[PHP] Variable Passing
Hi, I am curious how to pass a variable without using something like id=321. I have seen sites that have something like http://www.website.com/something/321 and the variable is passed how exactly is that done? And is it called something specific so I know how to refer to it in the future? Thanks, Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Variable Passing
This seems to be what I was looking for, but I am curious, will the / be included in the variable? Will I have to do a stripslashes() command on it? Brad Hans Juergen von Lengerke [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Brad Brevet: Hi, I am curious how to pass a variable without using something like id=321. I have seen sites that have something like http://www.website.com/something/321 and the variable is passed how exactly is that done? And is it called something specific so I know how to refer to it in the future? You can do that with $_SERVER[PATH_INFO]. If your script is /something, this variable will be set to /321 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Remember me function
Hey all, I have a log-in all set up on my site using PHP Sessions but I want to add the Remember Me function, but I don't know what to set in the cookie to make it that way. Please help. :) Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Remember me function
Is this the all I would need to do to set a cookie with a username stored for 30 days? Sorry I am new at this. setcookie (Cookie Name, $username, time()+60*60*24*30); Greg Donald [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 3 Dec 2004 07:38:47 -0800, Brad Brevet [EMAIL PROTECTED] wrote: Hey all, I have a log-in all set up on my site using PHP Sessions but I want to add the Remember Me function, but I don't know what to set in the cookie to make it that way. Please help. :) Set a cookie, then check for it later. If it exists, bypass the login and grant a session or whatever you're doing now for logged-in users. You might also want to set a session variable that the cookie has been 'looked for' so it doesn't relog them in on each page request. php.net/setcookie -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Remember me function
Nevermind, I figured it all out, thanks for the info. Brad Brevet [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Is this the all I would need to do to set a cookie with a username stored for 30 days? Sorry I am new at this. setcookie (Cookie Name, $username, time()+60*60*24*30); Greg Donald [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 3 Dec 2004 07:38:47 -0800, Brad Brevet [EMAIL PROTECTED] wrote: Hey all, I have a log-in all set up on my site using PHP Sessions but I want to add the Remember Me function, but I don't know what to set in the cookie to make it that way. Please help. :) Set a cookie, then check for it later. If it exists, bypass the login and grant a session or whatever you're doing now for logged-in users. You might also want to set a session variable that the cookie has been 'looked for' so it doesn't relog them in on each page request. php.net/setcookie -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Remember me function
Is what I have set up and it is working is a cookie that saves someones username if they check the Remember Me box. If the cookie is set it then starts the necessary session and stays active for 30 days. Are there any pitfalls to this that you can see? Are there any additional security measures I should take? As far as passwords are concerned you must have access to the user's specific email address in order to obtain that information, but then again I think that is the only way to relay password information at all, it isn't visibly available in a non MD5 form anywhere on the site. What else should I be worried about as far as security is concerned with Sessions and Cookies? Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Brad Brevet wrote: Hey all, I have a log-in all set up on my site using PHP Sessions but I want to add the Remember Me function, but I don't know what to set in the cookie to make it that way. Please help. :) You have several options. One is to do the http://php.net/session_start, and then, if they asked to be remembered, to do another http://php.net/setcookie with the http://php.net/session_name, http://php.net/session_id, time() + 60*60*24*365*2, '/' as arguments. Don't go over 2 years, as browsers are not required to support that. Kinda overkill anyway, as who is going to wait two years to login and expect to be remembered? Another option would be to set cookies with their username and password in them, and to not ask them to login if those cookies are there. But that's risky in that you are storing their password in their cookies, which anybody else with physical access to their computer can not only get into your site, but can get their password in clear-text, and, most likely, they've used that password elsewhere, so now they can break into all that user's accounts all over the place. So this is not a *GOOD* option, even if it's technically possible. Another possibility is to create an http://php.net/md5 hash of a random http://php.net/microtime number and store *that* in their cookies much like the first option -- and store that same md5 hash with their username in a new table in your database. The only real difference between this and the first option is separating out your remember me cookie from the built-in PHP Session ID. Pros and cons either way. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Remember me function
Well, is what my plan is, is to create a session on log-in along with a stored cookie, so that once the browser is closed the session is removed and only the cookie remains for the 30-day time period. Brad Brian Dunning [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] When I use this feature, I set a cookie to Remember Me that lasts for six months or a year. That's completely independent of any session(s). Often I'll have a 6-month session for storing shopping cart contents, and a 30-minute session for storing login status. All kinds of things going on :) PS - When using a session that lasts a super long time, like 6 months, consider rolling your own session table rather than letting PHP create session text files all over your server. They can accumulate rather quickly. Brian Dunning http://www.briandunning.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php