Hello,

I recently posted a new thread about a php cookie, something on the lines of that. During the time it was up i fiddled around with my coding and have now got this.

I will show part of the four files below but only the cookie part (if you need more then just ask) -
- login file
-process file
-/user_area file
-log out file

Login file

<?php 
require_once("db/connect.php"); 
include("process.php");

//check if logged in
if (loggedin())
{
	header("Location: user_area/");
	exit();
}

//Field Data 
else if (isset($_POST['Submit'])){ 
    $username 	= (isset($_POST['username'])) ? $_POST['username'] : ''; 
    $password 	= (isset($_POST['password'])) ? $_POST['password'] : ''; 
	$rememberme = $_POST['rememberme']; 
    $submitted  = $_POST['Submit']; 
 
        if ($rowAccount){ 

		if ($rememberme=="on")
			setcookie("id", $rowAccount['username'], time()+7200);
		else if ($rememberme=="")
			$_SESSION['id'] = $rowAccount['username'];
		header("Location: user_area/"); 
        exit; 

   }else{
   		$error['checklogin'] = "Wrong username or password";
   }
}
 }
?>

<div id="login">
<form id="form1" name="form1" method="post" action="index.php">
<div id="field"><label id="login-label">Username</label><br /><input type="text" id="input" name="username" size="34" value="<?php echo (isset($_POST['username'])) ? $_POST['username'] : ''; ?>" /></div>
<div id="field" style="margin-top:20px;"><label id="login-label">Password</label><br /><input type="password" id="input" name="password" size="34" /></div>
<div id="field"><label id="login-label">Remember Me: </label><input type="checkbox" name="rememberme" value="1"></div>
<input type="hidden" id="submitted" name="submitted" />
<input type="submit" id="Submit" name="Submit"  />
</form>
</div>
</div>
</div>
</body>
</html>

Process file

<?php
include("db/connect.php");

session_start();

//Check if user is logged in
function loggedin()
{
	if(isset($_SESSION['id']) || isset($_COOKIE['id']))
	{
	$loggedin = TRUE;
	return $loggedin;
	}
}

?>

User_area file

<?php 
require_once("../db/connect.php");
include("../process.php");

//check if logged in
if (!loggedin())
	{
	header("Location: ../");
	exit();
	}

include("../include/security.php");

And lastly my logout file

<?php

session_start();
session_destroy();

//unset cookie
setcookie("id","",time()-7200);

header("Location: ../");

?>

My problem -

When i login without checking remember me it logs me in fine and then when i close my browser and open it again it logs me out BUT when i do check remember me and login it doesn't take me to the user_area page it just stays on the login page and looks as if it has just refreshed. So my question is could someone help me with my problem, i want it so that if the user check's remember me it then logs in and keeps the user logged in, any help will be appreciated.

    Where is $rowAccount being set ?

    it doesnt seam to exist....

      I only posted part of that code, ill put up the rest of that part of coding -

      <?php 
require_once("db/connect.php"); 
include("process.php");

//check if logged in
if (loggedin())
{
	header("Location: user_area/");
	exit();
}

//Field Data 
else if (isset($_POST['Submit'])){ 
    $username 	= (isset($_POST['username'])) ? $_POST['username'] : ''; 
    $password 	= (isset($_POST['password'])) ? $_POST['password'] : ''; 
	$rememberme = $_POST['rememberme']; 
    $submitted  = $_POST['Submit']; 

 if ( empty($username) ) 
    	{ 
        	$error['username'] = "Please enter your username"; 
    	} if ( empty($password) ) 
    	{ 
        	$error['password'] = "Please enter your password";
    	} 		
 else if ($username && $password){ 
        ////////////////////////////////////////////////// 
        $query        = sprintf("SELECT * FROM users WHERE username='%s' AND password='%s'",$username,md5($password));
        $result       = mysql_query($query); 
        $rowAccount   = mysql_fetch_array($result); 
        ////////////////////////////////////////////////// 

    if ($rowAccount){ 

		if ($rememberme=="on")
			setcookie("id", $rowAccount['username'], time()+7200);
		else if ($rememberme=="")
			$_SESSION['id'] = $rowAccount['username'];
		header("Location: user_area/"); 
        exit; 

   }else{
   		$error['checklogin'] = "Wrong username or password";
   }
}
 }
?>

        Right ive had a break through, i was just writing this as you made your post so i just read your post. I can now login and i believe the cookie is created but when i logout it doesn't actually log me out. It processes through but i dont think the cookie gets destroyed so if keeps redirecting me to the user_area so i cant really logout.

        Give me a sec and ill paste my logout file

          Ok so here's my logout file -

          <?php

session_start();
session_destroy();

//unset cookie
setcookie("username","",time()-7200);
setcookie ("username", "", time() - 7200, "/user_area/", "http://localhost", 1);

header("Location: ../index.php");

?>

            After doing doing

            print_r($SESSION);
            print_r($            COOKIE);

            I put it in the user_area/index.php file and this is what it shows -

            Array ( ) Array ( [username] => hello [id] => hello [PHPSESSID] => 9babjaga5m66mt2vn6qan1gtv3 )

              Any help anyone, my problem, i dont think the cookie gets 'destroyed' when i click logout so the log out button doesn't log me out it keeps me at the same page, i think it process but realises that the cookie is still there so takes me to the user_area/index.php page

                To "unset" a cookie, you have to call [man]setcookie/man with the same parameters as were used when the cookie was created.

                Try defining the path (and possibly the domain if you'd like) in both places so that they are the same.

                Also, note that "http://localhost" is not a valid domain (but "localhost" is).

                  Ok, i have now changed it so the logout file is this -

                  <?php

session_start();
session_destroy();

//unset cookie
setcookie ("username", "", time() - 7200, "localhost", 1);

header("Location: ../index.php");

?>

                  And now in the login file it looks like this -

                  <?php 
require_once("db/connect.php"); 
include("process.php");

//check if logged in
if (loggedin())
{
	header("Location: user_area/");
	exit();
}

//Field Data 
else if (isset($_POST['Submit'])){ 
    $username 	= (isset($_POST['username'])) ? $_POST['username'] : ''; 
    $password 	= (isset($_POST['password'])) ? $_POST['password'] : ''; 
	$rememberme = (isset($_POST['rememberme'])); 
    $submitted  = $_POST['Submit']; 

 if ( empty($username) ) 
    	{ 
        	$error['username'] = "Please enter your username"; 
    	} if ( empty($password) ) 
    	{ 
        	$error['password'] = "Please enter your password";
    	} 		
 else if ($username && $password){ 
        ////////////////////////////////////////////////// 
        $query        = sprintf("SELECT * FROM users WHERE username='%s' AND password='%s'",$username,md5($password));
        $result       = mysql_query($query); 
        $rowAccount   = mysql_fetch_array($result); 
        ////////////////////////////////////////////////// 

    if ($rowAccount){ 

		if ($rememberme=="on")
			setcookie ("username", "", time() + 7200, "localhost", 1);				
		else if ($rememberme=="")
			$_SESSION['username'] = $rowAccount['username'];
		header("Location: user_area/"); 
        exit; 

   }else{
   		$error['checklogin'] = "Wrong username or password";
   }
}
 }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<link rel="stylesheet" href="main.css" type="text/css" />
<link rel="stylesheet" href="style.css" type="text/css" />
</head>

<body>
<div id="wrapper">
<div id="log-content"> 
<?php 
        // If error found 
        if ( isset($error) ) { 
            // Loop errors 
            foreach($error AS $e) { 
                echo "<div id='error'><ul><li>" . $e . "</li></ul></div>"; 
            } 
        } 
?>
<div id="login">
<form id="form1" name="form1" method="post" action="index.php">
<div id="field"><label id="login-label">Username</label><br /><input type="text" id="input" name="username" size="34" value="<?php echo (isset($_POST['username'])) ? $_POST['username'] : ''; ?>" /></div>
<div id="field" style="margin-top:20px;"><label id="login-label">Password</label><br /><input type="password" id="input" name="password" size="34" /></div>
<div id="field"><label id="login-label">Remember Me: </label><input type="checkbox" name="rememberme" value="1"></div>
<input type="hidden" id="submitted" name="submitted" />
<input type="submit" id="Submit" name="Submit"  />
</form>
</div>
</div>
</div>
</body>
</html>

                  I now have one main problem when i login and check the remember me check box it doesn't actually log me in it just sort of or seems like its just refeshing the login page.

                    You now have a path of "localhost" and a domain of (integer) 1, neither of which makes any sense.

                      Sorry was just about to upload the code, so here is my update code -

                      logout -

                      <?php

session_start();
session_destroy();

//unset cookie
setcookie ("username", "", time() - 7200, "/user_area/", "http://localhost/social%20Network/Social%20Network%20new/Login%20System/user_area/", 1);

header("Location: ../index.php");

?>

                      login page -

                      <?php 
require_once("db/connect.php"); 
include("process.php");

//check if logged in
if (loggedin())
{
	header("Location: user_area/");
	exit();
}

//Field Data 
else if (isset($_POST['Submit'])){ 
    $username 	= (isset($_POST['username'])) ? $_POST['username'] : ''; 
    $password 	= (isset($_POST['password'])) ? $_POST['password'] : ''; 
	$rememberme = (isset($_POST['rememberme'])); 
    $submitted  = $_POST['Submit']; 

 if ( empty($username) ) 
    	{ 
        	$error['username'] = "Please enter your username"; 
    	} if ( empty($password) ) 
    	{ 
        	$error['password'] = "Please enter your password";
    	} 		
 else if ($username && $password){ 
        ////////////////////////////////////////////////// 
        $query        = sprintf("SELECT * FROM users WHERE username='%s' AND password='%s'",$username,md5($password));
        $result       = mysql_query($query); 
        $rowAccount   = mysql_fetch_array($result); 
        ////////////////////////////////////////////////// 

    if ($rowAccount){ 

		if ($rememberme=="on")
			setcookie ("username", "", time() + 7200, "/user_area/", "http://localhost/social%20Network/Social%20Network%20new/Login%20System/user_area/", 1);				
		else if ($rememberme=="")
			$_SESSION['username'] = $rowAccount['username'];
		header("Location: user_area/"); 
        exit; 

   }else{
   		$error['checklogin'] = "Wrong username or password";
   }
}
 }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<link rel="stylesheet" href="main.css" type="text/css" />
<link rel="stylesheet" href="style.css" type="text/css" />
</head>

<body>
<div id="wrapper">
<div id="log-content"> 
<?php 
        // If error found 
        if ( isset($error) ) { 
            // Loop errors 
            foreach($error AS $e) { 
                echo "<div id='error'><ul><li>" . $e . "</li></ul></div>"; 
            } 
        } 
?>
<div id="login">
<form id="form1" name="form1" method="post" action="index.php">
<div id="field"><label id="login-label">Username</label><br /><input type="text" id="input" name="username" size="34" value="<?php echo (isset($_POST['username'])) ? $_POST['username'] : ''; ?>" /></div>
<div id="field" style="margin-top:20px;"><label id="login-label">Password</label><br /><input type="password" id="input" name="password" size="34" /></div>
<div id="field"><label id="login-label">Remember Me: </label><input type="checkbox" name="rememberme" value="1"></div>
<input type="hidden" id="submitted" name="submitted" />
<input type="submit" id="Submit" name="Submit"  />
</form>
</div>
</div>
</div>
</body>
</html>

                        Sorry forgot to add to my last post, i still get the same problem as before i updated my code

                          The only problem with that is that you're now setting a cookie which you won't be able to access unless you're already in '/user_area/' (e.g. the login page, which is outside of that directory, will never see the cookie that it just set).

                          Why not set the path to '/' so that the cookie applies to the entire domain?

                            Why have you added a URL in place of a domain again? A URL is not a domain.

                            Also, why are you setting the 'secure' parameter to 1 when it looks like you're using a non-secure connection?

                              Ok problem solved. I now have put it to -

                              setcookie ("username", $rowAccount['username'], time() + 7200, "/", "localhost");

                              It works thanks for your help

                                Write a Reply...