Re: [PHP] Cookies, Sessions and Login Proceess
Thanx a bunch you guys! Got my login process going the way I wanted it. I
appreciate your help, as I['m new to php. The first of many questions I
suppose :)
Cheers Joe
"Christopher William Wesley" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> On Mon, 12 Nov 2001, Joe Van Meer wrote:
>
> > Thx Christopher for replying. Ok, let me see if I understand you
> > correctly...
> >
> > The user enters username and password on index.php, this is posted to
> > login.php. On login.php after I verify the user is who he/she says they
are
> > I set a cookie called "accessedbefore" to "yes" and redirect them to the
>
> Exactly.
>
> > main page. Am I allowed to set a cookie and redirect them after
determining
> > who the user is? How would I redirect them after setting the cookie?
Header
>
> You can set a cookie any time before any standard output is sent to the
> browser (and before you send a new Location header).
>
> Your login.php can look something like this (with pseudo-ish code) ...
>
> $input_ok = validate_user_input( $username, $password );
> if( $input_ok ){
> $user_ok = authenticate_user( $username, $password );
> if( $user_ok ){
> setcookie( "myuser", "ok", time()+7200, "/" );
> header( "Location: congratulations.html" );
> } else {
> header( "Location: go_away.html" );
> }
> } else {
> header( "Location: go_away.html" );
> }
> ?>
>
>
> ~Chris /"\
> \ / September 11, 2001
> X We Are All New Yorkers
> / \ rm -rf /bin/laden
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Cookies, Sessions and Login Proceess
On Mon, 12 Nov 2001, Joe Van Meer wrote: > Thx Christopher for replying. Ok, let me see if I understand you > correctly... > > The user enters username and password on index.php, this is posted to > login.php. On login.php after I verify the user is who he/she says they are > I set a cookie called "accessedbefore" to "yes" and redirect them to the Exactly. > main page. Am I allowed to set a cookie and redirect them after determining > who the user is? How would I redirect them after setting the cookie? Header You can set a cookie any time before any standard output is sent to the browser (and before you send a new Location header). Your login.php can look something like this (with pseudo-ish code) ... ~Chris /"\ \ / September 11, 2001 X We Are All New Yorkers / \ rm -rf /bin/laden -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Cookies, Sessions and Login Proceess
header(); function is fine. Another option is javascript which is dependent on the client software. But you get the picture about the login process. I just have to agree with Chris, something name 'is_logged' is better than 'accessedbefore'. -- Julio Nobrega A hora está chegando: http://toca.sourceforge.net "Joe Van Meer" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thx Christopher for replying. Ok, let me see if I understand you > correctly... > > The user enters username and password on index.php, this is posted to > login.php. On login.php after I verify the user is who he/she says they are > I set a cookie called "accessedbefore" to "yes" and redirect them to the > main page. Am I allowed to set a cookie and redirect them after determining > who the user is? How would I redirect them after setting the cookie? Header > function or is there a better way? > > Thx Joe :) > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Cookies, Sessions and Login Proceess
Thx Christopher for replying. Ok, let me see if I understand you correctly... The user enters username and password on index.php, this is posted to login.php. On login.php after I verify the user is who he/she says they are I set a cookie called "accessedbefore" to "yes" and redirect them to the main page. Am I allowed to set a cookie and redirect them after determining who the user is? How would I redirect them after setting the cookie? Header function or is there a better way? Thx Joe :) "Christopher William Wesley" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Just do your authentication before you send any HTML (including any > whitespace). I actually recommend not sending ANY HTML from your > authentication script. Authenticate them, set your cookie, and redirect > the visitor to an appropriate next page, based on whether or not they've > successfully authenticated. > > BTW - storing the username/password in the cookie makes no sense They've > already authenticated ... just store a user-is-logged-in cookie which > expires after X minutes/hours/etc. It's a good practice for when you'll > have to deal with privacy & security concerns. > > ~Chris /"\ > \ / September 11, 2001 > X We Are All New Yorkers > / \ rm -rf /bin/laden > > On Mon, 12 Nov 2001, Joe Van Meer wrote: > > > Hi there, I'm new to php coming from an asp background and would like to > > know the easiest way to automate a login process. I have one page called > > 'index.php' and it contains a form with 2 elements, username and password. > > This page is posted to th 'login.php' and here I do a check against the > > database to see if the person is who they say they are. This where I came > > across a problem...I would like to set a cookie on the user's machine once I > > know they are who they say they are. So I attempted to create a cookie to > > hold their username and password upon successful login..I received the > > following error...Warning: Cannot add header information - headers already > > sent by (output started at E:\ez\codesnipits\login.php:16) in > > E:\ez\codesnipits\login.php on line 66. > > > > So I looked up in the manual and found that I can't do it this way. I can't > > send header info after the header has been sent for obvious reasons. So how > > the heck do I manage to do this? What I would to do is have the user login > > once, and each subsequent time they visit , skip the login process via their > > username and password in the cookie. > > > > Any insight to this type of process would greatly be appreciated. > > > > Thx Joe > > p.s Sorry about the bold font ;) > > > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Cookies, Sessions and Login Proceess
Just do your authentication before you send any HTML (including any whitespace). I actually recommend not sending ANY HTML from your authentication script. Authenticate them, set your cookie, and redirect the visitor to an appropriate next page, based on whether or not they've successfully authenticated. BTW - storing the username/password in the cookie makes no sense They've already authenticated ... just store a user-is-logged-in cookie which expires after X minutes/hours/etc. It's a good practice for when you'll have to deal with privacy & security concerns. ~Chris /"\ \ / September 11, 2001 X We Are All New Yorkers / \ rm -rf /bin/laden On Mon, 12 Nov 2001, Joe Van Meer wrote: > Hi there, I'm new to php coming from an asp background and would like to > know the easiest way to automate a login process. I have one page called > 'index.php' and it contains a form with 2 elements, username and password. > This page is posted to th 'login.php' and here I do a check against the > database to see if the person is who they say they are. This where I came > across a problem...I would like to set a cookie on the user's machine once I > know they are who they say they are. So I attempted to create a cookie to > hold their username and password upon successful login..I received the > following error...Warning: Cannot add header information - headers already > sent by (output started at E:\ez\codesnipits\login.php:16) in > E:\ez\codesnipits\login.php on line 66. > > So I looked up in the manual and found that I can't do it this way. I can't > send header info after the header has been sent for obvious reasons. So how > the heck do I manage to do this? What I would to do is have the user login > once, and each subsequent time they visit , skip the login process via their > username and password in the cookie. > > Any insight to this type of process would greatly be appreciated. > > Thx Joe > p.s Sorry about the bold font ;) > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
