Login with session & cookies

[graham23s]

Hi Guys,

 

i have modified my login script slighly, i put a check box saying remember me for:

 

1 week

2 weeks

Forever

 

code:

 

login.php:

 

<?php
           echo '<h1>Login</h1>';
           echo '<form method="POST" action="logincheck.php">
                 <table border="0" cellpadding=10>
                 <tr><td class=rowhead>Username</td><td align=left><input type="text" size=40 name="username" /></td></tr>
                 <tr><td class=rowhead>Password</td><td align=left><input type="password" size=40 name="password" /></td></tr>
                 <tr><td class=rowhead></td><td align=left>Remember me next time i visit for <select name="rem"><option value="1">1 Week</option><option value="2">2 Weeks</option><option value="3">Forever</option></select></td></tr>
                 <tr><td colspan="2" align="right">[<a href="recoverpassword.php">FORGOT PASSWORD</a>] <input type="submit" value="Login" class=btn></td></tr>
                 </table>
                 </form>';          
?>

 

logincheck.php

 

<?php
     include("includes/db_connection.php");
     include("includes/constants.php");
     
 $username = trim(strtolower(mysql_real_escape_string($_POST['username'])));
 $password = trim(strtolower(mysql_real_escape_string($_POST['password'])));

  	 if (empty($username) || empty($password)) {	
  	 
 echo "Please fill in both fields.";
 exit;	

 }	

     // See if the details are in the database...
     $q = "SELECT `id`,`username`,`password` FROM `membership` WHERE `username`='$username' AND `password`='$password'";
     $r = mysql_query($q);
     $row = mysql_fetch_array($r);

     //=====================================================================================//
     // Was there any results back...
     $any_results = mysql_num_rows($r);

 // was there a user found?...#######################################################
 if($any_results != 1) {	

     echo "Sorry username and password combination not found.";
     exit;	
     
 } else {	

     if(($any_results) > 0) {
     
     ## start the sessions ##############################################################

     session_start(); 
     
     $_SESSION['id'] = $row['id'];
     $_SESSION['username'] = $row['username'];
     $_SESSION['loggedin'] = 'yes'; 
     $_SESSION['member'] = $username;
     
     }	
     
 ## cookie value
 $rem = $_POST['rem'];	

 if($rem == 1) {

 setcookie("username",$username, strtotime("+1 week")); 

 } elseif($rem == 2) {

 setcookie("username",$username, strtotime("+2 weeks")); 

 } elseif($rem == 3) {

     setcookie("username",$username,time()+(60*60*24*365));

 } else {

 ## dont't set anything

 }

 ## Update Login timer...############################################################
 $timer_query = "UPDATE `membership` SET `login`=now() WHERE `username`='$username' AND `password`='$password'";
 $timer_result = mysql_query($timer_query) or die (mysql_error());

     if ($timer_result) {	
     
 header("Location:browsenzbs.php"); 

     } 
         
     } 
?>

 

the session code at the top of each page

 

sessions.php

 

<?php
session_start(); 
header("Cache-control: private");
if($_SESSION['loggedin'] != 'yes') { 
    header("Location: login.php"); 
    exit; 
} 
$member = $_SESSION['member'];
$users_id = $_SESSION['id'];
?>

 

so if a selection is made 1,2 weeks or forever, i have an if/else determining what to set, but im not sure how to incorporate the isset (if thats what i need) in the sessions page?

 

any advice would be appreciated

 

Graham

[revraz]

I don't understand what you are asking.  Are you asking how to set a cookie for different length of times?

[graham23s]

Hi Mate,

 

nope i can do that ok, its just when the cookie is set, do i just set it, like i'm doing in the script? and leave it at that, or do i need to check if its set or something in the sessions.php page?

 

cheers mate

 

Graham

[revraz]

It depends on you really.  You can verify that the cookie was accepted by the browser or you can just set it and move on.