paulus4605 Posted August 25, 2011 Share Posted August 25, 2011 Hi I have a login script that allows the user to store info into a cookie if he doesn't want to be bothered by entering is password and other login credentials. however I read somewhere that's not smart to leave a cookie with your pass on your pc. Therefore I want to ask your opionion on how to adapt the below mentioned script so that's safe to store delicate information in a cookie <?php include("config.php"); if(isset($_SESSION['user_id'])) { // Inloggen correct, updaten laatst actief in db $sql = "UPDATE gebruikers SET lastactive=NOW() WHERE id='".$_SESSION['user_id']."'"; mysql_query($sql); }else{ if(isset($_COOKIE['user_id'])) { $sql = "SELECT wachtwoord,status FROM gebruikers WHERE id='".$_COOKIE['user_id']."'"; $query = mysql_query($sql); $rij = mysql_fetch_object($query); $dbpass = htmlspecialchars($rij->wachtwoord); $dbstatus = htmlspecialchars($rij->status); if($dbpass == $_COOKIE['user_password']) { $_SESSION['user_id'] = $_COOKIE['user_id']; $_SESSION['user_status'] = $dbstatus; }else{ setcookie("user_id", "", time() - 3600); setcookie("user_password", "", time() - 3600); echo "Cookies incorrect. Cookies verwijderd."; header("Location: inloggen.php"); } }else{ header("Location: inloggen.php"); } } ?> this is the concerning table CREATE TABLE IF NOT EXISTS `gebruikers` ( `id` int(11) NOT NULL AUTO_INCREMENT, `naam` varchar(50) NOT NULL DEFAULT '', `wachtwoord` varchar(50) NOT NULL DEFAULT '', `status` char(1) NOT NULL DEFAULT '0', `email` varchar(100) NOT NULL DEFAULT '', `actief` char(1) NOT NULL DEFAULT '0', `actcode` varchar(15) NOT NULL DEFAULT '', `lastactive` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=20 ; Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted August 25, 2011 Share Posted August 25, 2011 You don't store a password in a cookie full stop. Quote Link to comment Share on other sites More sharing options...
paulus4605 Posted August 25, 2011 Author Share Posted August 25, 2011 that part I understood aswell what other options do I have to memorise the user without storing his pass in the cookie Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.