Index.php to make a choice? Possible?
I have a small family only website. My index.php has a login form with a remember me feature. If.. a member has a valid cookie set I would like my index.php to show one form (essentially a "click here to enter our site"). If there is no valid cookie to show another form (my login form).
It seems to me that this should be possible.. sadly I have not the skills to implement it.
If, this is easy (or possible?)... can someone please show me how?
Thanks for your time
Yes it's possible. Have a look at cookies
Last edited by tirna; 01-15-2011 at 08:02 PM.
I figure it would probably be some version of
echo "Welcome " . $_COOKIE["user"] . "!<br />";
echo "Welcome guest!<br />";
But I want the result to do something other than echo "Welcome..."
Something along the line of
That would be quite insecure. Cookies are quite trivial to edit, and someone could easily edit their cookie to say 'you have been hacked!' and your authentication system would let them pass.
What you want to do is create a session system that gives the user a session id, then you can just check if a session variable is properly set from page to page to see if they've been authenticated, for this you can take a look at php's built in session system. If you don't want or need a full session system you can easily implement a basic authentication system that works the same. The user authenticates, if valid a cookie is sent to the user with a session id, the session id is then saved in a database table, the index.php then will read the cookie, sanitize the session id and then check it with a list from the database to see if its valid. Be sure to trim the session id table from time to time (aka timing out a user) so that the table isn't filled with outdated id's. The session id is preferably something unique, long, random, and collision resistant, so an md5 hashed string composed of the users agent, current time and a random string or something similar.
Last edited by Jarrod1937; 01-15-2011 at 09:29 PM.
That's no problem.
Originally Posted by Ralph2
The "show A" would be the html to display your "click here to enter our site" and the "show B" would be to the code to show the login form.
If the cookie is not set or if the browsr has cookies disabled, the "show B" option would be displayed.
But even if the "show A" option is displayed, the user should still have to enter a username and password to log in as cookies are not secure enough to authenticate users' credentials.
Last edited by tirna; 01-15-2011 at 09:43 PM.
I "think" my site is reasonably secure, the index login form does a <form action="../pages/home.php" method="post"> Home.php (and all pages) require login.php. (a flat database of users)
Recently the "remember me" was added. Previously there was only a session (?) that kept the user logged in until the browser was closed.
My problem now.. is if a user checked the "remember me" he can enter the site without logging in.. this is what I want but the index.php still brings up the log in form. One solution would be to advise the users to bookmark a page of their choice but I would like to have my index.php differentiate between not remembered (or logged out) and those that have elected to be remembered.
I have been tinkering with the "if (isset($_COOKIE["user"]))" my first part is working but the "else" I am having trouble with. I want the else to open a new page... index1.php
Is that possible and if so... how
Thanks for all your time
Like i said, i wouldn't recommend relying on just the 'user' cookie to be set to any value, that is quite easy to fake. But to have it go to another page you can use:
Simply place that within your else block and it will redirect the user to that page. Keep in mind though that http headers have to be sent before any screen output, so that redirect has to occur before you echo anything out to the screen.
Thanks Jarrod1937... but I can not seem to make this work for me.. so for the moment I am giving up. I think the part about being sent before any screen output is messing me up, but I can not seem to resolve it.
Thanks again for helping
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)