Login Cookie

phpnewbi

Hi,

I have a custom made script that has a login in it. There is nothing to 'save' the password, so the user will have to keep entering the details in when they revisit the site.

How can I make it save the username and password through a cookie?

Thanks! 🙂

bradgrafelman

By using [man]setcookie/man. Note that saving the password in plaintext is a very bad idea.

NogDog

In PHP this is usually done using sessions and the $_SESSION super-global array.

bradgrafelman

When he said "revisit the site" I think he means if they close the browser and visit the site later, meaning any sessions would be lost.

NogDog

bradgrafelman wrote:
When he said "revisit the site" I think he means if they close the browser and visit the site later, meaning any sessions would be lost.

You may well be right. I plead that I was eating (chicken salad hoagie) and watching TV ("School of Rock") while browsing (phpbuilder.com). 😉

phpnewbi

Thanks for the replys. 🙂

When I mean revisit the site, I mean when a user leaves the site and comes back they're logged out (without closing the browser, although they are also logged out when they closed the browser. :p).

Can anyone give me an example code on how to save the username and password?

Thanks! 🙂

bradgrafelman

Well... what do you want? A session, which is destroyed when the user closes the browser window, or a cookie, which will be sent to the site repeatedly until it expires?

phpnewbi

bradgrafelman wrote:
Well... what do you want? A session, which is destroyed when the user closes the browser window, or a cookie, which will be sent to the site repeatedly until it expires?

I would like to have a cookie for the login.

Thanks again 🙂

bradgrafelman

Well, then again I'll direct you to the [man]setcookie/man manual page. It's simple, really.

First, set the cookie(s):

setcookie('username', $username, time()+60*60*24*30, '/', '.mydomain.com');
setcookie('password', $password, time()+60*60*24*30, '/', '.mydomain.com');

Then it's a simple matter of using the $_COOKIE superglobal (more info on this man page: [man]variables.predefined[/man]) to retrieve the values, if present:

if(isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
    // verify the login info matches
} else {
    // no cookie found, show login form
}

phpnewbi

Awesome, thanks! 🙂

This is my current login code:

<?php
session_start();

$includes = array('config.php', 'CSQL.php', 'CAd.php', 'CUser.php', 'CCategory.php', 'misc_functions.php');
foreach($includes as $include)
	require_once($include);

kill_mq();

$sql = new CSQL(DB_NAME, DB_USER, DB_PASS, DB_HOST);

$user = new CUser($sql);

if(isset($_GET['logout']))
	unset($_SESSION['username']);

if(isset($_SESSION['username']) && $_SESSION['username'] != '')
	$user->ForceLogin($_SESSION['username']);

if(isset($_POST['login']))
{
	//echo 'TIS SET';

if(!$user->Login($_POST['user'], $_POST['password']))
	echo '<script language="JavaScript">alert("Error: Incorrect username/password.");</script>';
}

?>

Would I need to delete all that and do something like:

setcookie('username', $username, time()+60*60*24*30, '/', '.mydomain.com');
setcookie('password', $password, time()+60*60*24*30, '/', '.mydomain.com'); 

if(isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
    // verify the login info matches
} else {
    // no cookie found, show login form
function OutputLogin()
	{
		if($this->name == '')
		{
			$out = '<form action="'.PHP_SELF.'" method="post"><input type="text" name="user" class="Login-Box" value="Username"><br />&nbsp;<input value="password" type="password" name="password" class="Login-Box">';
			$out .= '  <br />  <input type="image" name="login" class="submit-login" value="Submit" src="images/submit2.gif" align="middle" /><br /><br><a href="register.php">Register for free!</a></form>';
		}
		else
			$out = 'Welcome '.$this->name.'! <a href="'.PHP_SELF.'?logout=true">[Logout]</a>';

	return $out;
}
}

Thanks again! 🙂 🙂

phpnewbi

Does like look right?