Results 1 to 11 of 11
  1. #1

    PHP - Implementing "remember login"

    I'm implementing a community website of my own in PHP. My system is a bit like PHP nuke, but custom tailored to my needs. What I would like to implement, is custom themes for each user, but it seems like that is pointless if you have to login everytime to see your custom theme, and so I would like to implement the popular "remember login" feature.

    I'm wondering what is the simplest way to go about this. Perhaps by modifying the session cookie timeout (if so, how?). I'm also wondering if I am going to have to modify my database, or if I can just count on the user cookie to store his password, and automatically login everytime.

    I also don't want to force all users to use this permanent login feature.

  2. #2
    Join Date
    Mar 2004
    Location
    USA
    Posts
    4,342
    everything stays the same,

    store ip - theme id and whenever a user goes on check that table.

    I would separate that from user password and stuff..

    If you do not care if people are not having coookies turned on (their problem attitude) then use cookies else use database.

    Peace,
    Testing 1.. Testing 1..2.. Testing 1..2..3...

  3. #3
    I would rather not modify the database at all.

    Does it work like this: When the user logs on, if he has checked "remember login", the cookie is set to expire in one year?

    And functions should I use?

  4. #4
    Join Date
    Mar 2003
    Posts
    878
    I always thought of something like this:
    PHP Code:
    if(isset($_COOKIE['login'])){ // is he logged in??
      
    if(isset($_COOKIE['theme'])){ // has he chosen a theme??
        
    $theme=$_COOKIE['theme']; //his theme
      
    }
      else{
    $theme='default'}
    }
    else{
    blah...} 

  5. #5
    Thats not really what I'm asking about.

  6. #6
    Join Date
    Oct 2002
    Location
    Canada
    Posts
    3,100
    Here are few functions from my user class

    PHP Code:
        function makeUserHash ($uid){
            
    $encrypted_data gcrypt_encrypt ($uid GUSER_HASH_SECRET ) ;
            
    $encrypted_data base64_encode($encrypted_data);
            
    $encrypted_data urlencode(substr($encrypted_data strlen($encrypted_data ) - ));
            return 
    $encrypted_data
        }    
        
        function  
    revertUserHash($hash) {
            
    $decrypted_data base64_decode(urldecode($hash) . '=' ) ; 
            
    $decrypted_data gcrypt_decrypt ($decrypted_data GUSER_HASH_SECRET );
            return 
    $decrypted_data
        }

        function 
    hashLogin ($hash){
            
    $uid $this->revertUserHash($hash) ;
            if (
    $uid) {
                
    $query  "SELECT userid  FROM users WHERE userid='".addslashes($uid)."' and status = '1' LIMIT 1 " ;
                
    $res mysql_query ($query ) ;
                if (
    mysql_num_rows ($res)  == ) {
                    
    $this->user_id $uid;
                }        
            }
        } 
    gcrypt_encrypt and gcrypt_decrypt function obviously encrypt and decrypt string and you can use your faworite 2 way encryption method there or some combination of them.

    The hash that is created is big enough that would be impossible to guess it, so I just save it in a cookie, and every time page is visited I check for this cookie and automagicly log in user. This would be no good for banking site, but then again you would not want "remember login" on banking site eather.
    Last edited by sasha; 05-17-2005 at 10:16 AM.

  7. #7
    Join Date
    Mar 2004
    Location
    USA
    Posts
    4,342
    Yes you would set it up for like a year or so (never expire)..

    http://www.phpfreaks.com/tutorials/120/0.php

    hope if helps,

    Peace,
    Testing 1.. Testing 1..2.. Testing 1..2..3...

  8. #8
    Originally posted by azizny
    Yes you would set it up for like a year or so (never expire)..

    hope if helps,

    Peace,
    Yes thats what I'm looking for... Let me see if I understand things right:

    To do what I plan to do, I'm going to have to replace my session handling by cookies... And the $_COOKIE[] variable is a global, like $_SESSION[]... So I could basically use it the same way.

    But what are the relevant function calls here. I guess I'm going to want to store a cookie on the client side for the user name and password, and set its lifetime for a year if the "remember login" function was checked. How do I do that? Also, if I don't set a lifetime, will the cookie just get destroyed when the browser closes? What happens if I resend a cookie, will it overwrite the previous one automatically?

  9. #9
    use combination of cookies, session table and hashed value (not password) for example session id
    HostNodeList Web Host Directory, DEV.INTOEX.COM - products for online business

    Experienced web-developer | PHP | Smarty | Zend | Databases | Graphic design - looking for long-time relationship

  10. #10
    It would be simpler if I can just use cookies.

    Is there any way other webservers can retrieve cookies you store on a client?

  11. #11
    Well, I got it working

    Thank you people for your suggestions.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •