Jump to content
Sign in to follow this  
pritam79

Cookies And Sessions

Recommended Posts

Hi all,I am using the following login script that uses just sessions. Even in the other pages, which a user views after logging in, use sessions. I want to use sessions and cookies together in the login script as well as in all the later pages, which would lessen the server load. I want to include cookies as well, so that the two (cookies+sessions) function together. How can I do so? Please illustrate. Thanks..

<?phpsession_start();if(isset($_SESSION['id_usr'])){  if($_SESSION['level_usr']==1)	 {	 include "header.php";	 echo "<div id='navbar'></div>";	 header('Refresh: 5; URL=user/index.php');	 echo "<div id='content'>";	 echo "<p><br>You are already logged-in as an applicant, and will be re-directed to your home page.</br>";	 echo "If your browser doesnot redirect you automatically, <a href='user/index.php'>click here</a>.</p>";	 include "footer.php";	 exit;	 }  if($_SESSION['level_usr']==2)	 {	 include "header.php";	 echo "<div id='navbar'></div>";	 header('Refresh: 5; URL=company/index.php');	 echo "<div id='content'>";	 echo "<p><br>You are already logged-in as a company, and will be re-directed to your home page.</br>";	 echo "If your browser doesnot redirect you automatically, <a href='company/index.php'>click here</a>.</p>";	 include "footer.php";	 exit;	 }}if($_SERVER['REQUEST_METHOD'] == 'POST')  {   if(strlen($_POST['txtusername']) !='' && strlen($_POST['txtpassword']) !='' && strlen($_POST['txtemail'] !=''))   {    require("db-connect.php");    $db = db_connect();    if($db)	 {	  $username = mysql_real_escape_string($_POST['txtusername'], $db);	  $password = mysql_real_escape_string($_POST['txtpassword'], $db);	  $email = mysql_real_escape_string($_POST['txtemail'], $db);	  $level_usr = mysql_real_escape_string($_POST['level_usr'], $db);	 	 if($level_usr==1) // if user is an applicant	  {	  $query = "SELECT * FROM user_usr WHERE username_usr = '$username' AND password_usr = '$password' AND email_usr = '$email' AND level_usr = '$level_usr'";	  $result = mysql_query($query, $db);	   if($row = mysql_fetch_array($result))			 {			  if($_POST['chkrem'] == "REMEMBER")  // if company logs in for the first time			    {				   setcookie("login[username]", $username, time()+3600);				   setcookie("login[password]", $password, time()+3600);				   setcookie("login[ulevel]", $level_usr, time()+3600);			    }				 $_SESSION['id_usr'] = $row['id_usr'];				 $_SESSION['username'] = $row['username_usr'];				 $_SESSION['level_usr'] = $row['level_usr'];			   header('location:user/index.php');			   exit;			 }	 }    if($level_usr==2) // if user is a company	 {	  $query = "SELECT * FROM user_usr WHERE username_usr = '$username' AND password_usr = '$password' AND email_usr = '$email' AND level_usr = '$level_usr'";	  $result = mysql_query($query, $db);	   if($row = mysql_fetch_array($result))			 {			  if($_POST['chkrem'] == "REMEMBER")  // if company logs in for the first time			    {				   setcookie("login[username]", $username, time()+3600);				   setcookie("login[password]", $password, time()+3600);				   setcookie("login[clevel]", $level_usr, time()+3600);			    }				 $_SESSION['id_usr'] = $row['id_usr'];				 $_SESSION['username'] = $row['username_usr'];				 $_SESSION['level_usr'] = $row['level_usr'];			   header('location:company/index.php');			   exit;			 }	  }  	 }    }}include "header.php";?><body><div id="navbar"><table align="center"><tr>  <td><a href="index.php">Home</a></td>  <td><a href="about_us.php">About Us</a></td>   <td><a href="register_user.php">Register User</a></td>  <td><a href="register_company.php">Register Company</a></td>  <td><a href="login.php">Login</a></td></tr></table></div><div id="content"><br><div id="msg">Fill in your details to login.</div><br><form name="login_form" method="POST" action="login.php"><table align="center"><tr>  <td>Username:</td><td><input type="text" name="txtusername" value="<?php if(isset($_POST['submit']) && (strlen($_POST['txtusername']) > 0 || strlen($_POST['txtusername']) < 7)) echo $_POST['txtusername']; ?>"></td><?php if(isset($_POST['submit']) && (strlen($_POST['txtusername']) < 1 || strlen($_POST['txtusername']) >6)) echo "<div id='usr-err'>Username must be 1 to 6 chars<div>"; ?></tr><tr>  <td>Password:</td><td><input type="password" name="txtpassword"></td><?php if(isset($_POST['submit']) && (strlen($_POST['txtpassword']) < 1 || strlen($_POST['txtpassword']) >6)) echo "<div id='pas-err'>Password must be 1 to 6 chars<div>"; ?></tr><tr>  <td>E-mail:</td><td><input type="text" name="txtemail" value="<?php if(isset($_POST['submit']) && (strlen($_POST['txtemail']) > 0 || strlen($_POST['txtemail']) < 26)) echo $_POST['txtemail']; ?>"></td><?php if(isset($_POST['submit']) && (strlen($_POST['txtemail']) < 10 || strlen($_POST['txtemail']) > 25)) echo "<div id='email-err'>Email must be at least 14 chars<div>"; ?></tr><tr>  <td>You are:</td><td><input name="level_usr" type="radio" checked="checked" value="1">An Applicant <input name="level_usr" type="radio" value="2">A Company</tr>  <tr><td>Remember me</td><td><input name="chkrem" type="checkbox" value="REMEMBER"></td><div id="forgot-pass"><a href="forgot_password.php">forgot password?</a></div></tr><tr>  <td></td><td align="center"><input name="submit" type="submit" value="Login"> <input type="reset"></td></tr></table></form></div><?phpinclude "footer.php";?>

Share this post


Link to post
Share on other sites

Session itself uses cookies by default. everytime you request a page session cookie is beig sent to server. I am not sure what else you are trying to do with session and cookie together.

Share this post


Link to post
Share on other sites

The above script uses sessions to track a user throughout the site. But as I close the browser, the next time the user has to log in again. I want the 'remember me' checkbox to work. That is if a user logs in by checking 'remember me' and then closes the browser, the next time the same user requests the page he need not enter the username and password and is automatically redirected to his home page.

Share this post


Link to post
Share on other sites

for that you can use token to store as remember cookie. cretate seprate 2 column in your db for token and token issue timestamp everytime user will come in your site check that token and timestamp if it matches the database and timestamp is valid let your user loggedin and start session for logged in user as you do with login. storing token is less secure specialy in public pcs. timestamp will constraint the risk partialy but if anyone got the token can access the user a/c untill timentimstamp is valid.

Share this post


Link to post
Share on other sites

The way I did it once is I had a input checkbox field like this for the log in form:

<input type="checkbox" name="rememberme" />Remember Me

When the log in process happens, I had this:

$rememberme = $_POST['rememberme'];if(isset($rememberme))    {    setcookie('username', $username, time()+7200);    setcookie('user_id', $id, time()+7200);    setcookie('email', $email, time()+7200);

.. what that does is... if the user CHECKED the checkbox to be remembered, the variable $rememberme will be set to true and the if statement executes. If NOT, session are set instead:

else    {    $_SESSION['user_id'] = $id;    $_SESSION['username'] = $username;    $_SESSION['email'] = $email;

Hopefully that's something you're looking for.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...