = $username;
session_register('userid');
$_SESSION['userid'] = $userid;
        session_register('first_name');
        $_SESSION['first_name'] = $first_name;
        session_register('last_name');
        $_SESSION['last_name'] = $last_name;
        session_register('email_address');
        $_SESSION['email_address'] = $email_address;
        session_register('special_user');
        $_SESSION['user_level'] = $user_level;
        $_SESSION['auth'] = true;
        mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
       
        header("Location: success.php");
    }
} else {
    echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
    Please try again!<br />";
$_SESSION['auth'] = false;
    include 'login_form.html';
}
?> [/code]

How can i add cookies support ot it...and can you give me some advises how the script can be safer with the cookies.Because this is raw example i have filtered the inputs already etc...but i dont know how to create secure cookies so no one can change them in harmful way.Thanks in advance...


Hmm...There is one requerment the session globals must remain because theyare very important ids,usernames so on...

Share this post


Link to post
Share on other sites
You need to use [url=http://www.php.net/manual/en/function.setcookie.php]setcookie[/url] create a cookie.

[code]
<?php
// Cookie parameters
$name = "username";
$value = "HuggieBear";
$path = "/";  // This specifies where the cookie will be valid from.  / (forward slash) is root
$domain = "yourdomian.com";  // This will make the cookie available to the whole domain
$expire = time() +3600;  // Set the cookie to expire in an hour
setcookie($name, $value, $expire, $path, $domain);  // Set the actual cookie
?>
[/code]

Regards
Huggie

Share this post


Link to post
Share on other sites
Oh, I see, you want to add the cookie after they've logged in to say they've logged in.

In that case, set something like this:

[code]
<?php
// Cookie parameters
$name = "authenticated";
$value = "y";
$path = "/";  // This specifies where the cookie will be valid from.  / (forward slash) is root
$domain = "yourdomian.com";  // This will make the cookie available to the whole domain
$expire = time() +3600;  // Set the cookie to expire in an hour
setcookie($name, $value, $expire, $path, $domain);  // Set the actual cookie
?>
[/code]

Then at the top of your pages:

[code]
<?php
if ($_COOKIE['authenticated'] != "y"){
header("Location: login.php");
}
else {
// Your page content here
}
?>
[/code]

Regards
Huggie

Share this post


Link to post
Share on other sites
Yeah, that sounds good to me.

[code]
<?php
if ($_COOKIE['authenticated'] != "y"){
header("Location: login.php");
}
else {
session_start();
}
// Rest of code here ...
?>[/code]

Regards
Huggie

Share this post


Link to post
Share on other sites
No, I think you're confusing session variables with cookies.  You don't need to use session_start() with cookies at all.

Regards
Huggie

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.