Jump to content

Adding cookies option to a login script


feri_soft

Recommended Posts

Hi, i have this login script:
[code]<?
/* Check User Script */
session_start();  // Start Session

include 'db.php';
include 'funcs.php';
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];




if((!$username) || (!$password)){
    echo "Please enter ALL of the information! <br />";
    include 'login_form.html';
    exit();
}

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
    while($row = mysql_fetch_array($sql)){
    foreach( $row AS $key => $val ){
        $$key = stripslashes( $val );
    }
        // Register some session variables!
session_register('username');
$_SESSION['username'] = $username;
session_register('userid');
$_SESSION['userid'] = $userid;
        session_register('first_name');
        $_SESSION['first_name'] = $first_name;
        session_register('last_name');
        $_SESSION['last_name'] = $last_name;
        session_register('email_address');
        $_SESSION['email_address'] = $email_address;
        session_register('special_user');
        $_SESSION['user_level'] = $user_level;
        $_SESSION['auth'] = true;
        mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
       
        header("Location: success.php");
    }
} else {
    echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
    Please try again!<br />";
$_SESSION['auth'] = false;
    include 'login_form.html';
}
?> [/code]

How can i add cookies support ot it...and can you give me some advises how the script can be safer with the cookies.Because this is raw example i have filtered the inputs already etc...but i dont know how to create secure cookies so no one can change them in harmful way.Thanks in advance...


Hmm...There is one requerment the session globals must remain because theyare very important ids,usernames so on...
Link to comment
Share on other sites

You need to use [url=http://www.php.net/manual/en/function.setcookie.php]setcookie[/url] create a cookie.

[code]
<?php
// Cookie parameters
$name = "username";
$value = "HuggieBear";
$path = "/";  // This specifies where the cookie will be valid from.  / (forward slash) is root
$domain = "yourdomian.com";  // This will make the cookie available to the whole domain
$expire = time() +3600;  // Set the cookie to expire in an hour
setcookie($name, $value, $expire, $path, $domain);  // Set the actual cookie
?>
[/code]

Regards
Huggie
Link to comment
Share on other sites

Oh, I see, you want to add the cookie after they've logged in to say they've logged in.

In that case, set something like this:

[code]
<?php
// Cookie parameters
$name = "authenticated";
$value = "y";
$path = "/";  // This specifies where the cookie will be valid from.  / (forward slash) is root
$domain = "yourdomian.com";  // This will make the cookie available to the whole domain
$expire = time() +3600;  // Set the cookie to expire in an hour
setcookie($name, $value, $expire, $path, $domain);  // Set the actual cookie
?>
[/code]

Then at the top of your pages:

[code]
<?php
if ($_COOKIE['authenticated'] != "y"){
header("Location: login.php");
}
else {
// Your page content here
}
?>
[/code]

Regards
Huggie
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.