...

View Full Version : Auto logged in?



Kev0121
03-26-2009, 03:24 PM
got a problem, when i login into my site and then close the website, i view the profile and it says still logged in, but when i go back onto the site it tells me to login again, is there a way so that when i go back to the website im still logged in until i logout?

thanks

Kevin

abduraooft
03-26-2009, 03:40 PM
is there a way so that when i go back to the website im still logged in until i logout? login is purely a conceptual thing and we can't help until you provide the details of your login-system or some relevant code.

Kev0121
03-26-2009, 03:50 PM
Okay sorry, here is my login script.

Login :


$db = mysql_connect($dbHost,$dbUser,$dbPass); // Connection Code
mysql_select_db($dbname,$db); // Connects to database

if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];

$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$que = mysql_query($sql);

if(mysql_num_rows($que) == 1)
{
$sql2 = "SELECT * FROM `users` WHERE `id` = '$username' ";
$qry = mysql_query($sql2) or die(mysql_error());
$post = mysql_fetch_array($qry);


$get_id = "SELECT `id` FROM `users` WHERE `username` = '$username' ";
$info = mysql_query($get_id) or die(mysql_error());
$row = mysql_fetch_array($info);

$sql1 = "UPDATE `users` SET active='1' WHERE ID ='$row[id]' ";
$ins = mysql_query($sql1) or die(mysql_error());

$_SESSION['username'] = $_POST['username'];
header("Location: profile.php?id=$row[id]");
}else
{
echo "<font color=\"red\"> Error Wrong Login Details </font>";
echo "<a href=\"login.php\">Login Page</a>";
}
}
?>

ohgod
03-26-2009, 05:08 PM
you'll either need $_SESSION or $_COOKIE handling i would think.

masterofollies
03-26-2009, 05:46 PM
Use SESSION, it is 10X better then COOKIES and have higher security.

ohgod
03-26-2009, 05:52 PM
but less persistant, right?

rafiki
03-26-2009, 06:10 PM
Use $_COOKIE if you want to be logged back in after closing your browser, if not use $_SESSION, read up on the php.net website.

ShaneC
03-26-2009, 06:52 PM
Also, I HIGHLY recommend you add some data checking on your username and password fields. As it appears in this script (assuming no magic quote escapes) a user would be able to maliciously override the password requirement of your field and gain access to your administration.

Try $username = addslashes( html_entities( $_POST['username'] ) ); on the username and password at the very least!

kokjj87
03-26-2009, 07:05 PM
Read this up, it is very useful:
http://jaspan.com/improved_persistent_login_cookie_best_practice

Kev0121
03-26-2009, 07:51 PM
Okay, thanks for the security information, so i should use cookies for auto remembers?

Kevin

kokjj87
03-26-2009, 07:52 PM
you can use cookies for auto remembers, but not to store their password.

Kev0121
03-26-2009, 07:55 PM
Okay, can u give me show me how please? im no good with cookies xD

Kevin

kokjj87
03-26-2009, 08:01 PM
you got to read up the implementation first(the link on top)...

With this you can auto login the user at any page, just like how you are remembered by this forum.. :D

Kev0121
03-26-2009, 08:08 PM
I read it, but doesnt tell me how to do cookies xD

i have done

setcookie("user", "username", time()+3600);

would this work?

kokjj87
03-26-2009, 08:25 PM
yes that would set a cookie call user, with the value of username and expire in a hour..

http://php.net/setcookie


get a firefox and use this plugin:
https://addons.mozilla.org/en-US/firefox/addon/60

You can see your cookie with this, it is a must for web developer.

Kev0121
03-26-2009, 08:47 PM
Thanks alot kokjj87 that helped alot understand it now :)

Kevin



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum