As i said before in my last post, i'm working on a login form.
I'm done with that and i'm really happy with the results, so i wanna add a new Function to this proyect: a Remember Me Checkbox..!
I split the login in 2 files: the Login Form, and a Check Login that process the data coming from the Form. Here are the codes:
Login Form:
<?
session_name ('gdLogin');
session_start();
//Start a session where i save the error msgs.
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Ingresar</title>
<style type="text/css">
.cabecera {color:#FFF; background-color:#407CBF; text-align:center}
</style>
<style type="text/css">
.textopeque {font-size:12px; color:#407CBF}
</style>
<style type="text/css">
.error {color:#F00; text-align:center; background-color:transparent}
</style>
</head>
<body>
<table width="100%" height="60%">
<tr>
<td valign="middle">
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<? if(isset($_SESSION['msg'])) /*Any error..? let's show it up*/ { ?>
<tr>
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3" class="error"><strong><? echo $_SESSION['msg']; unset($_SESSION['msg']); ?></strong></td>
</tr>
</table>
</td>
</tr>
<? } ?>
<tr>
<form name="login" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3" class="cabecera"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="username" type="text"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="password"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td valign="middle"><input type="submit" name="Login" value="Login">
<span class="textopeque">Remember Me?</span> <input type="checkbox" name="rememberMe" value="on"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
Check Login:
<?
define('INCLUDE_CHECK',true);
require 'connect.php';
//Only include if INCLUDE_CHECK is defined.
session_name('gdLogin');
session_start();
//Start the Session.
if(isset($_COOKIE['GerarID'])){
//Any cookie?, i check the ID of the user.
$id= $_COOKIE['GerarID'];
$row=mysql_fetch_assoc(mysql_query("Select id, usr FROM userinfo WHERE id='$id'"));
if($row['usr']){
//ID it's cool, auto login.
$usr=$row['usr'];
srand(time());
$id = (rand());
//Generate a New ID, update the DB.
mysql_fetch_assoc(mysql_query("Update userinfo SET id=$id WHERE usr='$usr'"));
setcookie('GerarID', $id, time()+60*60*24*7);
//New cookie with new user ID
$_SESSION['GerarDS']['id']=$id;
$_SESSION['GerarDS']['usr']=$usr;
//Save some data in session vars.
header ("Locarion: logged.php");
exit;
} else{
//Wrong cookie?, maybe it's old.
setcookie('GerarID',"",time()-3600);
header ("Location: login.php");
exit;
//delete the cookie and go to login.php
}
}
if(isset($_GET['logoff'])){
$_SESSION=array();
session_destroy();
if(isset($_COOKIE['GerarID'])){ setcookie('GerarID',"",time()-3600); }
header("Location:index.php");
exit;
//Destroy the Session and the Cookie, then go to index..
}
if(isset ($_POST['Login'])){
//Check data coming From Login Form.
if(!$_POST['username'] || !$_POST['password']) {
$err='Se deben llenar todas las casillas';
//Empty fiel, save the msg so i can show it up.
}
if(!isset($err)){
//No error? cool, let's check if the usr and pw match.
$_POST['username']=mysql_real_escape_string($_POST['username']);
$_POST['password']=mysql_real_escape_string($_POST['password']);
$remember=$_POST['rememberMe'];
//Save the value of the checkbox.
$row=mysql_fetch_assoc(mysql_query("Select id, usr FROM userinfo WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));
if($row['usr']){
//User and PW match?, let's login then.
srand(time());
$id = (rand());
//Generate new user ID and update the BD.
mysql_fetch_assoc(mysql_query("Update userinfo SET id=$id WHERE usr='$usr'"));
$_SESSION['GerarDS']['usr']=$row['usr'];
$_SESSION['GerarDS']['id'] =$id;
//Save some data in session.
if($remember='on'){
setcookie('GerarID', $id, time()+60*60*24*7);
//RememberME check?, save the ID in a cookie.
}
header ("Location: logged.php");
exit;
} else {$err='Usuario y/o Contraseña equivocada'; } //Wrong User and/or password.
}
if(isset($err)){
$_SESSION['msg']=$err; //Save the error in a session var so i can use them in the login form.
header("Location: login.php");
}
}
else {
header ("Location: login.php");
}
?>
The problem is that, apparently the cookie is saving correct, but when i login and come to the CheckLogin again (is my index, for now), it redirect me to the Login instead of Logged.
That's all for now, any help would be really appreciated...
...PS: If i get this working, i might post all the code and do like a tuto, 'cuz i think the login is very simple, but have some cool security functions.
BTW: Any comment about the security is welcome to..
PSS: Again, sorry about my english...
Answered
