Php adding remember me function
Posted: Thu Jun 20, 2013 6:27 pm
hey guys i hope you can help me i trying to add the remember me function to my login script but it do not really work.
It creates the cookies for username and passsword and if i click logout it destroys the cookies succesfully.
Now come my error if i close the broswer and reopen the page i´m not logged in.
here are parts of code. i removed some validation and replaced sha1 with md5 (I know not good security )
user.php where all function are stored
[syntax=php]
function valid_credentials($username, $password) {
$username = $username;
$password = $password;
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
return(mysql_result($total, 0) == '1') ? true : false;
}
[/syntax]
init.php
[syntax=php]
<?php
session_start();
error_reporting(E_ALL);
//error_reporting(0);
require 'database/connect.php';
require 'functions/users.php';
require 'functions/general.php';
if(isset($_COOKIE['username'], $_COOKIE['password']) && isset($_SESSION['username']) === false) {
if(valid_credentials($_COOKIE['username'], $_COOKIE['password'])) {
$_SESSION['username'] = $_COOKIE['username'];
setcookie('username', $_COOKIE['username'], time() + 604800);
setcookie('password', md5($_COOKIE['password']), time() + 604800);
}
}
$website = "localhost";
$firmenname = "firma";
$current_file = explode('/',$_SERVER['SCRIPT_NAME']);
$current_file = end($current_file);
if (logged_in() === true) {
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($_SESSION['user_id'], 'user_id', 'username', 'password', 'first_name', 'last_name', 'email', 'password_recover', 'type', 'allow_email', 'profile', 'last_login', 'register_date');
if (user_active($user_data['username']) === false) {
session_destroy();
header('Location: index.php');
exit();
}
if ($current_file !== 'changepassword.php' && $current_file !== 'logout.php' && $user_data['password_recover'] == 1) {
header('Location: changepassword.php?force');
exit();
}
}
$errors = array();
?>
[/syntax]
login.php
[syntax=php]
<?php
include 'core/init.php';
logged_in_redirect();
if(empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'Sie müssen ein Benutzername und ein Passwort eingeben';
} else if (user_exists($username) === false) {
$errors[] = 'Wir können den Benutzer nicht finden. Haben Sie sich registriert?';
} else if (user_active($username) === false) {
$errors[] = 'Sie haben ihr account noch nicht aktiviert!';
} else {
if (strlen($password) > 32) {
$errors[] = 'Passwort ist zu lang!';
}
$login = login($username, $password);
if ($login === false) {
$errors[] = 'Keine Übereinstimmung der eingebenen "E-Mail-Adresse" und/oder dem "Passwort".';
} else {
if(isset($_POST['set_cookie']) && $_POST['set_cookie'] == '1') {
setcookie('username', $_POST['username'], time() + 604800);
setcookie('password', md5($_POST['password']), time() + 604800);
}
$_SESSION['user_id'] = $login;
header('Location: index.php');
exit();
}
}
} else {
$errors[] = 'Keine Daten erhalten';
}
include 'includes/overall/header.php';
if (empty($errors) === false) {
?>
<h2>Wir versuchten Sie anzumelden aber, ...</h2>
<?php
echo output_errors($errors);
}
[/syntax]
logout.php
[syntax=php]
<?php
session_start();
include 'core/init.php';
session_destroy();
if(isset($_COOKIE['username'], $_COOKIE['password'])) {
setcookie('username', '', time());
setcookie('password', '', time());
}
header('Location: index.php');
?>
[/syntax]
It creates the cookies for username and passsword and if i click logout it destroys the cookies succesfully.
Now come my error if i close the broswer and reopen the page i´m not logged in.
here are parts of code. i removed some validation and replaced sha1 with md5 (I know not good security )
user.php where all function are stored
[syntax=php]
function valid_credentials($username, $password) {
$username = $username;
$password = $password;
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
return(mysql_result($total, 0) == '1') ? true : false;
}
[/syntax]
init.php
[syntax=php]
<?php
session_start();
error_reporting(E_ALL);
//error_reporting(0);
require 'database/connect.php';
require 'functions/users.php';
require 'functions/general.php';
if(isset($_COOKIE['username'], $_COOKIE['password']) && isset($_SESSION['username']) === false) {
if(valid_credentials($_COOKIE['username'], $_COOKIE['password'])) {
$_SESSION['username'] = $_COOKIE['username'];
setcookie('username', $_COOKIE['username'], time() + 604800);
setcookie('password', md5($_COOKIE['password']), time() + 604800);
}
}
$website = "localhost";
$firmenname = "firma";
$current_file = explode('/',$_SERVER['SCRIPT_NAME']);
$current_file = end($current_file);
if (logged_in() === true) {
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($_SESSION['user_id'], 'user_id', 'username', 'password', 'first_name', 'last_name', 'email', 'password_recover', 'type', 'allow_email', 'profile', 'last_login', 'register_date');
if (user_active($user_data['username']) === false) {
session_destroy();
header('Location: index.php');
exit();
}
if ($current_file !== 'changepassword.php' && $current_file !== 'logout.php' && $user_data['password_recover'] == 1) {
header('Location: changepassword.php?force');
exit();
}
}
$errors = array();
?>
[/syntax]
login.php
[syntax=php]
<?php
include 'core/init.php';
logged_in_redirect();
if(empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'Sie müssen ein Benutzername und ein Passwort eingeben';
} else if (user_exists($username) === false) {
$errors[] = 'Wir können den Benutzer nicht finden. Haben Sie sich registriert?';
} else if (user_active($username) === false) {
$errors[] = 'Sie haben ihr account noch nicht aktiviert!';
} else {
if (strlen($password) > 32) {
$errors[] = 'Passwort ist zu lang!';
}
$login = login($username, $password);
if ($login === false) {
$errors[] = 'Keine Übereinstimmung der eingebenen "E-Mail-Adresse" und/oder dem "Passwort".';
} else {
if(isset($_POST['set_cookie']) && $_POST['set_cookie'] == '1') {
setcookie('username', $_POST['username'], time() + 604800);
setcookie('password', md5($_POST['password']), time() + 604800);
}
$_SESSION['user_id'] = $login;
header('Location: index.php');
exit();
}
}
} else {
$errors[] = 'Keine Daten erhalten';
}
include 'includes/overall/header.php';
if (empty($errors) === false) {
?>
<h2>Wir versuchten Sie anzumelden aber, ...</h2>
<?php
echo output_errors($errors);
}
[/syntax]
logout.php
[syntax=php]
<?php
session_start();
include 'core/init.php';
session_destroy();
if(isset($_COOKIE['username'], $_COOKIE['password'])) {
setcookie('username', '', time());
setcookie('password', '', time());
}
header('Location: index.php');
?>
[/syntax]