Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

- - - - -

PHP Loging Form: Remember Me Checkbox.

align login

  • Please log in to reply
6 replies to this topic

#1 Guest_GerarD_91_*

Guest_GerarD_91_*
  • Guest

Posted 18 March 2011 - 06:19 PM

Hi there ppl...:)

As i said before in my last post, i'm working on a login form.

I'm done with that and i'm really happy with the results, so i wanna add a new Function to this proyect: a Remember Me Checkbox..! :rolleyes:

I split the login in 2 files: the Login Form, and a Check Login that process the data coming from the Form. Here are the codes:

Login Form:


<?
session_name ('gdLogin');
session_start();
//Start a session where i save the error msgs.
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Ingresar</title>
<style type="text/css">
.cabecera {color:#FFF; background-color:#407CBF; text-align:center}
</style>
<style type="text/css">
.textopeque {font-size:12px; color:#407CBF}
</style>
<style type="text/css">
.error {color:#F00; text-align:center; background-color:transparent}
</style>
</head>
<body>
<table width="100%" height="60%">
<tr>
<td valign="middle">
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<? if(isset($_SESSION['msg'])) /*Any error..? let's show it up*/ { ?>
<tr>
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3" class="error"><strong><? echo $_SESSION['msg']; unset($_SESSION['msg']); ?></strong></td>
</tr>
</table>
</td>
</tr>
<? } ?>
<tr>
<form name="login" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3" class="cabecera"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="username" type="text"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="password"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td valign="middle"><input type="submit" name="Login" value="Login">
<span class="textopeque">Remember Me?</span> <input type="checkbox" name="rememberMe" value="on"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>


Check Login:


<?
define('INCLUDE_CHECK',true);
require 'connect.php';
//Only include if INCLUDE_CHECK is defined.

session_name('gdLogin');
session_start();
//Start the Session.

if(isset($_COOKIE['GerarID'])){

//Any cookie?, i check the ID of the user.
$id= $_COOKIE['GerarID'];
$row=mysql_fetch_assoc(mysql_query("Select id, usr FROM userinfo WHERE id='$id'"));
if($row['usr']){
//ID it's cool, auto login.
$usr=$row['usr'];
srand(time());
$id = (rand());
//Generate a New ID, update the DB.
mysql_fetch_assoc(mysql_query("Update userinfo SET id=$id WHERE usr='$usr'"));
setcookie('GerarID', $id, time()+60*60*24*7);
//New cookie with new user ID
$_SESSION['GerarDS']['id']=$id;
$_SESSION['GerarDS']['usr']=$usr;
//Save some data in session vars.
header ("Locarion: logged.php");
exit;
} else{
//Wrong cookie?, maybe it's old.
setcookie('GerarID',"",time()-3600);
header ("Location: login.php");
exit;
//delete the cookie and go to login.php
}

}
if(isset($_GET['logoff'])){

$_SESSION=array();
session_destroy();
if(isset($_COOKIE['GerarID'])){ setcookie('GerarID',"",time()-3600); }
header("Location:index.php");
exit;
//Destroy the Session and the Cookie, then go to index..

}
if(isset ($_POST['Login'])){

//Check data coming From Login Form.
if(!$_POST['username'] || !$_POST['password']) {
$err='Se deben llenar todas las casillas';
//Empty fiel, save the msg so i can show it up.
}
if(!isset($err)){
//No error? cool, let's check if the usr and pw match.
$_POST['username']=mysql_real_escape_string($_POST['username']);
$_POST['password']=mysql_real_escape_string($_POST['password']);
$remember=$_POST['rememberMe'];
//Save the value of the checkbox.

$row=mysql_fetch_assoc(mysql_query("Select id, usr FROM userinfo WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));

if($row['usr']){

//User and PW match?, let's login then.

srand(time());
$id = (rand());
//Generate new user ID and update the BD.
mysql_fetch_assoc(mysql_query("Update userinfo SET id=$id WHERE usr='$usr'"));
$_SESSION['GerarDS']['usr']=$row['usr'];
$_SESSION['GerarDS']['id'] =$id;
//Save some data in session.
if($remember='on'){
setcookie('GerarID', $id, time()+60*60*24*7);
//RememberME check?, save the ID in a cookie.
}
header ("Location: logged.php");
exit;
} else {$err='Usuario y/o Contraseña equivocada'; } //Wrong User and/or password.
}

if(isset($err)){
$_SESSION['msg']=$err; //Save the error in a session var so i can use them in the login form.
header("Location: login.php");
}
}
else {
header ("Location: login.php");
}
?>


The problem is that, apparently the cookie is saving correct, but when i login and come to the CheckLogin again (is my index, for now), it redirect me to the Login instead of Logged.

That's all for now, any help would be really appreciated...:rolleyes:...

PS: If i get this working, i might post all the code and do like a tuto, 'cuz i think the login is very simple, but have some cool security functions.
BTW: Any comment about the security is welcome to.. :P

PSS: Again, sorry about my english...
  • 0

#2 dargueta

dargueta

    I chown trolls.

  • Moderator
  • 4854 posts
  • Programming Language:C, Java, C++, PHP, Python, JavaScript, Perl, Assembly, Bash, Others
  • Learning:Objective-C

Posted 19 March 2011 - 01:19 AM

header ("Loca[COLOR="red"][B]r[/B][/COLOR]ion: logged.php"); 

Is this the problem?
  • 0

sudo rm -rf / && echo $'Sanitize your inputs!'


#3 Guest_GerarD_91_*

Guest_GerarD_91_*
  • Guest

Posted 20 March 2011 - 03:21 PM

Thanks @dargueta, i fixed that typo, but the problem still remains. Apparently the cookie is saved, but idk why i'm not been redirected to the logged.php file...
  • 0

#4 dargueta

dargueta

    I chown trolls.

  • Moderator
  • 4854 posts
  • Programming Language:C, Java, C++, PHP, Python, JavaScript, Perl, Assembly, Bash, Others
  • Learning:Objective-C

Posted 23 March 2011 - 08:33 AM

Try putting in the full URL instead of just the file name.
  • 0

sudo rm -rf / && echo $'Sanitize your inputs!'


#5 Upstream

Upstream

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 98 posts
  • Location:Netherlands
  • Programming Language:C, C++, PHP, (Visual) Basic, JavaScript, Perl, Bash, Others
  • Learning:Others

Posted 23 March 2011 - 10:25 AM

With header() I always use variable that contains a composed string containing ‘location:url’:
$root = "location: " . "http://" . $_SERVER['SERVER_NAME'];
header($root);

For you I think this would be:
$url = "location: " . "http://" . $_SERVER['SERVER_NAME'] . “/logged.php”;
header($url);

Maybe this will work for you.

Good luck.

Edited by dargueta, 28 March 2011 - 01:22 PM.

  • 0

#6 Upstream

Upstream

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 98 posts
  • Location:Netherlands
  • Programming Language:C, C++, PHP, (Visual) Basic, JavaScript, Perl, Bash, Others
  • Learning:Others

Posted 23 March 2011 - 11:37 AM

I always use a string like this:

$url = "location: " . "http://" . $_SERVER['SERVER_NAME'] . "/logged.php";
header($url);

  • 0

#7 dargueta

dargueta

    I chown trolls.

  • Moderator
  • 4854 posts
  • Programming Language:C, Java, C++, PHP, Python, JavaScript, Perl, Assembly, Bash, Others
  • Learning:Objective-C

Posted 27 March 2011 - 11:22 PM

Maybe try cgi-bin/logged.php or dropping the "http://" part.

Edit: Just for kicks, try responding with an HTTP 302 code instead of 200. If that doesn't work then the problem is definitely with your headers. If not, then you're ** up the return codes or not obeying the protocol.

Edited by dargueta, 28 March 2011 - 01:27 PM.

  • 0

sudo rm -rf / && echo $'Sanitize your inputs!'






Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download