Jump to content

How to validate user login on every page only with cookies


thegweb

Recommended Posts

Is there any way out to check if user is logged in before user is allowed to see page content but only using cookies, no session no mysql.

I am using text file to read username and password and if it matches then set cookie name "loggedin" and welcome the user. I am using login form on the same page and posting to itself, ex form on index page and posting on index page as well. 

 

How can I confirm on every other page if user is logged in using same cookie?

 

Thanks

Link to comment
Share on other sites

First of all: Why do you have those weird limitations? Is that a requirement or a decision on your part?

 

I understand that you cannot or don't want to install a full-blown database system like MySQL, but there's still SQLite. That's also a single file, but it's much more convenient and reliable than messing with friggin' txt files. And why on earth can't you use sessions? That's one of the core functionalities of PHP.

 

Secondly: What exactly is this for? Is this just a fun application where any user may take over any account, or does the code actually have to be secure?

 

If you need security, things will get complicated, because you obviously need to prevent users from manipulating the cookies. This is possible with cryptography (or more specifically: a message authentication code), but that will take a lot more work and knowledge than simply using PHP sessions.

Link to comment
Share on other sites

Hi,

 

I know database will make it alot easier and thiis not my decision. I am working on a school project and this is my very first project and all these restrictions are project requirements. 

I hope to get some help here as it has been driving me crazy to figure out all this based on text files and not using sessions. I googled alot but no help.

 

Thats why I was here in a hope to get some help.

Link to comment
Share on other sites

You haven't answered the second question: Is it OK if anybody can take over any account? If it is, then simply put the user ID into a cookie and use it to identify the current visitor.

 

Of course this is incredibly stupid, because anybody can manipulate their cookies and claim that they're logged in. But given the stupid requirements, this approach seems to be appropriate.

Link to comment
Share on other sites

1 - create your text file and store it outside of your web-accessible tree for security purposes.

2 - create a small php script that contains a function that has two arguments - user and password.

3 - in this function open the text file and start a loop on it to read the lines one at a time. 

4 - match the user and password argument against the contents of the current line you just read.  If it matches, set the cookie and return true from the function

5 - if it doesn't match, read the next line from the text file and repeat step 4

6 - if you reach the end of the file and exit the loop, return false.

Link to comment
Share on other sites

Thanks for your help.

 

Being a student and working on a project, we cant say no to our instructor, it will then affect grades. 

For the second question: This project is just a class assignment and we are not told to really worry about the secure sessions. Though this is stupid to work in an appropriate way but assignment is assignment.

I appreciate your help. 

 

I saved cookie in different file to check if it is set then good otherwise redirect to main page for login without any error message. 

 

Thanks again, 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.