cookies and sessions

[fxuser]

Hello , my website uses sessions to check for users if they are logged in, get data and such stuff..

 

But i want to add cookies in order to make users stay logged in for more time..

 

I do have a remember me checkbox and a function that tells me if a user is loggedin by checking if session or cookie is set and then it returns a true flag... the problem is that i dont know how to get if he is logged via session or cookies

 

Thanks.

[fxuser]

ok so , let me explain it a lil bit..

After i check my password on the log in script i have this :

 

 

if ($numrows2>=1){
  if ($rememberme == "on"){
    setcookie("username, $username, time()+86400*365")
  }
  else if ($rememberme == ""){
    $_SESSION['username'] = $username;
  }
}
else
      echo "wrong pass";

 

rememberme is a checkbox item

 

Then i have this in my configs folder:

 

function loggedin(){
  if (isset($_SESSION['username']) || isset($_COOKIE['username'])){
    $loggedin = TRUE;
     return $loggedin;
  }
}

 

 

so in my code i use $_SESSION to check if a user is logged in.. and since i have done much of coding with $_SESSION.. if i change

 isset($_SESSION['username'])

with

loggedin()

will it auto check if it will use SESSIONS or COOKIES?

 

Thanks.

[BlueSkyIS]

that first bit of code shouldn't parse. are you not getting a parse error?

[fxuser]

that first bit of code shouldn't parse. are you not getting a parse error?

 

the code works fine if  i try the loggedin() function in a new file , no parse errors..

 

what i wanna know is if that will do the job that i want to..

 

I still havent tried yet to migrate the function and cookies with my code.

[fxuser]

bump

[fxuser]

since i cant edit my posts .. may i ask  for a little help over here...

 

 

Thanks.

[mmarif4u]

Hi fxuser,

As there will be remember me check box. If user check the check box, store the info in cookies if did not check the box, just store info in session. Some thing like:

if( $checkbox == 'save') {
//do cookie stuff
}
else
{
//session
}

 

Hope, it helps if i get you correctly.

 

[fxuser]

Hi fxuser,

As there will be remember me check box. If user check the check box, store the info in cookies if did not check the box, just store info in session. Some thing like:

if( $checkbox == 'save') {
//do cookie stuff
}
else
{
//session
}

 

Hope, it helps if i get you correctly.

 

 

thats correct , my problem is that i have used all this time sessions in all my checks and now i want to use cookies aswell... so how am i gonna know if the user has checked the checkbox in order to use cookies or sessions..

 

so i came up with this idea:

 

				if ($numrows2 == 1){
					if (isset($rememberme)){
						setcookie("email", $login_mail, time() + 60 * 60 * 24 * 30);
						setcookie("username", $username, time() + 60 * 60 * 24 * 30);
						$_SESSION['email'] = $_COOKIE['email'];
						$_SESSION['username'] = $_COOKIE['username'];

					}
					else{
					$_SESSION['email'] = $login_mail;
					$_SESSION['username'] = $username;
					}
					//echo "You have successfully logged in<br>";
					//echo "Click <a href='profile.php?id=".$_SESSION['username']."'>here</a> to go to your profile";
					print "<script language='Javascript'>document.location.href='profile.php?id=".$_SESSION['username']."' ;</script>";
				}

 

numrows2 is the check if the pass = with stored pass , there was a prev numrows which did the same thing but for login

 

on html side i have this :

<input type='checkbox' 'name=rememberme' style='background-color: #99FF66' />Remember me

[mmarif4u]

I really don't think so you should know what they selected. But in case you wana check, there are many ways, you can close the browser tab or close the browser and then re open it to see if cookie exists. Another is to set a pre defined variable in each statement to know that which one is used like:

$key = 'cookie';
$key = 'session';

 

Now one more thing. I think you are not using the exact logic of remember me thing. Let me rephrase it.

Your input will be like this:

<input type='checkbox' name='rememberme' value='save_me' style='background-color: #99FF66' />Remember me

 

Now in your php script:

$save_me = $_POST['rememberme'];
if($save_me == 'save_me') { // check the value in input box, if it matches save in cookie or fall back to session
//cookie stuff
}
else
{
//session stuff
}

 

Hope its clear.

[fxuser]

i considered what you said and it seems to be working except that my php code is different places over the html page so i get headers errors , any way to get rid of the header errors without moving all my php page above html code?

 

Thanks.

[mmarif4u]

Yup, a hard core way to do that is to put this in your every page you have header issue:

<?php
ob_start();
?>
your html stuff
..
...
<?php
php code

ob_end_flush();
?>

 

Hope this helps.

[fxuser]

Yup, a hard core way to do that is to put this in your every page you have header issue:

<?php
ob_start();
?>
your html stuff
..
...
<?php
php code

ob_end_flush();
?>

 

Hope this helps.

 

yeap it seems it does but infact i can print the cookies so they work.. when i add their values to the sessions it seems i still cant manage the remember me function via my previous code ...

 

Ill try to search more.

 

Thanks for the help though.

[fxuser]

So i got somewhere with the following code and i would like some help :

 

i generate a random 8bit code and md5 hash it on login

 

					$logcode= md5(func_generate_string());

					$res= mysql_query("UPDATE db_regs SET logcode='$logcode' WHERE id=$id") or die('Could not update database.');
					$newval= "$id:$logcode";

					setcookie("cookiename", $newval, time() + 7200);

 

then i put this code:

$legal_require_php= 1234;
require ('check/detectuser.php');

on the top of every page that needs users access

 

and then this code checks on every page reload if the cookie is set and if the logcode hash equals to the one in database , if it does it creates a new one and store it in db

<?php
//see if detectuser.php has been required, not URL’d.
if ($legal_require_php!=1234) exit;
// setup global variable $global_user_id, set it to 0, which means no user as auto_increment IDs in MySQL begin with 1
$global_user_id= 0;
// now, check if user’s computer has the cookie set
if (isset($_COOKIE['cookiename'])) {
$cookieval= $_COOKIE['cookiename'];

//echo $cookieval;
//now parse the ID:LOGCODE value in cooke via explode() function
$cookieparsed= explode (":", $cookieval);
// $cookie_uid will hold user’s id
// $cookie_code will hold user’s last reported logcode
$cookie_uid= $cookieparsed[0];
$cookie_code= $cookieparsed[1];
// ensure that ID from cookie is a numeric value
if (is_numeric($cookie_uid)) {
	//now, find the user via his ID
	$res= mysql_query("SELECT logcode FROM db_regs WHERE id=$cookie_uid");
	// no die() this time, we will redirect if error occurs

		// now see if user’s id exists in database
		if (mysql_num_rows($res) >=1) {
			$logcode_in_base= mysql_result($res, 0);
			// now compare LOGCODES in cookie against the one in database
			if ($logcode_in_base == $cookie_code) {
				// if valid, generate new logcode and update database
				$newcode= md5(func_generate_string());
				$res= mysql_query("UPDATE db_regs SET logcode='$newcode' WHERE id='$cookie_uid'");
				// setup new cookie (replace the old one)
				$newval= "$cookie_uid:$newcode";
				setcookie("cookiename", $newval, time() + 7200);
				// finally, setup global var to reflect user’s id
				$global_user_id= $cookie_uid;
			} else
				die ('logcodes are not equal');
				// redirect if logcodes are not equal
  
		} else 
			die ('user ID does not exist in database');
		// redirect if user ID does not exist in database



} else 
	die ('user id in cookie is not numeric');
// redirect if user ID in cookie not numeric

}
?>

 

Thanks.

[fxuser]

also , i have managed to set the cookie , it recreates the new logcode but the problem is that it cant read the cookie after i close the browser so it will let me log in... while the cookie is there..

 

I really need to get this to work, any help would be appreciated..

 

Thanks.

[fxuser]

Sorry for bumping but can someone help me over with the previous code?

 

I have been searching for days and i am really stuck over here...