[PHP] Re: Login with Remember me Feature
Tim Streater writes: > On 14 Aug 2011 at 14:23, Alekto Antarctica > wrote: > >> *function loggedin()* >> *{* >> * if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))* >> * {* >> * $loggedin = true;* >> * return $loggedin;* >> * }* >> *}* > > Why not justreturn true; > > And what happens if your "if" doesn't evaluate to true? What do you return > then? > > >> *> * >> * >> *if (loggedin==true)* >> *{* > > Should this be: > > if ($loggedin==true) ... > > -- > Cheers -- Tim Are you aware that your posts have some very strange and unique line endings? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Login with Remember me Feature
Hello Richard, RR> See ob_start and family. Alekto doesn't use them in that code. -- With best regards from Ukraine, Andre Skype: Francophile My blog: http://oire.org/menelion (mostly in Russian) Twitter: http://twitter.com/m_elensule Facebook: http://facebook.com/menelion -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Login with Remember me Feature
On Sun, Aug 7, 2011 at 3:11 PM, Richard Riley wrote: > Andre Polykanine writes: > > > Hello alekto, > > > > I've got several notes to point out: > > 1. You can't do neither a header(), nor a SetCookie() after any echo > > on the page. The out-of-php pieces of the page included. > > Not true. > > See ob_start and family. > > Yes, but it is better form to make sure there is no output before your header or setcookie commands. This makes your code more portable. Your code will need some restructuring, though. I did notice some other issues in your code, however. You delete the cookies in the beginning if they are set. This is probably what was killing your remember me function. But on a much more serious note, this script is full of security holes. Unhashed passwords in the DB and cookies is just asking for trouble. Plus, if you're using sessions, you should just use the session cookie to remember a login. It's safer than storing a password in a cookie. -- --Zootboy Sent from my PC.
[PHP] Re: Login with Remember me Feature
Andre Polykanine writes: > Hello alekto, > > I've got several notes to point out: > 1. You can't do neither a header(), nor a SetCookie() after any echo > on the page. The out-of-php pieces of the page included. Not true. See ob_start and family. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php