Cookie won't remember person

hbradshaw

Hi,

I'm writing a login script which will set a cookie and remember the person for next login.

I was able to get the first part; setting the cookie to work.

I am having a lot of trouble getting the remember part to work. I want the username and/or password remembered so the person doesn't have to reenter it every time.

My login form contains the following: <input type="checkbox" name="remember" value="Yes">.

I thought, that if I wrote the following statement, the information for the user should be remembered, but it's not:

if ($_POST[remember] == "Yes")
{
setcookie('member', 'member', time()+24360060);
}

How could I modify my script to make the above statement to work?

Please note: The code on the bottom doesn't include the above statement because no matter where I stick it, it won't work. So, I left the script at the point where it is working with setting the cookie.

Thanks for the help.

Here's the script:
<?php
session_start();
header("Cache-control: private");
include "conn.inc.php";

switch($_REQUEST['req'])
{
case "validate":

$validate = mysql_query("SELECT * FROM member WHERE
username = '{$POST['username']}' AND password = md5('{$POST['password']}')") or
die (mysql_error());

if (mysql_num_rows($validate) == 1)
{
while($row = mysql_fetch_assoc($validate))
{
$SESSION["status"] = "Logged";
$SESSION['memberid'] = $row['memberid'];
$SESSION['first_name'] = $row['first_name'];
$SESSION['last_name'] = $row['last_name'];
$SESSION['email'] = $row['email'];
$SESSION['phone1'] = $row['phone1'];
$SESSION['phone2'] = $row['phone2'];
$SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
setcookie('member', 'member', time()+24360060);

$login_time = mysql_query("UPDATE member SET last_login=now() where memberid='{$row['memberid']}'");

}
header("Location: http://www.bridgemilltennis.com/members/secure/member-area-main.php");
}
else
{
$SESSION["status"] = "Not logged";
$SESSION['username'] = Guest;
header("Location: http://www.bridgemilltennis.com/members/secure/login_form.php");
exit;
}
break;
}
?>

TheDefender

Where's the form part of the script? You know, the part where you pull the variables out of the cookie array?

Also, it doesn't appear as though you've stored anything in that cookie of any value, like the username... since you are storing "member".

If you look in the manual at the [man]setcookie[/man] function, there are some examples of how to use the setcookie to store your variables, and then to call them later. After looking and modifying your script, post back and let us know what other help you may need.

hbradshaw

Hello:

Thanks for the reply. This is the first time I'm dealing with cookies. I've read a lot of books on cookies and I even did their examples to see the results. Unfortunatley, none of them talked about cookies with databases which is what I'm doing.

First, here is the login form.

              <td width="84%" height="16">
              <b><span class="leftbar"><font size="2" face="Verdana">
              Username:</font></span></b></td>
              </tr>
            <tr>
              <td width="84%" height="16">
              <input type="text" name="username" size="13">
              </td>
            </tr>
            <tr>
              <td width="84%" height="16">
              <b><span class="leftbar"><font size="2" face="Verdana">
              Password:</font></span></b></td>
            </tr>
            <tr>
              <td width="84%" height="16">
              <input type="password" name="password" size="13">
              </td>
            </tr>
            <tr>
              <td width="84%" height="16">
              <input type="checkbox" name="remember" value="Yes"><font size="2" face="Verdana"> Remember me</font><p></p>
              </td>
            </tr>
            <tr>
              <td width="84%" height="16">
              <p align="center">
              <input type="hidden" name="req" value="validate">
              <input type="submit" name="submit" value="Login" style="float: left"></font>

</form>

              </td>
            </tr>

</table>

As for my script which I originally posted above, all it does is checks to see if the username and password entered in the form matches what is in the database. If so, it's a good login, if not, you have to try again.

I modified my setcookie line to:

setcookie('username', $_SESSION[username], time()+24360060);

I believe the script works because when I go to my cookie directory, this is what I get:

username
bashful
www.bridgemilltennis.com/members/secure/
1536
483933952
29720338
3280446672
29708268
*

Now, that I know I have a cookie set, what do I do with it? If I try to login in again, it doesn't remember me even though my username is in the cookie.

Thank you for your patience.

TheDefender

OK, so now dor:

print_r($_COOKIE);

to see what's actually in the cookie...

hbradshaw

Hi,

This is the result from print_r($_COOKIE);

Array ( [username] => bashful )

I'm going to take a stab at this. In order for the cookie to recognize me, should the "value" from "remember" be in the cookie as well?

If you look at my code, all my session variables are generated from the table not the form. My table doesn't contain a field for "remember". Is it possible to include a $_POST[remember] with my database fields?

In other words, will this be ok?

$SESSION['phone1'] = $row['phone1'];
$SESSION['phone2'] = $row['phone2'];
$SESSION['username'] = $row['username'];
$SESSION['password'] = $row['password'];
$SESSION['rembmer'] = $POST['remember'];

Slash78

This is sorta off-topic, but I don't suggest storing usernames and passwords in your sessions. Also you may want to look into just storing the session id and hashing it.