 |
|
|
|
Next: I'll bet Stuckle's house gets egged every Hallowe..
|
| Author |
Message |
External
Since: Sep 09, 2007
Posts: 1
|
(Msg. 1) Posted: Tue Oct 30, 2007 9:24 am
Post subject: how to create 'remember login' functionality during login
Archived from groups: comp>lang>php (more info?)
|
|
|
|
|
| Back to top |
|
 | |
External
Since: Oct 30, 2007
Posts: 1
|
(Msg. 2) Posted: Tue Oct 30, 2007 9:24 am
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
jatrojoomla wrote:
> Hi!
> could anyone give me some clue that how to create 'remember login'
> functionality during login
> Thanks
> Sukalyan
>
You would use something along the lines of:
if($_POST['remember'])
{
set_cookie("username", $username, time()+3600, "/", "yourwebsite.com");
}
Obviously you'd want this done after all login credentials have been
checked. |
|
| Back to top |
|
| |
External
Since: Oct 30, 2007
Posts: 1
|
(Msg. 3) Posted: Tue Oct 30, 2007 9:24 am
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: Jun 21, 2007
Posts: 17
|
(Msg. 4) Posted: Tue Oct 30, 2007 7:41 pm
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: Sep 20, 2007
Posts: 73
|
(Msg. 5) Posted: Tue Oct 30, 2007 7:41 pm
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: Sep 02, 2007
Posts: 210
|
(Msg. 6) Posted: Tue Oct 30, 2007 8:57 pm
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Tue, 30 Oct 2007 20:41:35 +0100, macca wrote:
> dont use cookies. They are not secure and some people have cookies
> turned off in their browsers. Use sessions instead.
Which is no use for a 'remember me' feature as the sessionid will have to
get to the script some way: either by GET query-string, POST value (both
of which aren't available on the next visit) or COOKIE value (which BTW is
the default for sessions). A cookie is the only way to implement this, and
for security reasons I always advise clients to forget about that feature.
--
Rik Wasmus >> Stay informed about: how to create 'remember login' functionality during login |
|
| Back to top |
|
| |
External
Since: Mar 01, 2006
Posts: 315
|
(Msg. 7) Posted: Tue Oct 30, 2007 9:09 pm
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: Sep 20, 2007
Posts: 73
|
(Msg. 8) Posted: Tue Oct 30, 2007 9:09 pm
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
"Michael Fesser" wrote in message
> .oO(macca)
>
>>dont use cookies. They are not secure and some people have cookies
>>turned off in their browsers. Use sessions instead.
>
> Sessions:
>
> 1) don't work here, as said
> 2) usually also use cookies (the SID can also be part of the URL, but
> then it's even more insecure than the cookie)
That's like saying chicken is a dangerous meat - simply because it contains
live salmonela.
In fact - it's healthier and safer than other meats.
Handled well - cookies are safe, too.
It's totally OK to use cookies to remember site preferences - screen size,
number of columns, etc.
And even to re-greet a returning user.
But then, when they try to do anything secure - ask for login creds.
Zend.com seems to do it this way. >> Stay informed about: how to create 'remember login' functionality during login |
|
| Back to top |
|
| |
External
Since: Oct 31, 2007
Posts: 3
|
(Msg. 9) Posted: Wed Oct 31, 2007 8:53 pm
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Op 2007-10-30 14:21:56 +0100, zei Chris Gorospe :
> You would use something along the lines of:
>
>
> if($_POST['remember'])
> {
> set_cookie("username", $username, time()+3600, "/", "yourwebsite.com");
> }
>
> Obviously you'd want this done after all login credentials have been checked.
I would have lotsa fun with this feature if I wasn't a nice guy. Even
some standard browsers let you manipulate cookies. You should also
store a string to check the validity of the cookie and the last know ip
adress.
Example
$supersercret='mysectret';
$md5hash=md5($_SERVER[''REMOTE_ADDR].$username.$supersecret);
add this value to the cookie.
on every page check if the md5hash of the username, ip and supersecret
match the hd5hash in the cookie
Floortje >> Stay informed about: how to create 'remember login' functionality during login |
|
| Back to top |
|
| |
External
Since: Sep 20, 2007
Posts: 73
|
(Msg. 10) Posted: Wed Oct 31, 2007 8:53 pm
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
"floortje" wrote in message
> I would have lotsa fun with this feature if I wasn't a nice guy. Even some
> standard browsers let you manipulate cookies. You should also store a
> string to check the validity of the cookie and the last know ip adress.
>
> Example
> $supersercret='mysectret';
> $md5hash=md5($_SERVER[''REMOTE_ADDR].$username.$supersecret);
> add this value to the cookie.
>
> on every page check if the md5hash of the username, ip and supersecret
> match the hd5hash in the cookie
I use a "loginCookieValue" (UUID) in the users database.
Every page-view gets a new one.
That way - even if a would-be hacker steals a "session" for one page, it
won't be good for the next. >> Stay informed about: how to create 'remember login' functionality during login |
|
| Back to top |
|
| |
External
Since: Sep 02, 2007
Posts: 210
|
(Msg. 11) Posted: Wed Oct 31, 2007 9:51 pm
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Wed, 31 Oct 2007 21:30:58 +0100, Sanders Kaufman
wrote:
> "floortje" wrote in message
>
>
>> I would have lotsa fun with this feature if I wasn't a nice guy. Even
>> some
>> standard browsers let you manipulate cookies. You should also store a
>> string to check the validity of the cookie and the last know ip adress.
>>
>> Example
>> $supersercret='mysectret';
>> $md5hash=md5($_SERVER[''REMOTE_ADDR].$username.$supersecret);
>> add this value to the cookie.
>>
>> on every page check if the md5hash of the username, ip and supersecret
>> match the hd5hash in the cookie
>
> I use a "loginCookieValue" (UUID) in the users database.
> Every page-view gets a new one.
> That way - even if a would-be hacker steals a "session" for one page, it
> won't be good for the next.
Do you mean every arbitrary request will alter one and the same cookie, or
every single path gets its own? Both have some drawbacks, mostly race /
simultanious requests conditions (and a hacker gets a new one too) for the
first, people screaming they're 'logged out' when they haven't even logged
in, but just request a previously unvisited page for the latter. But maybe
I'm looking at it wrong. Could you elaborate?
--
Rik Wasmus >> Stay informed about: how to create 'remember login' functionality during login |
|
| Back to top |
|
| |
External
Since: Oct 31, 2007
Posts: 3
|
(Msg. 12) Posted: Wed Oct 31, 2007 9:56 pm
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Op 2007-10-31 21:30:58 +0100, zei "Sanders Kaufman" :
>> of the username, ip and supersecret
>> match the hd5hash in the cookie
>
> I use a "loginCookieValue" (UUID) in the users database.
> Every page-view gets a new one.
> That way - even if a would-be hacker steals a "session" for one page, it
> won't be good for the next.
Even better offcourse but i'd still check the ip.
Floortje >> Stay informed about: how to create 'remember login' functionality during login |
|
| Back to top |
|
| |
External
Since: Sep 02, 2007
Posts: 210
|
(Msg. 13) Posted: Wed Oct 31, 2007 10:01 pm
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Wed, 31 Oct 2007 21:56:57 +0100, floortje wrote:
> Op 2007-10-31 21:30:58 +0100, zei "Sanders Kaufman" :
>>> of the username, ip and supersecret
>>> match the hd5hash in the cookie
>> I use a "loginCookieValue" (UUID) in the users database.
>> Every page-view gets a new one.
>> That way - even if a would-be hacker steals a "session" for one page, it
>> won't be good for the next.
>
> Even better offcourse but i'd still check the ip.
Then you'll be quite miserable with for instance AOL users. Sometimes
those people seem to change IP (during a session I might add) due to their
proxy network I believe...
--
Rik Wasmus >> Stay informed about: how to create 'remember login' functionality during login |
|
| Back to top |
|
| |
External
Since: Oct 31, 2007
Posts: 3
|
(Msg. 14) Posted: Wed Oct 31, 2007 10:01 pm
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Op 2007-10-31 22:04:09 +0100, zei "Rik Wasmus" :
> On Wed, 31 Oct 2007 21:56:57 +0100, floortje wrote:
>
>> Op 2007-10-31 21:30:58 +0100, zei "Sanders Kaufman" :
>>>> of the username, ip and supersecret
>>>> match the hd5hash in the cookie
>>> I use a "loginCookieValue" (UUID) in the users database.
>>> Every page-view gets a new one.
>>> That way - even if a would-be hacker steals a "session" for one page, it
>>> won't be good for the next.
>>
>> Even better offcourse but i'd still check the ip.
>
> Then you'll be quite miserable with for instance AOL users. Sometimes
> those people seem to change IP (during a session I might add) due to
> their proxy network I believe...
AOL Proxy sends X-forwarded-for so there should be little trouble but
your point is still valid. I personally never had any complaints but
that sais little.
Floortje >> Stay informed about: how to create 'remember login' functionality during login |
|
| Back to top |
|
| |
External
Since: Mar 01, 2006
Posts: 315
|
(Msg. 15) Posted: Wed Oct 31, 2007 10:01 pm
Post subject: Re: how to create 'remember login' functionality during login [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
..oO(floortje)
>Op 2007-10-31 22:04:09 +0100, zei "Rik Wasmus" :
>
>> On Wed, 31 Oct 2007 21:56:57 +0100, floortje wrote:
>>
>>> Even better offcourse but i'd still check the ip.
>>
>> Then you'll be quite miserable with for instance AOL users. Sometimes
>> those people seem to change IP (during a session I might add) due to
>> their proxy network I believe...
>
>AOL Proxy sends X-forwarded-for so there should be little trouble but
>your point is still valid. I personally never had any complaints but
>that sais little.
Exactly. Not all proxies send that header, and there are many more ISPs
or company networks that use proxies. Relying on the IP is a bad idea in
general, simply because it's not unique to a particular visitor.
Micha >> Stay informed about: how to create 'remember login' functionality during login |
|
| Back to top |
|
| |
| Related Topics: | Multiple login without db - I'm newbie. Just wonder, after googling for several hours: is it impossible to make a login script for, say, three different users and, after successfull login with username and password, redirect them to their destination (totally three destinations,...
Get Windows login - Hi! I was given a task to develop a php based application. All well, but now my boss wants me to make it more "user friendly" in a manner that they won't have to write in their usernames and passwords, which they already have too many. I figu...
secure login system - Hi group, I need a login system for some 'private' pages. Users should be pulled from a mysql DB. Now, i've read a lot on login systems, and somehow there's _always_ the discussion with sessions (hijacking), dynamic IPs/Proxies. One hand sessions on..
Capturing Windows Login Name - I know it is not possible to get Windows login name using PHP because it is a server-side script, but I dunno whether anyone has tried using JavaScript in conjuction with PHP to capture the login name and save it as a php variable. Here is the JScript I....
problems with login script - Hi, I can't get this script to work. I've used this exact script on other places and it works, but now i get this error. <code> Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in.. |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Search
Profile
Private Messages
Log in
