[PHP] Re: Login with Remember me Feature

2011-08-14 Thread Richard Riley 
Tim Streater t...@clothears.org.uk writes:

 On 14 Aug 2011 at 14:23, Alekto Antarctica alekto.antarct...@gmail.com 
 wrote: 
 
 *function loggedin()*
 *{*
 * if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))*
 * {*
 * $loggedin = true;*
 * return $loggedin;*
 * }*
 *}*
 
 Why not justreturn true;
 
 And what happens if your if doesn't evaluate to true? What do you return 
 then?
 
 
 *?php*
 *
 *
 *if (loggedin==true)*
 *{*
 
 Should this be:
 
   if ($loggedin==true) ...
 
 --
 Cheers  --  Tim

Are you aware that your posts have some very strange and unique line
endings?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Login with Remember me Feature

2011-08-07 Thread Richard Riley 
Andre Polykanine an...@oire.org writes:

 Hello alekto,

 I've got several notes to point out:
 1. You can't do neither a header(), nor a SetCookie() after any echo
 on the page. The out-of-php pieces of the page included.

Not true.

See ob_start and family.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Login with Remember me Feature

2011-08-07 Thread Sean Greenslade 
On Sun, Aug 7, 2011 at 3:11 PM, Richard Riley rile...@googlemail.comwrote:

 Andre Polykanine an...@oire.org writes:

  Hello alekto,
 
  I've got several notes to point out:
  1. You can't do neither a header(), nor a SetCookie() after any echo
  on the page. The out-of-php pieces of the page included.

 Not true.

 See ob_start and family.

 Yes, but it is better form to make sure there is no output before your
header or setcookie commands. This makes your code more portable. Your code
will need some restructuring, though.

I did notice some other issues in your code, however. You delete the cookies
in the beginning if they are set. This is probably what was killing your
remember me function.

But on a much more serious note, this script is full of security holes.
Unhashed passwords in the DB and cookies is just asking for trouble. Plus,
if you're using sessions, you should just use the session cookie to remember
a login. It's safer than storing a password in a cookie.
-- 
--Zootboy

Sent from my PC.

Re: [PHP] Re: Login with Remember me Feature

2011-08-07 Thread Andre Polykanine 

Hello Richard,

  
RR See ob_start and family.

Alekto doesn't use them in that code.


-- 
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion (mostly in Russian)
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php