Jump to content

Cookies And Sessions

pritam79

By pritam79
in PHP

Recommended Posts

pritam79 Newbie

pritam79

Posted
Posted

Hi all,I am using the following login script that uses just sessions. Even in the other pages, which a user views after logging in, use sessions. I want to use sessions and cookies together in the login script as well as in all the later pages, which would lessen the server load. I want to include cookies as well, so that the two (cookies+sessions) function together. How can I do so? Please illustrate. Thanks..

<?phpsession_start();if(isset($_SESSION['id_usr'])){  if($_SESSION['level_usr']==1)	 {	 include "header.php";	 echo "<div id='navbar'></div>";	 header('Refresh: 5; URL=user/index.php');	 echo "<div id='content'>";	 echo "<p><br>You are already logged-in as an applicant, and will be re-directed to your home page.</br>";	 echo "If your browser doesnot redirect you automatically, <a href='user/index.php'>click here</a>.</p>";	 include "footer.php";	 exit;	 }  if($_SESSION['level_usr']==2)	 {	 include "header.php";	 echo "<div id='navbar'></div>";	 header('Refresh: 5; URL=company/index.php');	 echo "<div id='content'>";	 echo "<p><br>You are already logged-in as a company, and will be re-directed to your home page.</br>";	 echo "If your browser doesnot redirect you automatically, <a href='company/index.php'>click here</a>.</p>";	 include "footer.php";	 exit;	 }}if($_SERVER['REQUEST_METHOD'] == 'POST')  {   if(strlen($_POST['txtusername']) !='' && strlen($_POST['txtpassword']) !='' && strlen($_POST['txtemail'] !=''))   {    require("db-connect.php");    $db = db_connect();    if($db)	 {	  $username = mysql_real_escape_string($_POST['txtusername'], $db);	  $password = mysql_real_escape_string($_POST['txtpassword'], $db);	  $email = mysql_real_escape_string($_POST['txtemail'], $db);	  $level_usr = mysql_real_escape_string($_POST['level_usr'], $db);	 	 if($level_usr==1) // if user is an applicant	  {	  $query = "SELECT * FROM user_usr WHERE username_usr = '$username' AND password_usr = '$password' AND email_usr = '$email' AND level_usr = '$level_usr'";	  $result = mysql_query($query, $db);	   if($row = mysql_fetch_array($result))			 {			  if($_POST['chkrem'] == "REMEMBER")  // if company logs in for the first time			    {				   setcookie("login[username]", $username, time()+3600);				   setcookie("login[password]", $password, time()+3600);				   setcookie("login[ulevel]", $level_usr, time()+3600);			    }				 $_SESSION['id_usr'] = $row['id_usr'];				 $_SESSION['username'] = $row['username_usr'];				 $_SESSION['level_usr'] = $row['level_usr'];			   header('location:user/index.php');			   exit;			 }	 }    if($level_usr==2) // if user is a company	 {	  $query = "SELECT * FROM user_usr WHERE username_usr = '$username' AND password_usr = '$password' AND email_usr = '$email' AND level_usr = '$level_usr'";	  $result = mysql_query($query, $db);	   if($row = mysql_fetch_array($result))			 {			  if($_POST['chkrem'] == "REMEMBER")  // if company logs in for the first time			    {				   setcookie("login[username]", $username, time()+3600);				   setcookie("login[password]", $password, time()+3600);				   setcookie("login[clevel]", $level_usr, time()+3600);			    }				 $_SESSION['id_usr'] = $row['id_usr'];				 $_SESSION['username'] = $row['username_usr'];				 $_SESSION['level_usr'] = $row['level_usr'];			   header('location:company/index.php');			   exit;			 }	  }  	 }    }}include "header.php";?><body><div id="navbar"><table align="center"><tr>  <td><a href="index.php">Home</a></td>  <td><a href="about_us.php">About Us</a></td>   <td><a href="register_user.php">Register User</a></td>  <td><a href="register_company.php">Register Company</a></td>  <td><a href="login.php">Login</a></td></tr></table></div><div id="content"><br><div id="msg">Fill in your details to login.</div><br><form name="login_form" method="POST" action="login.php"><table align="center"><tr>  <td>Username:</td><td><input type="text" name="txtusername" value="<?php if(isset($_POST['submit']) && (strlen($_POST['txtusername']) > 0 || strlen($_POST['txtusername']) < 7)) echo $_POST['txtusername']; ?>"></td><?php if(isset($_POST['submit']) && (strlen($_POST['txtusername']) < 1 || strlen($_POST['txtusername']) >6)) echo "<div id='usr-err'>Username must be 1 to 6 chars<div>"; ?></tr><tr>  <td>Password:</td><td><input type="password" name="txtpassword"></td><?php if(isset($_POST['submit']) && (strlen($_POST['txtpassword']) < 1 || strlen($_POST['txtpassword']) >6)) echo "<div id='pas-err'>Password must be 1 to 6 chars<div>"; ?></tr><tr>  <td>E-mail:</td><td><input type="text" name="txtemail" value="<?php if(isset($_POST['submit']) && (strlen($_POST['txtemail']) > 0 || strlen($_POST['txtemail']) < 26)) echo $_POST['txtemail']; ?>"></td><?php if(isset($_POST['submit']) && (strlen($_POST['txtemail']) < 10 || strlen($_POST['txtemail']) > 25)) echo "<div id='email-err'>Email must be at least 14 chars<div>"; ?></tr><tr>  <td>You are:</td><td><input name="level_usr" type="radio" checked="checked" value="1">An Applicant <input name="level_usr" type="radio" value="2">A Company</tr>  <tr><td>Remember me</td><td><input name="chkrem" type="checkbox" value="REMEMBER"></td><div id="forgot-pass"><a href="forgot_password.php">forgot password?</a></div></tr><tr>  <td></td><td align="center"><input name="submit" type="submit" value="Login"> <input type="reset"></td></tr></table></form></div><?phpinclude "footer.php";?>

Link to comment
Share on other sites
birbal Devoted Member

birbal

Posted
Posted

Session itself uses cookies by default. everytime you request a page session cookie is beig sent to server. I am not sure what else you are trying to do with session and cookie together.

Link to comment
Share on other sites
pritam79 Newbie

pritam79

Posted
  • Author
Posted

The above script uses sessions to track a user throughout the site. But as I close the browser, the next time the user has to log in again. I want the 'remember me' checkbox to work. That is if a user logs in by checking 'remember me' and then closes the browser, the next time the same user requests the page he need not enter the username and password and is automatically redirected to his home page.

Link to comment
Share on other sites
birbal Devoted Member

birbal

Posted
Posted

for that you can use token to store as remember cookie. cretate seprate 2 column in your db for token and token issue timestamp everytime user will come in your site check that token and timestamp if it matches the database and timestamp is valid let your user loggedin and start session for logged in user as you do with login. storing token is less secure specialy in public pcs. timestamp will constraint the risk partialy but if anyone got the token can access the user a/c untill timentimstamp is valid.

Link to comment
Share on other sites
Don E Invested Member

Don E

Posted
Posted

The way I did it once is I had a input checkbox field like this for the log in form: 

<input type="checkbox" name="rememberme" />Remember Me

When the log in process happens, I had this: 

$rememberme = $_POST['rememberme'];if(isset($rememberme))    {    setcookie('username', $username, time()+7200);    setcookie('user_id', $id, time()+7200);    setcookie('email', $email, time()+7200);

.. what that does is... if the user CHECKED the checkbox to be remembered, the variable $rememberme will be set to true and the if statement executes. If NOT, session are set instead: 

else    {    $_SESSION['user_id'] = $id;    $_SESSION['username'] = $username;    $_SESSION['email'] = $email;

Hopefully that's something you're looking for.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...