Hi,
I have implemented a "remember" me feature in my login-script, but I can't get
it to function!
I want to make it possible for the users to stay logged in for 30 days.
This is what I got this far:
This checkbox is placed Inside the index.php script, near by the
username/password field.
<p><input type="checkbox" name="remember">Remember me</p>
This is all I have added in the index/login script that has something to do
with the remember me feature.
When it comes to saving the username/password to cookies, I have added three
parts to the connextion.php script, all highlighted.
Obviously, I have not found out why this feature does not work, but I might
have placed the different if-loops in the wrong places, or it could be that the
if-codes are not correct themselves?
Anyways, all help are appreciated.
Cheers!
connextion.php:
<?php
include('config.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"
/>
<link href="<?php echo $design; ?>/style.css" rel="stylesheet"
title="Style" />
<title>Connexion</title>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design;
?>/images/logo.png" alt="Members Area" /></a>
</div>
<?php
//1. unset the cookies if the user logs out.
if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass']))
{
setcookie("cookname", "", time()-2592000, "/");
setcookie("cookpass", "", time()-2592000, "/");
}
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
//We log him out by deleting the username and userid sessions
unset($_SESSION['username'], $_SESSION['userid']);
?>
<div class="message">You have successfuly been loged out.<br />
<a href="<?php echo $url_home; ?>">Home</a></div>
<?php
}
else
{
$ousername = '';
//We check if the form has been sent
if(isset($_POST['username'], $_POST['password']))
{
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$ousername = stripslashes($_POST['username']);
$username =
mysql_real_escape_string(stripslashes($_POST['username']));
$password = stripslashes($_POST['password']);
}
else
{
$username =
mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
}
//We get the password of the user
$req = mysql_query('select password,id,usr_level from users
where username="'.$username.'"');
$dn = mysql_fetch_array($req);
//Get user level of the user
$usr_level = $dn['usr_level'];
//We compare the submited password and the real one, and we
check if the user exists
if($dn['password']==$password and mysql_num_rows($req)>0)
{
//If the password is good, we dont show the form
$form = false;
//We save the user name in the session username and the
user Id in the session userid
$_SESSION['username'] = $_POST['username'];
$_SESSION['userid'] = $dn['id'];
$_SESSION['usr_level'] = $dn['usr_level'];
if($usr_level == admin)
{
?>
<div class="message">You have successfuly been logged in. You can now access
the admin area.<br />
<?php header("Location: index_admin.php"); ?></div>
<?php
}
if($usr_level == newbie)
{
?>
<div class="message">You have successfuly been logged in. You can now access to
the newbe area.<br />
<?php header("Location: index_newbe.php"); ?></div>
<?php
}
if($usr_level == advanced)
{
?>
<div class="message">You have successfuly been logged in. You can now access
the advanced area.<br />
<?php header("Location: index_advanced.php"); ?></div>
<?php
}
//2. checks if the Remember me check box is checked or not
if (isset($_POST['remember'])){
setcookie("cookname", $_SESSION['username'],
time()+2592000, "/");
setcookie("cookpass", $_SESSION['password'],
time()+2592000, "/");
}
//3. checks the users cookies for the username and password
if (isset($_COOKIE['cookname']) &&
isset($_COOKIE['cookpass'])){
$_SESSION['username'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}
}
else
{
//Otherwise, we say the password is incorrect.
$form = true;
$message = 'The username or password is incorrect.';
}
}
else
{
$form = true;
}
if($form)
{
//We display a message if necessary
if(isset($message))
{
echo '<div class="message">'.$message.'</div>';
}
//We display the form
?>
<div class="content">
<form action="connexion.php" method="post">
Please type your IDs to log in:<br />
<div class="center">
<label for="username">Username</label><input type="text"
name="username" id="username" value="<?php echo htmlentities($ousername,
ENT_QUOTES, 'UTF-8'); ?>" /><br />
<label for="password">Password</label><input type="password"
name="password" id="password" /><br />
<input type="submit" value="Log in" />
</div>
</form>
</div>
<?php
}
}
?>
</body>
</html>
