0

I have a simple login script and i want to setup some cookies to keep the users signed in until they logout

What is the simplest way to do this without have to do a complete rewrite? is there a javascript i can use or simple line of php i can add?

i'd like it to remember the user name and password if possible, and if possible all together bypass the login screen

Thanks

<?php
session_start();

require_once('backend'.DIRECTORY_SEPARATOR.'init.php');

if(!$_GET['ref'])
    header("Location: page.php");
        ?>

and

<form method="post" id="login" action="login.php">
                <?php if($error['l_username']): ?>
                    <?php echo $error['l_username']; ?>
                <?php endif; ?>

                    <label for="l_username"><font color="#FFF" Size="6">E-Mail:</font></label>
                    <input type="text" name="l_username" id="l_username" value="<?php echo $l_username; ?>" />
                <?php if($error['l_password']): ?>
                    <?php echo $error['l_password']; ?></div>
                <?php endif; ?>
                    <label for="l_password"><font color="#FFF" Size="6">Password:</font></label>
                    <input type="password" name="l_password" id="l_password" />
                <P><BR><P>

                    <center><input type="submit" value="Login" /><P>
                    <a href="registration.html"><font color="#FFF" style="font-size:100px;">Register</font></a>


            </form>

Thank's everyone!

Mihai Maruseac
  • 20,967
  • 7
  • 57
  • 109
Michael
  • 183
  • 3
  • 11
  • 1
    Storing things in `$_SESSION` is probably safer for a login system, since cookies can be edited. – BananaMan May 16 '14 at 22:54
  • @BananaMan How do i do that? can you please help – Michael May 16 '14 at 22:57
  • Cookies can be edited but may be sufficient dependant on length. – ScottMcGready May 16 '14 at 22:59
  • This is being used in a UIWebView in a IOS app (which is like safari), and i'd like it if when a person quits the app from the multitasking or restarts their device, this info can be remembered so they don't have to type it in each time – Michael May 16 '14 at 22:59

2 Answers2

1

Basically you're looking for something like this (if you go the session route):

Setting session variable:

session_start();
if($some_condition_to_check_credentials_validity==true)
{
   $_SESSION['username'] = $user;
}

Reading session variable:

session_start();
$user = $_SESSION['username'];
developerwjk
  • 8,619
  • 2
  • 17
  • 33
  • if i copy and paste that would that work?, i apologize but i am fairly new with PHP – Michael May 16 '14 at 23:02
  • @Michael, `$some_condition_to_check_credentials_validity` is just pseudo-code, a placeholder for whatever you do to check that the user is valid. – developerwjk May 16 '14 at 23:03
  • I presume a list of your users is stored somewhere. You should check if it corresponds (change the `if` condition). – blex May 16 '14 at 23:04
0

As I said in the comment, storing things in $_SESSION is probably safer for a login system, because cookies can be edited.

The way to do this, is simply assigning the variables to the $_SESSION variable:

session_start();
if ($conditionToLogin) {
   $_SESSION['user'] = htmlentities($_GET['l_username']);
}

From then, on every webpage you start the session with session_start() you can read the $_SESSION['user'] variable, and it will return the username that logged in.

BananaMan
  • 168
  • 1
  • 10
  • So paste that code into every page that uses – Michael May 16 '14 at 23:04
  • will that store the password too? or they'll have to type that in? – Michael May 16 '14 at 23:05
  • 1
    Storing the password can be done by typing `$_SESSION['pass'] = htmlentities($_GET['l_password']);`, but why would you want to store the password anyway? – BananaMan May 16 '14 at 23:07
  • 2
    @Michael You clearly don't know what you are doing, I'm not being mean here, but this is not code you can just copy and paste, you need to adapt it to your existing code. I think you should look for tutorials, Google has plenty of them ! :) – blex May 16 '14 at 23:07
  • @Michael, Storing the username in the session is only a way to say "Ok, they're logged in now." Obviously they still have to actually type in their credentials to get logged in. – developerwjk May 16 '14 at 23:09
  • @blex i think your right lol :-) - and i get you, i know your not being mean. - I'm just trying to get my head wrapped around this.. Thank all of you guy's i appreciate the help and directions yous are pointing me into - – Michael May 16 '14 at 23:09
  • @BananaMan because this login is mainly going to be done from a mobile device, and i'm thinking if someone is driving, then they should just be able to be logged right in – Michael May 16 '14 at 23:10
  • @BananaMan - if i add those lines, is there other things that i need to do under the hood, and those lines are just to point me in the right direction and i need to look into those types of functions - or would those be all i need? - sorry for bugging you... but thank you for the advice – Michael May 16 '14 at 23:12
  • @developerwjk i understand they will need to put there login info in, but the form i got now is asking them to do so too frequently – Michael May 16 '14 at 23:14
  • @Michael First of all, how do you store your user list? (MySQL Database, simple variables -small scale project-) Tell us more. – blex May 16 '14 at 23:14
  • 2
    Since you said you are not experienced with this, maybe you should start by finding out what exactly you want to do here. You want users to login using a form, which means `$_POST` will be set for the fields that are submitted. Then you want to check these with your database/user info and see if they log in correctly. If yes, then you set the `$_SESSION` variable, if not, you display what they've done wrong so they can correct it. I suggest (what has already been suggested) you look up existing login systems, and check how they've done it. Doing that will make you understand better. – BananaMan May 16 '14 at 23:15
  • @BananaMan would it be easier to add in the "Remember me" check box? – Michael May 16 '14 at 23:17
  • I suggest checking out [this topic](http://stackoverflow.com/questions/1354999/keep-me-logged-in-the-best-approach), and see what is the best approach to do this. – BananaMan May 16 '14 at 23:19
  • @Michael I found a tutorial that might help you. It explains how to setup a simple login system with php SESSIONS and users stored in a database : [SourceCodeTuts.com](http://www.sourcecodetuts.com/php/27/how-create-login-page-php-and-mysql-session) – blex May 16 '14 at 23:21