423,323 Members | 1,789 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 423,323 IT Pros & Developers. It's quick & easy.

Are These Persistent Cookie Ideas Safe And Interesting ?

P: 39
Php Masters!

Every php persistent cookie tutorial I come across always save the user's password onto the user's hdd. To make things worst. Save it on the hdd without encrypting it.
Now, I thought it would be best if the cookie got named under the user's computer mach address and the mach address got saved in the db.
Then, when the user loads the login page, the cookie can check it's cookie name against the db and if there is a match then auto log the user into his/her account.
But, now I read, it is not possible to acquire the user's mach address unless uservon same lan of my webserver.

Q1a. So, what else can act as a substitute for the mach address ? What else can php grab from the user's computer which it can use as a reference against the Username to identify that it is the same user ?
IPs change. No good using that.

Q1b. How-about the user's computer name ? Can it grab that from the user's computer so it can use that as the mach substitute or use that as the cookie name ?

Q1c. Or maybe I just get the script to name the cookie in this format:


And make that cookie available as long as the user has not got his/her ip changed.
That way, when the user loads the login page whilst the ip hasn't changed, the cookie can check it's cookie name (username-ip) against the db and if there is a match then auto log the user into his/her account. What do you think ?
Can you guys show me how to do this by editing my code ?
I have been googling all night and reading whatever I find on the subject. But, I am still stuck and need to see some code samples to clear the confusion.

if(!empty($_POST["login"])) {
$conn = mysqli_connect("localhost", "root", "", "blog_samples");
$sql = "Select * from members where member_name = '" .
$_POST["member_name"] . "' and member_password = '" .
md5($_POST["member_password"]) . "'";
$result = mysqli_query($conn,$sql);
$user = mysqli_fetch_array($result);
if($user) {
$_SESSION["member_id"] = $user["member_id"];

if(!empty($_POST["remember"])) {
setcookie ("member_login",$_POST["member_name"],time()+ (10
* 365 * 24 * 60 * 60));
("member_password",$_POST["member_password"],time()+ (10 * 365 * 24 * 60 * 60));
} else {
if(isset($_COOKIE["member_login"])) {
setcookie ("member_login","");
if(isset($_COOKIE["member_password"])) {
setcookie ("member_password","");
} else {
$message = "Invalid Login";
#frmLogin {
padding: 20px 60px;
background: #B6E0FF;
color: #555;
display: inline-block;
border-radius: 4px;
.field-group {
.input-field {
padding: 8px;
width: 200px;
border: #A3C3E7 1px solid;
border-radius: 4px;
.form-submit-button {
background: #65C370;
border: 0;
padding: 8px 20px;
border-radius: 4px;
color: #FFF;
text-transform: uppercase;
.member-dashboard {
padding: 40px;
background: #D2EDD5;
color: #555;
border-radius: 4px;
display: inline-block;
.member-dashboard a {
color: #09F;
.error-message {

<?php if(empty($_SESSION["member_id"])) { ?>
<form action="" method="post" id="frmLogin">
<div class="error-message"><?php if(isset($message)) { echo $message; } ?>
<div class="field-group">
<div><label for="login">Username</label></div>
<div><input name="member_name" type="text" value="<?php
if(isset($_COOKIE["member_login"])) { echo $_COOKIE["member_login"]; } ?>"
<div class="field-group">
<div><label for="password">Password</label></div>
<div><input name="member_password" type="password" value="<?php
if(isset($_COOKIE["member_password"])) { echo $_COOKIE["member_password"]; }
?>" class="input-field">
<div class="field-group">
<div><input type="checkbox" name="remember" id="remember" <?php
if(isset($_COOKIE["member_login"])) { ?> checked <?php } ?> />
<label for="remember-me">Remember me</label>
<div class="field-group">
<div><input type="submit" name="login" value="Login" class="form-
<?php } else { ?>
<div class="member-dashboard">You have Successfully logged in!. <a
<?php } ?>

Q1d. What do you think about this unique idea ? Let me know if the idea is flawed or not.
During registration, the system would ask the user to upload any img.
During persistent cookie checking (meaning, when the user has loaded the login.php or home.php), the user would be shown a list of imgs to select. If he/she selects the right one they uploaded during registration then the system (cookie) would auto log them in.
Alternatively, the user can be shown a question and a few answer options in a checkbox or dynamic drop down ui that list the correct answer aswell as the incorrect answers. If the user selects the correct answer from the answering options then the user is auto logged in. Clicking the mouse is simpler than typing the username & password. And so, this little id check won't bother the user that much. Would it bother you, as a user ?

Alternatively, the user can be shown a list of imgs where an img can be of his/her family member (eg, brother, uncle) and a question that asks "what is this person top you ?" and show a few answer options in a checkbox such as:
1. Brother;
2. Uncle;
3. Friend;

etc. If the user selects the right answer then he/she is auto logged in. Else not.
If you like any of the ideas mentioned in Q1d, then how-about editing my code and showing us newbies a sample code on how to achieve the one you liked ?

Oct 12 '17 #1
Share this question for a faster answer!
Share on Google+

Post your reply

Sign in to post your reply or Sign up for a free account.