paulus4605 Posted August 25, 2011 Share Posted August 25, 2011 Hi I have a login script that allows the user to store info into a cookie if he doesn't want to be bothered by entering is password and other login credentials. however I read somewhere that's not smart to leave a cookie with your pass on your pc. Therefore I want to ask your opionion on how to adapt the below mentioned script so that's safe to store delicate information in a cookie <?php include("config.php"); if(isset($_SESSION['user_id'])) { // Inloggen correct, updaten laatst actief in db $sql = "UPDATE gebruikers SET lastactive=NOW() WHERE id='".$_SESSION['user_id']."'"; mysql_query($sql); }else{ if(isset($_COOKIE['user_id'])) { $sql = "SELECT wachtwoord,status FROM gebruikers WHERE id='".$_COOKIE['user_id']."'"; $query = mysql_query($sql); $rij = mysql_fetch_object($query); $dbpass = htmlspecialchars($rij->wachtwoord); $dbstatus = htmlspecialchars($rij->status); if($dbpass == $_COOKIE['user_password']) { $_SESSION['user_id'] = $_COOKIE['user_id']; $_SESSION['user_status'] = $dbstatus; }else{ setcookie("user_id", "", time() - 3600); setcookie("user_password", "", time() - 3600); echo "Cookies incorrect. Cookies verwijderd."; header("Location: inloggen.php"); } }else{ header("Location: inloggen.php"); } } ?> this is the concerning table CREATE TABLE IF NOT EXISTS `gebruikers` ( `id` int(11) NOT NULL AUTO_INCREMENT, `naam` varchar(50) NOT NULL DEFAULT '', `wachtwoord` varchar(50) NOT NULL DEFAULT '', `status` char(1) NOT NULL DEFAULT '0', `email` varchar(100) NOT NULL DEFAULT '', `actief` char(1) NOT NULL DEFAULT '0', `actcode` varchar(15) NOT NULL DEFAULT '', `lastactive` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=20 ; Link to comment https://forums.phpfreaks.com/topic/245664-cookie-handling-in-login-script/ Share on other sites More sharing options...
MasterACE14 Posted August 25, 2011 Share Posted August 25, 2011 You don't store a password in a cookie full stop. Link to comment https://forums.phpfreaks.com/topic/245664-cookie-handling-in-login-script/#findComment-1261741 Share on other sites More sharing options...
paulus4605 Posted August 25, 2011 Author Share Posted August 25, 2011 that part I understood aswell what other options do I have to memorise the user without storing his pass in the cookie Link to comment https://forums.phpfreaks.com/topic/245664-cookie-handling-in-login-script/#findComment-1261742 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.