dcsimg
www.webdeveloper.com
Results 1 to 9 of 9

Thread: Index.php to make a choice? Possible?

  1. #1
    Join Date
    Aug 2009
    Posts
    8

    Index.php to make a choice? Possible?

    I have a small family only website. My index.php has a login form with a remember me feature. If.. a member has a valid cookie set I would like my index.php to show one form (essentially a "click here to enter our site"). If there is no valid cookie to show another form (my login form).

    It seems to me that this should be possible.. sadly I have not the skills to implement it.

    If, this is easy (or possible?)... can someone please show me how?

    Thanks for your time

  2. #2
    Join Date
    Mar 2010
    Posts
    2,803
    Yes it's possible. Have a look at cookies
    Last edited by tirna; 01-15-2011 at 09:02 PM.

  3. #3
    Join Date
    Aug 2009
    Posts
    8
    Thanks Tirna
    I figure it would probably be some version of

    <?php
    if (isset($_COOKIE["user"]))
    echo "Welcome " . $_COOKIE["user"] . "!<br />";
    else
    echo "Welcome guest!<br />";
    ?>

    But I want the result to do something other than echo "Welcome..."
    Something along the line of
    if (isset($_COOKIE["user"]))
    show A
    else
    show B

  4. #4
    Join Date
    Mar 2010
    Posts
    672
    That would be quite insecure. Cookies are quite trivial to edit, and someone could easily edit their cookie to say 'you have been hacked!' and your authentication system would let them pass.
    What you want to do is create a session system that gives the user a session id, then you can just check if a session variable is properly set from page to page to see if they've been authenticated, for this you can take a look at php's built in session system. If you don't want or need a full session system you can easily implement a basic authentication system that works the same. The user authenticates, if valid a cookie is sent to the user with a session id, the session id is then saved in a database table, the index.php then will read the cookie, sanitize the session id and then check it with a list from the database to see if its valid. Be sure to trim the session id table from time to time (aka timing out a user) so that the table isn't filled with outdated id's. The session id is preferably something unique, long, random, and collision resistant, so an md5 hashed string composed of the users agent, current time and a random string or something similar.
    Last edited by Jarrod1937; 01-15-2011 at 10:29 PM.

  5. #5
    Join Date
    Mar 2010
    Posts
    2,803
    Quote Originally Posted by Ralph2 View Post
    Thanks Tirna
    I figure it would probably be some version of

    <?php
    if (isset($_COOKIE["user"]))
    echo "Welcome " . $_COOKIE["user"] . "!<br />";
    else
    echo "Welcome guest!<br />";
    ?>

    But I want the result to do something other than echo "Welcome..."
    Something along the line of
    if (isset($_COOKIE["user"]))
    show A
    else
    show B
    That's no problem.

    The "show A" would be the html to display your "click here to enter our site" and the "show B" would be to the code to show the login form.

    If the cookie is not set or if the browsr has cookies disabled, the "show B" option would be displayed.

    But even if the "show A" option is displayed, the user should still have to enter a username and password to log in as cookies are not secure enough to authenticate users' credentials.
    Last edited by tirna; 01-15-2011 at 10:43 PM.

  6. #6
    Join Date
    Aug 2009
    Posts
    8
    Thanks Jarrod
    I "think" my site is reasonably secure, the index login form does a <form action="../pages/home.php" method="post"> Home.php (and all pages) require login.php. (a flat database of users)
    Recently the "remember me" was added. Previously there was only a session (?) that kept the user logged in until the browser was closed.
    My problem now.. is if a user checked the "remember me" he can enter the site without logging in.. this is what I want but the index.php still brings up the log in form. One solution would be to advise the users to bookmark a page of their choice but I would like to have my index.php differentiate between not remembered (or logged out) and those that have elected to be remembered.

  7. #7
    Join Date
    Aug 2009
    Posts
    8
    I have been tinkering with the "if (isset($_COOKIE["user"]))" my first part is working but the "else" I am having trouble with. I want the else to open a new page... index1.php

    Is that possible and if so... how
    Thanks for all your time

  8. #8
    Join Date
    Mar 2010
    Posts
    672
    Like i said, i wouldn't recommend relying on just the 'user' cookie to be set to any value, that is quite easy to fake. But to have it go to another page you can use:
    http://php.net/manual/en/function.header.php

    In particular:
    header('Location: http://www.example.com/index1.php');

    Simply place that within your else block and it will redirect the user to that page. Keep in mind though that http headers have to be sent before any screen output, so that redirect has to occur before you echo anything out to the screen.

  9. #9
    Join Date
    Aug 2009
    Posts
    8
    Thanks Jarrod1937... but I can not seem to make this work for me.. so for the moment I am giving up. I think the part about being sent before any screen output is messing me up, but I can not seem to resolve it.

    Thanks again for helping

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles