473,884 Members | 2,430 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Remember me PHP script

24 New Member
Hi guys,

I have created a login system where user can enter their username and password which when validated will take user to new page with his or her name displayed on the screen, now I want to create a "Remember me" feature in my login screen so that when user select remember me it will remember user name everytime he or she opens the browser and remained logged in until they click on logout. I know it can be accomplished by using Session and Cookies but I have no idea how and where should I use them in my code. Here is my code for your reference:

Login.php

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3.  
  4.     if (isset($_POST['submit'])){
  5.       include 'form-validation.php';
  6.     include 'connect.php';
  7.  
  8.     $Name=addslashes($_POST['Name']);
  9.     $Username=addslashes($_POST['Username']);
  10.     $Password=md5($_POST['Password']);
  11.  
  12.     $result = form_validation_validate($_POST, "
  13.       Username Password : empty;
  14.       Username Password : len >= 3;
  15.       Username Password : chnum_; ");
  16. ?>
  17.  
  18.   <tr>
  19.   <td colspan="2">
  20.  
  21.   <?php
  22.  
  23.     if ($result === true){
  24.       $query = mysql_query("SELECT id FROM `login_tbl` WHERE `Username` = '$Username' AND `Password` = '$Password'"); 
  25.        list($user_id) = mysql_fetch_row($query); 
  26.  
  27.     if(empty($user_id)){
  28.     echo '<span style="color: #A71930"> No such login in the system. Please try again</span>'; 
  29.     }
  30.  
  31.     else{
  32.     $_SESSION['user_id'] = $user_id;
  33.     header('location: loginsucess.php');
  34.     $_POST = Array();
  35.     }
  36.   }
  37.   else echo '<span style="color: #A71930">' . $result . '</span>';
  38.   }
  39.   ?>
  40.   </td></tr>
  41.     <tr>
  42.       <td style="padding-bottom: 10px;" colspan="2" class="heading1"><b>Login Required</b></td>
  43.     </tr>
  44.     <tr>
  45.       <td height="30">Username:</td>
  46.       <td><input type="text" name="Username" style="width:15em;" value="<?php echo $_POST['Username']; ?>">
  47.       </td>
  48.     </tr>
  49.     <tr>
  50.       <td height="30">Password:</td>
  51.       <td><input type="password" name="Password" style="width:15em;" value="<?php echo $_POST['Password'];?>">
  52.       </td>
  53.     </tr>
  54.     <tr><td>&nbsp;</td>
  55.     <td><input name="submit" type="submit" value="Log-in" class="submit">
  56.     <input type="checkbox" name="remember" /><span style="color:#006f99;">Remember me</span><br /><br />
  57.       <a href="register.php">Register</a>  | <a href="resetpassword.php">Forgot your password?</a></td>
  58.     </tr></table></form>
  59.  
Loginsucess.php

Expand|Select|Wrap|Line Numbers
  1.  
  2. <?php
  3.     session_start(); 
  4.  
  5.     include_once 'connect.php';
  6.  
  7.     if(isset($_SESSION['user_id'])) {
  8.  
  9.     $query = mysql_query("SELECT Name FROM login_tbl
  10.                    WHERE ID = " . $_SESSION['user_id'] . " LIMIT 1")
  11.                    or die(mysql_error());
  12.  
  13.     list($Name) = mysql_fetch_row($query);
  14.  
  15.     echo '<span class="username">Hello, '. $Name  . '! <a href="logout.php" style="color:#FFFFFF">( Logout )</a></span>';
  16.  
  17. } else {
  18.  
  19.     echo 'Please login before opening the user panel.';
  20. }
  21. ?>
  22.  
Please help me with this...I found couple of scripts on net but to use them I have to make lot of changes to my script and I would prefer if someone can please update my existing script.Thanks guys and also letting you know that I am using PHP Version 5.2.3.
Sep 4 '08 #1
13 6112
Dhiru1009
24 New Member
Hi Guys,

Please help me. I am stuck with this problem.

Waiting for you guys to help me out.

Thanks
Sep 5 '08 #2
bnashenas1984
258 Contributor
Hi
Here is what you have to do.
When a user logs in you put a session on the server which shows that the user is loged in. At the same time you can check if the user wants you to remember him/her then encrypt the username and password by MD5 function and put them on a cookie with a long lifetime.
What you need to do to remember the user is to check on each page if the cookie containing username and password exists or not then you don't have to ask for them again.

the reason i'm saying that you have to use MD5 function is because people can view information inside cookies, so it wont be secure to put them in a cookie without encryption

Hope this helps

Good luck
Sep 5 '08 #3
Atli
5,058 Recognized Expert Expert
Hi.

Yes, that is the general idea. Put a unique identifier into a cookie, which you can use to re-open a session without having to ask for the login info again.

What I usually do is create a hash out of several pieces of data, like say the user's name, password and the IP he is connecting from, and put that into a cookie, along with the user ID.
Then, when he comes back, you can re-create that hash and compare the new one with the one in the cookie. If they match, you can log him in again without asking for the login info.
Note that using the IP also protects (up to a point) against cookie hijacking.

I would advise using a hashing algorithm stronger than MD5 tho. It's old and relatively easy to hack. Using something like SHA1 or even one of the stronger variants of SHA is far more secure.
(Check out SHA1 and hash)
Sep 5 '08 #4
bnashenas1984
258 Contributor
Hi atli and thanks for sharing your ideas.I thought MD5 is the strongest encryption method because it's a one way encrymping function.

But anyway I just wanted to mention that putting passwords in database without encrypting it is NOT safe. I know it's not possible for users to reach information in our database but the reason is that there are some hacking ways to log in with a fake password. I think it's called for (Database Injection).

Here is one good example I could come up with.

Lets say you check your MYSQL database like this.

Expand|Select|Wrap|Line Numbers
  1. SELECT * FROM users WHERE username='$username' AND password='$password'
  2.  
Think what happens if the user put's something like this in the password text box:
' OR password='%

then the query will be like this :
Expand|Select|Wrap|Line Numbers
  1. SELECT * FROM users WHERE username='$username' AND password='$password' OR password='%'
  2.  
Sorry if this example does not work properly but this is how hackers use database injection.

BUT if we encrypt passwords before putting it in the database then there will be no way to use a fake password because the variable will also be encrypted before putting in the query.

One other thing I wanted to ask you. You said it's possible to hack a MD5 encryption. Do you know how? I'm really interested because I thought it's a one way function


Thanks again

Behzad
Sep 5 '08 #5
Atli
5,058 Recognized Expert Expert
MD5 is technically not an encryption algorithm. It is a hashing algorithm.
The difference is that encryption usually allows for decryption, while hashing is non-reversible.

SHA1 (and the other SHA variants), as well as several other hashing algorithms, were developed *after* MD5 using more refined methods and longer output strings. (MD5 is 128bits, SHA1 is 160bits... Other variants are even longer.)
But they are all non-reversible, just like MD5.

There is no way to "decrypt" a hash, but using a brute-force attack you can attempt to *guess* the string used. I am not saying this is easy or quick, but relative to SHA1, MD5 is far more likely to be broken by this sort of an attack.

There is also the fact that because of how popular and widely used MD5 is, there exist huge databases that store MD5 hashes for millions of much used and randomly generated strings that can be consulted to find the input for a given hash. So breaking the hash may not even be needed.

As to the SQL Injection problem.
Hashing passwords does help up to an extent, but that doesn't necessarily mean your queries are safe from it.

You should ALWAYS sanitize user input before using it. By that I mean; running it through functions like: mysql_real_esca pe_string, htmlentities, addslashes, etc..

And always created hashes in PHP, rather than using database functions.
Databases log queries as plain text so sensitive data may be logged without your knowledge.
Sep 5 '08 #6
Dhiru1009
24 New Member
Hi bnashenas

Thanks for your reply but I am still stuck at same place. As I mentioned I know I have to use sessions and cookies but where exactly on my code. I would really appreciate if you could please update my code with sessions and cookies.

Thanks

Hi
Here is what you have to do.
When a user logs in you put a session on the server which shows that the user is loged in. At the same time you can check if the user wants you to remember him/her then encrypt the username and password by MD5 function and put them on a cookie with a long lifetime.
What you need to do to remember the user is to check on each page if the cookie containing username and password exists or not then you don't have to ask for them again.

the reason i'm saying that you have to use MD5 function is because people can view information inside cookies, so it wont be secure to put them in a cookie without encryption

Hope this helps

Good luck
Sep 7 '08 #7
Dhiru1009
24 New Member
Hi Atli,

I am still confused and it would be great if you could please update my code itself. I mean atleast modify my code so that I know where to use sessions and cookies in my script.

Thanks for all your effort.

Hi.

Yes, that is the general idea. Put a unique identifier into a cookie, which you can use to re-open a session without having to ask for the login info again.

What I usually do is create a hash out of several pieces of data, like say the user's name, password and the IP he is connecting from, and put that into a cookie, along with the user ID.
Then, when he comes back, you can re-create that hash and compare the new one with the one in the cookie. If they match, you can log him in again without asking for the login info.
Note that using the IP also protects (up to a point) against cookie hijacking.

I would advise using a hashing algorithm stronger than MD5 tho. It's old and relatively easy to hack. Using something like SHA1 or even one of the stronger variants of SHA is far more secure.
(Check out SHA1 and hash)
Sep 7 '08 #8
Dhiru1009
24 New Member
Hi guys

I spent whole day today to add remember me option to my script but with no luck. All PHP gurus out there please help me out by modifying my script.

Thanks
Sep 8 '08 #9
bnashenas1984
258 Contributor
Hi friend.
Sorry if I didn't have time to edit your script but I might be able to explain how to do what youre looking for.

Let me know if you can do it by using my instruction

Thanks
Sep 8 '08 #10

Sign in to post your reply or Sign up for a free account.

Similar topics

15
7679
by: Joshua Beall | last post by:
Hi All, What is the best way to use a cookie to remember a logged in user? Would you store the username and password in two separate cookies? Should the password be plain text? Hashed? Not there at all? Any feedback would be helpful. Thanks! -Josh
16
1631
by: Konrad Viltersten | last post by:
Suppose you got a really long page and you'd like to enable the user (supposedly, there's only one but if it's not to difficult we could extend that to any number) not to have to scroll to the last position in the document he/she was viewing but simply auto-jump him/her to it. Is that doable at all using JS? I guess it would be somewhere in the vicinity of: - remember every scroll - save the line number to the users HDD
1
9874
by: Daniel | last post by:
hi, I had an asp:listbox, and everytime i click item inside, the bar automatically go to the top, is there any way to keep the scroll position? I turn on the smartNavigation, it still doesn't work. Thanks ahead.
2
4068
by: Shakun | last post by:
Hi All, This is my 1st posting to this group. Can any1 help me with the "Remember Me" which is there in a login form. Im pasting the code below. Im not able to set a cookie.. Thanks, Shakun Vohra
2
1071
by: Andrea | last post by:
Sime times ago I was reading about web controls that automatically remove html control passed when a form is postback ... but I don't remember the msdn link as well as the name of this prevention technique. Some helps? Andrea
0
1316
by: Frank Miverk | last post by:
Hi, I am not understanding how the Remember Me checkbox is supposed to work here. I have a LoginCtrl (asp.net 2.0, framework 2.0) and all I want to do is remember the user the next time if they previously checked the Remember Me checkbox. By default, on subsequent visits the Remember Me checkbox does not stay checked. I understand that checking this checkbox, allows me to create a cookie using FormsAuthentication.SetAuthCookie(...
2
1251
by: Alex Hunsley | last post by:
I can remember Python having a feature which allowed you to add some simple tests to your code, something like adding console output to your actual python script, like so: 2 14 .... then python would actually run these queries and check that the
28
9135
by: jatrojoomla | last post by:
Hi! could anyone give me some clue that how to create 'remember login' functionality during login Thanks Sukalyan
4
3541
by: MissElegant | last post by:
Hi every body I wanna find someone in here who'd create me a 5-star rating system for my website using Javascript. The script should accept the rating a user made and place a cookie on the computer to remember what rating the user made. More than 10 of them should work on one page as well! Please help me. PS: Only use javascript and html of course.
0
9954
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9799
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
1
10869
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9591
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7985
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7137
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5808
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
6009
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4623
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.