Go Back   Computer Forums > General Computing > Server Administration
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 02-10-2009, 08:51 PM   #1
Solid State Member
 
jasonyo's Avatar
 
Join Date: Feb 2009
Posts: 6
Exclamation Php flat file login cookie

I really need some help with my game website, www.freedomodds.com/jasonyo, and its login. I just need an easy code to add to my already complicated flat file login code, so that it doesnt log out the user everytime they exit the browser. thanks =]

Edit-Im glad to see so many people posting on this question...
__________________

jasonyo is offline   Reply With Quote
Old 02-19-2009, 07:25 AM   #2
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,006
Default Re: Php flat file login cookie

you can set a cookie.

I assume that at the moment you're setting a session cookie, I'll see if I can dg out some code for this, though it's been a while wince I wrote any logon scripts.
__________________

__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 03-03-2009, 08:02 PM   #3
In Runtime
 
Join Date: Mar 2009
Posts: 171
Send a message via AIM to burn420 Send a message via Yahoo to burn420
Default Re: Php flat file login cookie

Well it has been a few days... as the dude above me said... Sessions... I wrote a php script for 3 different login environments, in only 225 lines... It's pretty easy to do a login script... But if your gonna use straight cookies... its not hard to do that either... Honestly I don't use the cookies for anything other then the session id... put the rest on your server not the client side... More secure that way...
burn420 is offline   Reply With Quote
Old 03-04-2009, 09:20 AM   #4
In Runtime
 
Daeva's Avatar
 
Join Date: Dec 2005
Posts: 407
Send a message via AIM to Daeva Send a message via MSN to Daeva Send a message via Yahoo to Daeva
Default Re: Php flat file login cookie

When the user log's in, you should create a session variable (it's very inefficient and insecure as others mentioned to save a lot of session information in a cookie). Of course, sessions will expire if they close the browser window, so what you could do is something like this:
PHP Code:
<?php
   
//include files
   
session_start();
   if(isset(
$_SESSION['userName'])) {
       
// We're good to go, do nothing
   
} else {
     if(isset(
$_COOKIE['UN']) { // if we find the cookie on their machine
       
if (md5($yourUserNameVarialbe) == $_COOKIE['UN']) { // compare the md5 of the current entered username and the md5 of the cookie
         
$_SESSION['userName'] = $yourUserNameVariable;
       } else {
         
$_SESSION['userName'] = "yourUserNameVariable";
         
// set a cookie with encrypted data that expires in 1 day
         
setcookie("UN"md5($_SESSION['userName'], time()+86400);
       } 
// end if/else
     
// end if/else
   
// end if/else
?>
This isn't a complete code listing, but I just wrote it so you get the idea of the logic involved. You can add any bells and whistles to it that you want.

Just as a side note, one little GOTCHA is to make sure that you print nothing to the screen before you call setcookie, otherwise it will fail (because the response has already been sent by the server, which is the time when cookies are sent).

I know the code isn't perfect, but my goal wasn't to write a whole session and cookie management script. There are other factors to consider, such as:
1.) When you md5, there is no "reverse" md5. You can only go to md5 and compare, not from and compare. You might want to consider storing the username in plain text and use the unique php session id all within the cookie.
2.) What is a safe amount of time to save the cookie?
3.) Would it be a better idea to manage saved sessions via IP Address of the client's computer and save that in a database.

Just some things to consider, hope this helps.
__________________
**Official Self-proclaimed glorified excessive (insert additional adjectives here) post editor/modifier.
Edit = Best feature ever
http://www.twitter.com/xDaevax
Daeva is offline   Reply With Quote
Old 03-05-2009, 12:16 AM   #5
Fully Optimized
 
vampist's Avatar
 
Join Date: Oct 2008
Location: USA
Posts: 2,404
Default Re: Php flat file login cookie

I would advise reading up on php sessions and not using that code above.
Don't use cookies let php use the cookies. Only set the session variables.

the only cookie you should set yourself is the users username so next time they log in they won't have to type it again.

Not to say that the code above isn't OK I would just advise looking it over.
vampist is offline   Reply With Quote
Old 03-07-2009, 12:02 PM   #6
In Runtime
 
Join Date: Mar 2009
Posts: 171
Send a message via AIM to burn420 Send a message via Yahoo to burn420
Default Re: Php flat file login cookie

I would agree with Vampist... Also I would recommend using sha1 for your password encryption... something easy would be :
Quote:
if (!isset($_SESSION['UserName'])) {
if (isset($_POST['Signon'])) {
$UserName = $_POST['UserName'];
$Pass = sha1($_POST['Pass']);
//Check to make sure it is correct
if (Login == false) {
echo "Wrong UserName";
LoginBox();
}
else {
LoggedInBox();
}
}
else {
LoginBox();
}
}
else {
LoggedInBox();
}
Quick psedo code that would almost work lol...
__________________
http://tetralogica.com
burn420 is offline   Reply With Quote
Old 03-09-2009, 10:05 AM   #7
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 8,006
Default Re: Php flat file login cookie

Quote:
Originally Posted by Daeva View Post
Just as a side note, one little GOTCHA is to make sure that you print nothing to the screen before you call setcookie, otherwise it will fail (because the response has already been sent by the server, which is the time when cookies are sent).
I think that you can get around this either by setting output buffering to on using the php.ini file or by called in the ob_start() function at the start of the file.

I don't currently have an environment setup to test this, so you'll have to readup on it yourself.
__________________

__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 01:08 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0