[Resolved] Remember Me

sys4dm1n

I have scripted a login system, but would like to intergrate a remember me feature with a check box at the login field.

It should make it so after hitting submit, a cookie is saved and expires after seven days.

I havent really done any work with cookies..and have looked on google already. Any suggestions?

Great..now I'm hungry...

drew010

in your form fields, simply add

<input type="text" name="username" value="<?php echo @$COOKIE['site_user']; ?>" /><br />
<input type="text" name="password" value="<?php echo @$COOKIE['site_pass']; ?>" /><br />
<input type="checkbox" name="save" /> Save Info

<?php
//before any output on your script that 
//receives the post data from the form
if (isset($_POST['save'])) {
  //since checkboxes are not set if they are unchecked
  //checking if its set indicates its checked
  setcookie("site_user", $_POST['username'], strtotime("today +7 days"));
  setcookie("site_pass", $_POST['password'], strtotime("today +7 days"));
}
//...
?>

thats about all there is to it.

sys4dm1n

drew,

it didnt work when I did it.

here is the code:

clogin.php:

<table cellspacing="0" cellpadding="1" width="151" border="0" align="center">
	<tr><br />
	<td width="150"><center>Client Login</center></td>
	</tr>
	<tr>
	<td width="150">
	<table cellspacing="0" cellpadding="1" width="150" border="0" align="center">
	<tr>
		<td width="149">
<?php
if ($login == "error") {
		print "<div align=\"center\"><font color=\"red\">Error: Incorrect login.</font></div><br />";
	} elseif ($login == "logout") {
		print "<div align=\"center\">You are now logged out.</div><br />";
	} elseif ($login == "registered") {
		print "<div align=\"center\">You have now signed up.</div><br />";
	} else {
		print "<br />";
}
?>

<form enctype="multipart/form-data" action="client/login_script.php" method="post">
<input type="hidden" name="sid" value="<? echo $_SESSION['sid'] ?>" />
Username:
<input type="text" name="username" class="form" size="20" value="<?php echo @$_COOKIE['username']; ?>" /><br />
Password:
<input type="password" name="password" size="20" class="form" value="<?php echo @$_COOKIE['password']; ?>" /><br />
<label for="save"><input type="checkbox" name="save" /> Save Password</label>
<br />
<div align="right">
	<input type="submit" value="Login" onclick="this.disabled = true; this.value='Login'; this.form.submit();">&nbsp;&nbsp;&nbsp;&nbsp;
</div>
</form>
		</td>
	</tr>
	</table>
	</td>
	</tr>
</table>
</p>
					   </td>

login_script.php

<?
session_start();
if (isset($_POST['save'])) {
  setcookie("site_user", $_POST['username'], strtotime("today +7 days"));
  setcookie("site_pass", $_POST['password'], strtotime("today +7 days"));
} 
include ("config.php");
//checking to see if you have any users in the database, if so, the script continues, if not, it stops and lets you know
$usersquery=mysql_query("SELECT username FROM users")
	or die ("The query on the number of users didn't work. ".mysql_error());
if (mysql_num_rows($usersquery) == "0") {
	print "Deleted all ".
	"of the users.  That's no good.<br><br>If you are not the admin of this site, please email him/her at <a href=\"mailto:$admin_address\">$admin_address</a> to let him/her know that you received the error message.";
	exit();
}

$ip_address = "$REMOTE_ADDR";


//lock out option
//if you want people to be locked out after 3 incorrect logins set this as "1"
//if you don't want to used this option, set this as "0" in config.php
if ($iplockout == "1") {
	$loginquery=mysql_query("SELECT * FROM logins WHERE ip_address = '$ip_address' AND incorrect")
		or die ("ip_address check/logins check query didn't work ".mysql_error());
	$logindata = mysql_fetch_object ($loginquery);

if (mysql_num_rows($loginquery) >= "4") {
	print "You have been locked out.  Too many incorrect logins from ip address: $ip_address";
	exit();
}
}


$password = md5($password);
 // If $username and $password are set, match data against users table
$query=mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'")
	or die ("For some reason the script wasn't able to check the username/password. ".mysql_error());

// If num_rows from users table = 1, set session variables
if (mysql_num_rows($query) == "1") {

session_start();

// Declaring some varibles
$valid_user = $username;
$id = session_id();
$ip_address = "$REMOTE_ADDR";
$data = mysql_fetch_object ($query);
$seclevel = $data->securitylevel; // this declares the security level varibles
$rowid = $data->id;
$datetime = date("n-d-y@h:iA", time() + 3600);

// adds 1 to the users "logincount" in the users table.  that way you see how many times a person has logged in
mysql_query("UPDATE users SET logincount = logincount+1 WHERE (username = '$username')")
	or die("Bad query: ".mysql_error());

/*
the 4 lines below this comment registers variables so you can "call" this variables on other secure pages
example:
	print "You logged in as: $valid_user";
that code will display the users name
*/
session_register("valid_user");
session_register("ip_address");
session_register("id");
session_register("seclevel");


// inserting login information, 1 = correct login
$insert = 	"INSERT INTO logins(datetime, ip_address, username, password, correct, incorrect) ".
			"VALUES('$datetime', '$ip_address', '$username', '$password', '1', '0')" or die("Bad query: ".mysql_error());
$mysql_insert = mysql_query($insert, $mysql_link)
	or die("Please notify the admin that the script is connecting to the database, but not inserting the information ".mysql_error());
//moves you to the logged in page
header("Location: ./index.php?sid=$id");
exit;  // exit; "cancels the script"
}



// if the data given is incorrect/doesn't match...
if (mysql_num_rows($query) == 0) {

// inserting login information, 0 = incorrect login
$insert = 	"INSERT INTO logins(datetime, ip_address, username, password, correct, incorrect) ".
			"VALUES('$datetime', '$ip_address', '$username', '$password', '0', '1')" or die("Bad query: ".mysql_error());
$mysql_insert = mysql_query($insert, $mysql_link)
	or die("Please notify the admin that the script is connecting to the database, but not inserting the information ".mysql_error());
$id = session_id();
// moves back to the login page
header("Location: ../index.php?id=home&login=error&sid=$id");
}

?>

drew010

in your login form you are calling the cookie
<?php echo @$COOKIE['username']; ?>
but where it saves it is called site_user
setcookie("site_user", $POST['username'], strtotime("today +7 days"));

change one of the two names to match the other and it should be okay.

sys4dm1n

i did and it still doesnt work 😕 :glare:

drew010

try this simple test out and see if it works...

<form method="POST" action="process.php">
  <input type="text" name="user" value="<?php echo @$_COOKIE['site_user']; ?>" /> Username <br />
  <input type="text" name="pass" value="<?php echo @$_COOKIE['site_pass']; ?>" /> Password <br />
  <input type="checkbox" name="save" /> Save Details <br />
  <input type="submit" value="Login" />
</form>

process.php

<?php

if (isset($_POST['save'])) {
  setcookie("site_user", $_POST['user'], strtotime("today +7 days"));
  setcookie("site_pass", $_POST['pass'], strtotime("today +7 days"));

  echo "saved";
}

?>

stuff here

see if that will work for you

sys4dm1n

didnt say saved

drew010

is the box checked and what php version are you using.

sys4dm1n

ok it says saved but it doesnt remember?

drew010

you will have to refresh the login page to have the cookies show. is your browser you are testing with accepting cookies? try looking in your cookies to see if you have any set from your domain.

sys4dm1n

ok well the cookies set with the correct user name and password...but it still isnt working.

again, here is the code and the paths:

clogin.php

<table cellspacing="0" cellpadding="1" width="151" border="0" align="center">
	<tr><br />
	<td width="150"><center>Client Login</center></td>
	</tr>
	<tr>
	<td width="150">
	<table cellspacing="0" cellpadding="1" width="150" border="0" align="center">
	<tr>
		<td width="149">
<?php
if ($login == "error") {
		print "<div align=\"center\"><font color=\"red\">Error: Incorrect login.</font></div><br />";
	} elseif ($login == "logout") {
		print "<div align=\"center\">You are now logged out.</div><br />";
	} elseif ($login == "registered") {
		print "<div align=\"center\">You have now signed up.</div><br />";
	} else {
		print "<br />";
}
?>

<form enctype="multipart/form-data" action="client/login_script.php" method="post">
<input type="hidden" name="sid" value="<? echo $_SESSION['sid'] ?>" />
Username:
<input type="text" name="username" class="form" size="20" value="<?php echo @$_COOKIE['username']; ?>" /><br />
Password:
<input type="password" name="password" size="20" class="form" value="<?php echo @$_COOKIE['password']; ?>" /><br />
<input type="checkbox" name="save" /> <label for="save">Save Password</label>
<br />
<div align="right">
	<input type="submit" value="Login" onclick="this.disabled = true; this.value='Login'; this.form.submit();">&nbsp;&nbsp;&nbsp;&nbsp;
</div>
</form>
		</td>
	</tr>
	</table>
	</td>
	</tr>
</table>
</p>
					   </td>

/client/login_script.php

<?
session_start();
if (isset($_POST['save'])) {
  setcookie("username", $_POST['username'], strtotime("today +7 days"));
  setcookie("password", $_POST['password'], strtotime("today +7 days"));
} 
include ("config.php");
//checking to see if you have any users in the database, if so, the script continues, if not, it stops and lets you know
$usersquery=mysql_query("SELECT username FROM users")
	or die ("The query on the number of users didn't work. ".mysql_error());
if (mysql_num_rows($usersquery) == "0") {
	print "Deleted all ".
	"of the users.  That's no good.<br><br>If you are not the admin of this site, please email him/her at <a href=\"mailto:$admin_address\">$admin_address</a> to let him/her know that you received the error message.";
	exit();
}

$ip_address = "$REMOTE_ADDR";


//lock out option
//if you want people to be locked out after 3 incorrect logins set this as "1"
//if you don't want to used this option, set this as "0" in config.php
if ($iplockout == "1") {
	$loginquery=mysql_query("SELECT * FROM logins WHERE ip_address = '$ip_address' AND incorrect")
		or die ("ip_address check/logins check query didn't work ".mysql_error());
	$logindata = mysql_fetch_object ($loginquery);

if (mysql_num_rows($loginquery) >= "4") {
	print "You have been locked out.  Too many incorrect logins from ip address: $ip_address";
	exit();
}
}


$password = md5($password);
 // If $username and $password are set, match data against users table
$query=mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'")
	or die ("For some reason the script wasn't able to check the username/password. ".mysql_error());

// If num_rows from users table = 1, set session variables
if (mysql_num_rows($query) == "1") {

session_start();

// Declaring some varibles
$valid_user = $username;
$id = session_id();
$ip_address = "$REMOTE_ADDR";
$data = mysql_fetch_object ($query);
$seclevel = $data->securitylevel; // this declares the security level varibles
$rowid = $data->id;
$datetime = date("n-d-y@h:iA", time() + 3600);

// adds 1 to the users "logincount" in the users table.  that way you see how many times a person has logged in
mysql_query("UPDATE users SET logincount = logincount+1 WHERE (username = '$username')")
	or die("Bad query: ".mysql_error());

/*
the 4 lines below this comment registers variables so you can "call" this variables on other secure pages
example:
	print "You logged in as: $valid_user";
that code will display the users name
*/
session_register("valid_user");
session_register("ip_address");
session_register("id");
session_register("seclevel");


// inserting login information, 1 = correct login
$insert = 	"INSERT INTO logins(datetime, ip_address, username, password, correct, incorrect) ".
			"VALUES('$datetime', '$ip_address', '$username', '$password', '1', '0')" or die("Bad query: ".mysql_error());
$mysql_insert = mysql_query($insert, $mysql_link)
	or die("Please notify the admin that the script is connecting to the database, but not inserting the information ".mysql_error());
//moves you to the logged in page
header("Location: ./index.php?sid=$id");
exit;  // exit; "cancels the script"
}



// if the data given is incorrect/doesn't match...
if (mysql_num_rows($query) == 0) {

// inserting login information, 0 = incorrect login
$insert = 	"INSERT INTO logins(datetime, ip_address, username, password, correct, incorrect) ".
			"VALUES('$datetime', '$ip_address', '$username', '$password', '0', '1')" or die("Bad query: ".mysql_error());
$mysql_insert = mysql_query($insert, $mysql_link)
	or die("Please notify the admin that the script is connecting to the database, but not inserting the information ".mysql_error());
$id = session_id();
// moves back to the login page
header("Location: ../index.php?id=home&login=error&sid=$id");
}

?>

Again, the cookie is set, but no information is displayed in the fields.

drew010

are you testing it on a local computer or a real domain. if the cookies are saved, for some reason your browser isnt sending them back to the site.

sys4dm1n

real domain

sys4dm1n

its wierd...it doesnt display the information at all into the value fields of the text field, but if you just hit the submit button, it logs me in.

drew010

try to view the source of the form and see if the values are there but not showing up for some reason.

sys4dm1n

it says ...value="" for both fields

drew010

what about print_r($_COOKIE);

sys4dm1n

still nothing 🙁

drew010

ok then i guess your browser isnt sending the cookies back to your domain if indeed the cookies are saved locally. im not really sure why ive used all my ideas.

sys4dm1n

well its the same with internet explorer aswell, and my cookies arnt blocked in either :bemused: