Hi All,
This is my 1st posting to this group. Can any1 help me with the
"Remember Me" which is there in a login form. Im pasting the code
below. Im not able to set a cookie..
Thanks,
Shakun Vohra
<?php
// saving script
session_start();
displayLogin();
// connect to the server
$conn= mysql_connect( 'localhost', 'csci242', 'spring2006' )
or die( "Error! Could not connect to database: " . mysql_error()
);
// select the database
mysql_select_db( 'blogtagz' )
or die( "Error! Could not select the database: " . mysql_error()
);
// get the variables from the URL request string
$uname = $_POST['uname'];
$password = base64_encode($_POST['password']);
$reme=$_POST['rememberme'];
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
$_SESSION['uname'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}
/* Username and password have been set */
if(isset($_SESSION['uname']) && isset($_SESSION['password'])){
//if(confirmUser($_SESSION['uname'], $_SESSION['password']) == 0){
/* Confirm that username and password are valid */
if(confirmUser($_SESSION['uname'], $_SESSION['password']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['uname']);
unset($_SESSION['password']);
return false;
}
return true;
}
/* User not logged in */
else{
return false;
}
}
function confirmUser($username, $password){
global $conn;
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
}
/* Verify that user is in database */
$q = "select password from users where UserID = '$username'";
$result = mysql_query($q,$conn);
if(!$result || (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}
/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);
/* Validate that password is correct */
if($password == $dbarray['password'])
{
return 0; //Success! Username and password confirmed
}
else{
return 2; //Indicates password failure
}
}
/**
* Determines whether or not to display the login
* form or to show the user that he is logged in
* based on if the session variables are set.
*/
function displayLogin(){
global $logged_in;
if($logged_in){
echo "<h1>Logged In!</h1>";
echo "Welcome , you are logged in. <a
href=\"logout.php\">Logout</a>";
}
else{
?>
<h1>Login</h1>
<form action="" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="uname"
maxlength="30"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password"
maxlength="30"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox"
name="rememberme">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin"
value="Login"></td></tr>
<tr><td colspan="2" align="left"><a
href="User_Registration.php">Join</a></td></tr>
</table>
</form>
<?
}
}
/**
* Checks to see if the user has submitted his
* username and password through the login form,
* if so, checks authenticity in database and
* creates session.
*/
if(isset($_POST['sublogin'])){
/* Check that all fields were typed in */
if(!$_POST['uname'] || !$_POST['password']){
die('You didn\'t fill in a required field.');
}
/* Spruce up username, check length */
$_POST['uname'] = trim($_POST['uname']);
if(strlen($_POST['uname']) > 30){
die("Sorry, the username is longer than 30 characters, please
shorten it.");
}
/* Checks that username is in database and password is correct */
$pass = base64_encode($_POST['password']);
$result = confirmUser($_POST['uname'], $pass);
/* Check error codes */
if($result == 1){
die('That username doesn\'t exist in our database.');
}
else if($result == 2){
die('Incorrect password, please try again.');
}
/* Username and password correct, register session variables */
$_POST['uname'] = stripslashes($_POST['uname']);
$_SESSION['uname'] = $_POST['uname'];
$_SESSION['password'] = $pass;
/**
* Here the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his encrypted password. We set them both to
* expire in 100 days. Now, next time he comes to our site, we will
* log him in automatically.
*/
if(isset($_POST['rememberme'])){
setcookie("cookname", $_SESSION['uname'], time()+60*60*24*100,
"/",0);
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100,
"/",0);
}
/* Quick self-redirect to avoid resending data on refresh */
// echo "<meta http-equiv=\"Refresh\"
content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
// echo("hello without remem");
// echo(isset($_POST['rememberme']));
return;
}
/* Sets the value of the logged_in variable, which can be used in your
code */
$logged_in = checkLogin();
?>