Php Login problem

pokefan2

New Member
Messages
24
Reaction score
0
Points
0
On my locahost, this works fine, but here, it doesn't.

When I use my login script, I log in. But then my computer soes not remember that I logged in. Is there a script that will put cookies on my browser?
 

xPlozion

New Member
Messages
868
Reaction score
1
Points
0
If you're using PHP, you can set cookies by using
PHP:
setcookie('name', 'value');
that command will create a cookie named "name" with a value of "value" and will expire at the end of the current session (whenever you close your browser).

Take a look at PHP.net: setcookie for further explanation.
 
Last edited:

heinzketchup

New Member
Messages
25
Reaction score
0
Points
0
you don't really need cookies as far as i understood your problem (cookies are a bit unsafe)... in my script you can login and the login is remembered for a day or so...

you write a form with username and password and on top of the code after <? you put this: (Request is like get or post, it understands both...)

if(!empty($_REQUEST["user"]) && !empty($_REQUEST["password"])){
if(htmlspecialchars($_REQUEST["user"])=="USERNAME" && htmlspecialchars($_REQUEST["password"])=="PASS") {
//start session
session_start();
$_SESSION['ok'] = true;
header('Location: PAGENAME.php?'.urlencode(session_name()).'='.urlencode(session_id()));
} else {
session_start();
$_SESSION["ok"] = false;
echo 'PISS OFF!!!';
}
}
//this part is to logout manually(link comes later)
if($_REQUEST["relog"]=="1") {
session_start();
$_SESSION["ok"] = false;
}

on the very top (!important!) of your page where you redirect to you put this:

<? session_start();
if(empty($_SESSION['ok']) || $_SESSION['ok'] !== true) {
header('Location: login.php');
}
//the logout link
echo '<a href="login.php?relog=1">»Ausloggen!«</a>';

it worked for me, i hope this helps...
 

pokefan2

New Member
Messages
24
Reaction score
0
Points
0
That script does not seem to work for me, I need a script that let's my computer remember until the end of the browser session. I cannot seem to get cookies or that other script to even remotely work.

EDIT: I am going to take this over to the marketplace and pay someone to fix this. This can be closed now.
 
Last edited:

heinzketchup

New Member
Messages
25
Reaction score
0
Points
0
ok, well if you need it and don't want to spend time in learning it, the marketplace is the right adress...
if you changed your mind you can post what exactly doesn't work...

PS: you can close it by yourself: press reply and before pressing the "submit reply" button you can make the checkbox close after posting or semething like that checked
 

freecrm

New Member
Messages
629
Reaction score
0
Points
0
Why not use simple Session Variables?

When the session ends, so do the variables and effectively log out your user.

Simple..

Login page -

<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "LEVEL";
$MM_redirectLoginSuccess = "loginsuccess.php";
$MM_redirectLoginFailed = "loginfail.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_yourdatabase, $yourdatabase);

$LoginRS__query=sprintf("SELECT USERNAME, PASSWORD, LEVEL FROM TABLEUSERS WHERE USERNAME=%s AND PASSWORD=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));

$LoginRS = mysql_query($LoginRS__query, $yourdatabase) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

$loginStrGroup = mysql_result($LoginRS,0,'LEVEL');

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>

Page Validation

<?php require_once('../Connections/connection.php'); ?>
<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "Owner,Administrator,Manager,User,Editor,Reader";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = "../accessfail.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>

See if this helps you...
 
Last edited:

xPlozion

New Member
Messages
868
Reaction score
1
Points
0
But with session variables comes a downside.

1. They're not prone to being hacked. If a website is on the same server, which in this case it is (shared hosting), it can hack session cookies that belong to another website. LINK

2. As the user above me posted, once the session ends (you close your browser), so do the variables associated with it. It can be a burden on your visitors to login each and every time that they reopen their browser. With cookies, you can have the cookie active until you close the browser, or years down the road (Remember Me function). Also, if you encrypt the user password (best to add extra variables before you send the encrypted password so dictionary hacking cannot be used)

-An example to this would be
PHP:
<?php
sha1(sha1($user['id']).sha1($user['password']));
?>
That would encrypt the password so it contains an encrypted userid and an encrypted password put together and then encrypted again.

With PHP, and other programming languages, using just the basics for security aren't going to cut it. You cannot protect against MySQL with mysql_query('INSERT INTO blah (a,b,c) VALUES('.$_POST['a'].','.$_POST['b'].','.$_POST['c'].')') or from cookie stealing and hijacking an account without encrypting the password you are sending.

Like before, if you would like more help, just ask. I am always here to help.

PS. If you would like to see a basic script, I can code one up real quick for you.

-xP
 
Top