Cookies

AbydosGater · December 29, 2006

Hey people,
Ive been using sessions for my news site,
But i wish to add a remember me feature for my members.
In my sessions i have a session[user] with an array of database user info.
Is there any way to do this with cookies or will i have to set a new cookie for each array value?

-Andy

genericnumber1 · December 29, 2006

While you cant store arrays in a cookie, it expects a string and will give you an error if you don't provide it something it can use as one, you can serialize() the array and unserialize() it later... take this example...

[code=php:0]
$testArray = array('foo' => 'bar', 'stuff', 'thing' => 'morestuff');
setcookie('stuff', serialize($testArray));
[/code]

you could then on the next page...

[code=php:0]
$testArray = unserialize($_COOKIE['stuff']);
[/code]

and $testArray contains what it did originally.... it should work... but remember you're limited to about 4k in a cookie, so you might not want HUGE arrays being stuffed into the cookie.

The main problem with doing this is that if the passwords are stored in plain text that can easily be picked out. I'd suggest at least storing them in md5 on the clients cookie, though there are better things you could do for security.

AbydosGater · December 29, 2006

ok great thanks, wil get coding!

-Andy
ps: All passwords are md5

wildteen88 · December 29, 2006

How is the remember me feature triggered? By a checkbox a user checks when logging in or when logging out? What parts of the session do you want to keep?

AbydosGater · December 29, 2006

It will be trigger on loggin, and i need the member_id, password, username/

wildteen88 · December 29, 2006

How do you process logins. Could you post the code for your login system.

AbydosGater · December 29, 2006

Yeah here is the code.. its a function because i use it all around the site...

[code]
<?php
function displaylogin(){
$formaction = $_SERVER['PHP_SELF'];
$loginform = "
<form action=$formaction method=post name=loginform>
Username:
 
<input type=text name=username size=20 class=field1>
 
Password:
 
<input type=password name=password size=20 class=field1>
 
<input type=submit value=login class=button1 name=login>
 
<a href=register.php>Click Here To Register</a>
</form>
";
if (!$_SESSION['user'] && !$_POST['login']){ // No session + No Form Login... Display the form...
echo $loginform;
} elseif ($_POST['username']){ //if the form has been submitted... The ifs + elses between this and next comment arnt that important just checking if the login details are correct...

$username = $_POST['username'];
$password = $_POST['password'];
$password = md5($password);
//---
$result = mysql_query("SELECT * FROM sf_users WHERE username='$username'") or die(mysql_error());
$user = mysql_fetch_array( $result );
if ($user['member_id'] == ""){
echo "Unknown username, please try again";
echo $loginform;

} else {
$dbusername = $user['username'];
$dbpassword = $user['password'];
if ($username == $dbusername && $password == $dbpassword){
session_register("user");
$result = mysql_query("SELECT * FROM sf_users WHERE username='$username'") or die(mysql_error());
$_SESSION['user'] = mysql_fetch_array($result);
$uname = $_SESSION['user']['username'];
$member_id = $_SESSION['user']['member_id'];
$datestamp = DATESTAMP;
$newip = $_SERVER['REMOTE_ADDR'];
echo " Loading... Please wait... ";
mysql_query("UPDATE sf_users SET `last_login` = '$datestamp' WHERE `sf_users`.`member_id` =$member_id");
if ($_SESSION['user']['cus_ip'] == "0"){
mysql_query("UPDATE sf_users SET `ipaddress` = '$newip' WHERE `sf_users`.`member_id` =$member_id");
}
echo "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=members.php\">";
} else if ($username == $dbusername && $password != $dbpassword){
echo "Your Password is incorrect";
echo $loginform;

} else {
echo "Unknown System Error! Please ensure your Cases are correct!";
}
};

} elseif ($_SESSION['user']){
//If we have the session... echo the username has logged in
//Display member options...

$uname = $_SESSION['user']['username'];
$urank = $_SESSION['user']['rank'];
$uid = $_SESSION['user']['member_id'];
if($_SESSION['user']['active'] != "1"){
echo "You have not yet activated your account! Please activate your account via the email sent to you. For security we can not resend the email. If this is a problem, please contact an admin. ";
};
echo "Welcome Back, $urank $uname ";
echo " ";
echo "<a href='members.php'>[Members Area]</a> ";
echo "<a href='forums'>[Forums]</a> ";

if ($_SESSION['user']['CL'] >= 2){
echo "<a href='admin/'>[Admin Panel]</a> ";
}

echo "<a href='logout.php'>[Logout]</a> ";

}
};
?>
[/code]

Thanks
-Andy

genericnumber1 · December 29, 2006

There are definitely some things there you probably don't want to store in a cookie... rank and UID are definitely one of those things... though you could (and might have already thought of) keeping them as sessions

AbydosGater · December 29, 2006

yeah i have all of them as sessions but i would like to keep the member_id in a cookie for database retrival later on when they login again, its my table primary_key

wildteen88 · December 29, 2006

I have modified your code a little, mainly due to repeating yourself and doing a lot of unneeded checks. Here is your new code:
[code]<?php

function displaylogin()
{
$formaction = $_SERVER['PHP_SELF'];

$loginform = <<<HTML
<form action="{$formaction}" method="pos"t name="loginform">
Username:
 
<input type="text" name="username" size="20" class="field1">
 
Password:
 
<input type="password" name="password" size="20" class="field1">
 
<input type="submit" value="login" class="button1" name="login">
 
<a href="register.php">Click Here To Register</a>
</form>
HTML;

if(!isset($_SESSION['user']) && !isset($_POST['login']))
{
// No session + No Form Login... Display the form...
echo $loginform;
}
elseif (isset($_POST['username']))
{
// if the form has been submitted... The ifs + elses between this and next comment arnt
// that important just checking if the login details are correct...

$username = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);

$sql = "SELECT * FROM sf_users WHERE username='$username' AND `password`='$password'";

$result = mysql_query($sql) or die(mysql_error());

if(mysql_num_rows($result) == 1)
{
$user = mysql_fetch_array($result);

$_SESSION['user'] = $user;

$member_id = $_SESSION['user']['member_id'];
$datestamp = DATESTAMP;
$newip = $_SERVER['REMOTE_ADDR'];

/* Preparing the cookie data:
** We arew going to store it in an array
** then when we save it to cookie
** we will serialize it */
$cookieDATA[] = $member_id;
$cookieDATA[] = $username;
$cookieDATA[] = $password;

/* set the remeberMe cookie, it should last around 1 month.
** This can be changed by changing 2678400 to however long
** in secounds you want the cookie to last */
setcookie('rememberMe', serialize($cookieDATA), time()+2678400);

$sql = "UPDATE sf_users SET `last_login` = '$datestamp' WHERE `sf_users`.`member_id` =$member_id";

$result = mysql_query($sql);

echo " Loading... Please wait... ";

if ($_SESSION['user']['cus_ip'] == "0")
{
mysql_query("UPDATE sf_users SET `ipaddress` = '$newip' WHERE `sf_users`.`member_id` =$member_id");
}

echo "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=members.php\">";
}
else
{
echo "Username and/or password are incorrect. Please try again" . $loginform;
}
}
elseif (isset($_SESSION['user']))
{
//If we have the session... echo the username has logged in
//Display member options...

$uname = $_SESSION['user']['username'];
$urank = $_SESSION['user']['rank'];
$uid = $_SESSION['user']['member_id'];

if($_SESSION['user']['active'] != "1")
{
echo <<<HTML

You have not yet activated your account! Please activate your account via the email sent to you. For security we can not
resend the email. If this is a problem, please contact an admin.
 
 
HTML;
}

echo <<<HTML
Welcome Back, {$urank} {$uname} 
 
<a href="members.php">[Members Area]</a> 
<a href="forums">[Forums]</a> 

HTML;

if ($_SESSION['user']['CL'] >= 2)
{
echo '<a href="admin/">[Admin Panel]</a> ';
}

echo '<a href="logout.php">[Logout]</a> ';
}
}

?>[/code]
The cookie that should be setup is called [b]remeberMe[/b]. When you grab the cookie using [code=php:0]$_COOKIE['remeberMe'][/code] you will need to [url=http://php.net/unserialize]unserialize[/url] it. As the cookie holds an array of 3 items which are member id, username and password.

NOTE: You may get errors. This code is untested however I checked over it for any errors. If you get any errors post theme here and I will have a look. If you get no errors then that will be a bonus. But it shouldn't.

The only thing you need to do is create the bit where it fetches the cookie and signs the person in automatically which you should be able to do.

AbydosGater · December 29, 2006

Thanks,
It seams to be working fine except for the header errors just as it sets the cookie!

-Andy

wildteen88 · December 29, 2006

Post the full error here. Also where do you call the displaylogin function from? You may need to add ob_start() and ob_end_flush() to the script that calls that function.

AbydosGater · December 29, 2006

[quote]
Warning: Cannot modify header information - headers already sent by (output started at /home/shadowfl/public_html/inc/header.inc.php:78) in /home/shadowfl/public_html/common.php on line 99

[/quote]

Thats the error. and i am calling the function within my pages table.. you can see it at www.shadowfleet.info

Sign In

Cookies

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information