www.webdeveloper.com
Results 1 to 11 of 11

Thread: Login - Cookies

Hybrid View

  1. #1
    Join Date
    Jul 2014
    Posts
    4

    Login - Cookies

    Hi, i'm trying to write a login page with the following code :

    if (login==ok){
    setcookie('User[usr]', $row['uid'], time()+3600);
    setcookie('User[pwkey]', $row['PwKey'], time()+3600);
    header("Location:home.php");


    in other pages the following code :

    if (isset($_COOKIE['User'])){
    foreach ($_COOKIE['User'] as $name => $value){
    if ($name=='usr') $user=$value;
    if ($name=='pwkey') $userpass=$value;
    }
    ....
    checks if info in cookie are equals with the info in db and shows page or redirect to login.php
    }


    and a logout page with the following code :

    setcookie('User[usr]', $row['uid'], time()-3600);
    setcookie('User[pwkey]', $row['PwKey'], time()-3600);
    unset($_COOKIE["User"]);
    header("Location:login.php");


    When i try to write a code in login.php that if cookie exists and the info are equal with the info in db to redirect automatically to home.php i have a loop. The same issue when i try to logout.

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,321
    I'd get rid of the whole idea of storing login info in specific cookies, and instead use PHP sessions. (Then the only cookie that gets passed back and forth is the session ID cookie.)
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    706
    MORE IMPORTANTLY (besides Nogdog's recommendation) NEVER store a password. Can't tell if that is what you are attempting to do, but if it is STOP. Your plan s/b to store some token after you have validated the signin credentials. That token can be whatever you want it to be - user id is ok by me - but NEVER the pw. You have no need for the password once you have used it to verify that the given userid/ password combo is valid. Once done, save the userid or other token that you can then rely on to indicate successful login.
    JG
    PS - If you're posting here you should be using:

    error_reporting(E_ALL | E_NOTICE);
    ini_set('display_errors', '1');


    at the top of ALL php code while you develop it!

  4. #4
    Join Date
    Jul 2014
    Posts
    4
    Thank you for your replies.. Can you please give me an example of the code.. i'm new with PHP..

  5. #5
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    706
    That's not how it works here. You give us your example and we help you out with it - assuming that you have made a good effort. The whole point of being new to something is learning by doing.
    JG
    PS - If you're posting here you should be using:

    error_reporting(E_ALL | E_NOTICE);
    ini_set('display_errors', '1');


    at the top of ALL php code while you develop it!

  6. #6
    Join Date
    Jul 2014
    Posts
    4
    Hi again,
    ok i create the sessions with php..
    Questions:
    1) How i make it to automatically unset the session after some time??
    2) Why i have to write session_start(); before every check and even in logout page before unset?

  7. #7
    Join Date
    May 2014
    Posts
    897
    1) http://php.net/manual/en/function.se...kie-params.php

    Example:
    session_set_cookie_params(600);

    Will make the session expire after ten minutes of inactivity as it expires the session ID cookie.

    2) PHP sessions use a unique ID in a session cookie that is then used to connect to a 'database' of sorts typically stored in /tmp. You want to do something with sessions, your PHP code has to connect to that information first... so session_start() must be run to make that connection. It also chains a exit handler into place for you.
    Java is to JavaScript as Ham is to Hamburger.

  8. #8
    Join Date
    Feb 2014
    Location
    south africa
    Posts
    16
    time to read up on sessions abit :

    click me

    for authentication and security read up at the Open Web Application Security Project
    click me

  9. #9
    Join Date
    Jul 2014
    Posts
    4
    Thank you everybody, you were very helpful..

    One last thing i need to make is that i want to Insert/Delete/Select to/from a MySQL database using buttons (NOT Submit, i don't want every time to refresh the page) and refresh every time the table in the page.

  10. #10
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,321
    Quote Originally Posted by GaLaTaS View Post
    Thank you everybody, you were very helpful..

    One last thing i need to make is that i want to Insert/Delete/Select to/from a MySQL database using buttons (NOT Submit, i don't want every time to refresh the page) and refresh every time the table in the page.
    For that, read up on AJAX (search for something like "AJAX and PHP").
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  11. #11
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    706
    So - why can't you do that? You write your php script and then use an ajax call to execute it and handle the returned data. Google an asynchronous script and see how it's done.
    JG
    PS - If you're posting here you should be using:

    error_reporting(E_ALL | E_NOTICE);
    ini_set('display_errors', '1');


    at the top of ALL php code while you develop it!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles