pritam79 Posted November 12, 2011 Share Posted November 12, 2011 Hi all,I am using the following login script that uses just sessions. Even in the other pages, which a user views after logging in, use sessions. I want to use sessions and cookies together in the login script as well as in all the later pages, which would lessen the server load. I want to include cookies as well, so that the two (cookies+sessions) function together. How can I do so? Please illustrate. Thanks.. <?phpsession_start();if(isset($_SESSION['id_usr'])){ if($_SESSION['level_usr']==1) { include "header.php"; echo "<div id='navbar'></div>"; header('Refresh: 5; URL=user/index.php'); echo "<div id='content'>"; echo "<p><br>You are already logged-in as an applicant, and will be re-directed to your home page.</br>"; echo "If your browser doesnot redirect you automatically, <a href='user/index.php'>click here</a>.</p>"; include "footer.php"; exit; } if($_SESSION['level_usr']==2) { include "header.php"; echo "<div id='navbar'></div>"; header('Refresh: 5; URL=company/index.php'); echo "<div id='content'>"; echo "<p><br>You are already logged-in as a company, and will be re-directed to your home page.</br>"; echo "If your browser doesnot redirect you automatically, <a href='company/index.php'>click here</a>.</p>"; include "footer.php"; exit; }}if($_SERVER['REQUEST_METHOD'] == 'POST') { if(strlen($_POST['txtusername']) !='' && strlen($_POST['txtpassword']) !='' && strlen($_POST['txtemail'] !='')) { require("db-connect.php"); $db = db_connect(); if($db) { $username = mysql_real_escape_string($_POST['txtusername'], $db); $password = mysql_real_escape_string($_POST['txtpassword'], $db); $email = mysql_real_escape_string($_POST['txtemail'], $db); $level_usr = mysql_real_escape_string($_POST['level_usr'], $db); if($level_usr==1) // if user is an applicant { $query = "SELECT * FROM user_usr WHERE username_usr = '$username' AND password_usr = '$password' AND email_usr = '$email' AND level_usr = '$level_usr'"; $result = mysql_query($query, $db); if($row = mysql_fetch_array($result)) { if($_POST['chkrem'] == "REMEMBER") // if company logs in for the first time { setcookie("login[username]", $username, time()+3600); setcookie("login[password]", $password, time()+3600); setcookie("login[ulevel]", $level_usr, time()+3600); } $_SESSION['id_usr'] = $row['id_usr']; $_SESSION['username'] = $row['username_usr']; $_SESSION['level_usr'] = $row['level_usr']; header('location:user/index.php'); exit; } } if($level_usr==2) // if user is a company { $query = "SELECT * FROM user_usr WHERE username_usr = '$username' AND password_usr = '$password' AND email_usr = '$email' AND level_usr = '$level_usr'"; $result = mysql_query($query, $db); if($row = mysql_fetch_array($result)) { if($_POST['chkrem'] == "REMEMBER") // if company logs in for the first time { setcookie("login[username]", $username, time()+3600); setcookie("login[password]", $password, time()+3600); setcookie("login[clevel]", $level_usr, time()+3600); } $_SESSION['id_usr'] = $row['id_usr']; $_SESSION['username'] = $row['username_usr']; $_SESSION['level_usr'] = $row['level_usr']; header('location:company/index.php'); exit; } } } }}include "header.php";?><body><div id="navbar"><table align="center"><tr> <td><a href="index.php">Home</a></td> <td><a href="about_us.php">About Us</a></td> <td><a href="register_user.php">Register User</a></td> <td><a href="register_company.php">Register Company</a></td> <td><a href="login.php">Login</a></td></tr></table></div><div id="content"><br><div id="msg">Fill in your details to login.</div><br><form name="login_form" method="POST" action="login.php"><table align="center"><tr> <td>Username:</td><td><input type="text" name="txtusername" value="<?php if(isset($_POST['submit']) && (strlen($_POST['txtusername']) > 0 || strlen($_POST['txtusername']) < 7)) echo $_POST['txtusername']; ?>"></td><?php if(isset($_POST['submit']) && (strlen($_POST['txtusername']) < 1 || strlen($_POST['txtusername']) >6)) echo "<div id='usr-err'>Username must be 1 to 6 chars<div>"; ?></tr><tr> <td>Password:</td><td><input type="password" name="txtpassword"></td><?php if(isset($_POST['submit']) && (strlen($_POST['txtpassword']) < 1 || strlen($_POST['txtpassword']) >6)) echo "<div id='pas-err'>Password must be 1 to 6 chars<div>"; ?></tr><tr> <td>E-mail:</td><td><input type="text" name="txtemail" value="<?php if(isset($_POST['submit']) && (strlen($_POST['txtemail']) > 0 || strlen($_POST['txtemail']) < 26)) echo $_POST['txtemail']; ?>"></td><?php if(isset($_POST['submit']) && (strlen($_POST['txtemail']) < 10 || strlen($_POST['txtemail']) > 25)) echo "<div id='email-err'>Email must be at least 14 chars<div>"; ?></tr><tr> <td>You are:</td><td><input name="level_usr" type="radio" checked="checked" value="1">An Applicant <input name="level_usr" type="radio" value="2">A Company</tr> <tr><td>Remember me</td><td><input name="chkrem" type="checkbox" value="REMEMBER"></td><div id="forgot-pass"><a href="forgot_password.php">forgot password?</a></div></tr><tr> <td></td><td align="center"><input name="submit" type="submit" value="Login"> <input type="reset"></td></tr></table></form></div><?phpinclude "footer.php";?> Link to comment Share on other sites More sharing options...
birbal Posted November 12, 2011 Share Posted November 12, 2011 Session itself uses cookies by default. everytime you request a page session cookie is beig sent to server. I am not sure what else you are trying to do with session and cookie together. Link to comment Share on other sites More sharing options...
pritam79 Posted November 12, 2011 Author Share Posted November 12, 2011 The above script uses sessions to track a user throughout the site. But as I close the browser, the next time the user has to log in again. I want the 'remember me' checkbox to work. That is if a user logs in by checking 'remember me' and then closes the browser, the next time the same user requests the page he need not enter the username and password and is automatically redirected to his home page. Link to comment Share on other sites More sharing options...
birbal Posted November 12, 2011 Share Posted November 12, 2011 for that you can use token to store as remember cookie. cretate seprate 2 column in your db for token and token issue timestamp everytime user will come in your site check that token and timestamp if it matches the database and timestamp is valid let your user loggedin and start session for logged in user as you do with login. storing token is less secure specialy in public pcs. timestamp will constraint the risk partialy but if anyone got the token can access the user a/c untill timentimstamp is valid. Link to comment Share on other sites More sharing options...
Don E Posted November 14, 2011 Share Posted November 14, 2011 The way I did it once is I had a input checkbox field like this for the log in form: <input type="checkbox" name="rememberme" />Remember Me When the log in process happens, I had this: $rememberme = $_POST['rememberme'];if(isset($rememberme)) { setcookie('username', $username, time()+7200); setcookie('user_id', $id, time()+7200); setcookie('email', $email, time()+7200); .. what that does is... if the user CHECKED the checkbox to be remembered, the variable $rememberme will be set to true and the if statement executes. If NOT, session are set instead: else { $_SESSION['user_id'] = $id; $_SESSION['username'] = $username; $_SESSION['email'] = $email; Hopefully that's something you're looking for. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.