[RGarcia]

Hello again guys, this time I am trying to implement the use of cookies in my login page. I am willing to include that known option of save a username, save password, or save both login info for the next time user came to the login page. I think that what I have wrong is the $_SESSION['user_is_loged_in'] that was used before to redirect users to login page if they try to directly access application pages without being logged. I am not sure why it is not working. If you think I am right or if you think I am wrong please post your recommendations, I will really appreciate it, thanks in advance. Oh I must include this is the fifth hour after I begin trying to implement this feature. Well here are the html and php codes:

This is the login.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="html_styles.css" type="text/css" />
<title>Login</title>
</head>

<body>
<!--Heading-->
<h1 align="center">Main</h1><hr/>
<h2><p>User Login:</p></h2>

<!--This is the first form, used by existing users-->
<form action="LoginDtb.php" method="post" enctype="application/x-www-form-urlencoded">
<p><strong>Username</strong>: <input type="text" name="username" size="26" tabindex="1" /></p>
<p><strong>Password</strong>: <input type="password" name="password" size="28" tabindex="2" /></p>
<p>Remember my username: <input type="radio" name="RememberUsername" value="1"><br/>Remember my password: <input type="radio" name="RememberPass" value="1"><br/>Remember both: <input type="radio" name="RememberBoth" value="1"></p>

<!--Login button-->
<p><input type="submit" value="Login" tabindex="3"/>
</form><hr width="20%"/></p>

<h2><p>Add User:</p></h2>

<!--This is the second form used to add new users-->
<form action="add_user.php" method="post" enctype="application/x-www-form-urlencoded">
<p><strong>Username</strong>: <input type="text" name="new_username" size="26" tabindex="4" /></p>
<p><strong>Password</strong>: <input type="password" name="password1" size="28" tabindex="5" /></p>
<p align="center"><strong>Confirm Password</strong>: <input type="password" name="password2" size="20" tabindex="6" /></p>

<!--Add User button-->
<p><input type="submit" value="Add User" tabindex="7"/>
</form><hr/></p>

</body>
</html>

Bellow is the LoginDTB.php, note this is the action for the last form included.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<?php 
// store session data
session_start();
$_SESSION['user_is_loged_in']=false;
$_SESSION['Username'];
$_SESSION['Pass'];
$PermanentUser = setcookie('username', $_SESSION['Username'], time()+60*60*24*365, '/account', 'http://localhost/login.html');
$PermanentPass = setcookie('password', $_SESSION['Pass'], time()+60*60*24*365, '/account', 'http://localhost/login.html');
$TemporaryPass = setcookie('password', md5($_SESSION['Pass']), false, '/account', 'http://localhost/login.html');	
	 	
if (isset($_POST['RememberUsername'])) 
	
	/* Set cookie to last 1 year */
	$PermanentUser;
	if (isset($_COOKIE['username']))
	{
		$_SESSION['user_is_loged_in']=true;
	}
		
	
	elseif(isset($_POST['RememberPass']))
	{
		/* Set cookie to last 1 year */
		$PermanentPass;
		if (isset($_COOKIE['password']))
		{
				$_SESSION['user_is_loged_in']=true;
		}
	}
	elseif(isset($_POST['RememberBoth']))
	{
		/* Set cookie to last 1 year */
		$PermanentUser;
		$PermanentPass;
		if (isset($_COOKIE['username']) && isset($_COOKIE['password']))
		{
		$_SESSION['user_is_loged_in']=true;
		}
	}
	else
		/* Cookie expires when browser closes */
		$TemporaryPass;


?>

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="php_styles.css" type="text/css" />
<title>User Login</title>
</head>

<body>

<?php
// Verifying that fields are not empty.
if(empty($_POST['username']) ||
	empty($_POST['password']))
	//If values are empty then the message bellow will be shown
	echo "<div>You must enter a value in each field!</div><p>Click your browser back button and try again!</p>";
//If values are not empty then everything bellow happens
else
{

	//Varible declared to establish a connection

	$Connection = mysql_connect("localhost", "user1", "ryciorycio"); 	

	//Veryfing if connection is established
	if (!$Connection)
	{
		die('Could not connect: ' . mysql_error());
	}
	else
	{
	
		$User = $_POST['username'];
		$Password = $_POST['password'];
		mysql_select_db("garcia", $Connection);
		$result = mysql_query("SELECT Username, Password
		FROM `users` 
		WHERE Username = '$User'
		AND Password = '$Password'
		LIMIT 0 , 30");
		$row = mysql_fetch_array($result);
  
		
		
			if(($row['Username'] !== $User) && ($row['Password'] !== $Password))
			{
				//If the user information is not found in the table 
				echo"<div>User does not exist, create a user first or try again!</div>";
				echo"<hr width='25%'/><a href='login.html'><p>Return to the main login page</p></a>";
	
			}
			else
			{
	
				$_SESSION['user_is_loged_in'] = true;	
				$_SESSION['Username'] = $User;
				$_SESSION['Password'] = $Password;	
		
				// Redirecting existing user to the admin page.
				header('Location:admin.php');
				exit;
			}
	
	}
}
?>
<!--Link to return to the main login page-->
<p><hr class="short"/><a href="login.html"></p><p>Return to the main login page</p></a>
</body>
</html>

Ok now bellow is the admin.php code. This php is included in all the other pages so the menu could be shared.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php 
session_start();

if(!isset($_SESSION['user_is_loged_in']) ||
	$_SESSION['user_is_loged_in'] !== true)
	{
		header('Location:login.html');
		exit;
	}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="html_styles.css" type="text/css" />
<title>Admin Menu</title>
</head>

<body>

<h1 align="center">Admin Menu</h1>
<?php

// Welcome message identifying user.
$today = date("F jS, Y");
echo "<h5 align='center'>Welcome " . $_SESSION['Username'] . ", you are an authorized user!\t|\t" . $today . ".</h5>";
?>
<hr/>
<!--Heading-->
<!--Display link-->
<p><a href="ShowAllRecords.php" target="_self" tabindex='1'><strong>Display</strong></a>
	|	
<!--Insert link-->
<a href="AddContact.php" target="_self" tabindex='2'><strong>Insert</strong></a>
	|	
<!--Modify link-->
<a href="contact_modify.php" target="_self" tabindex='3'><strong>Modify</strong></a>
	|	
<!--Delete Contact link-->
<a href="contact_delete.php" target="_self" tabindex='4'><strong>Delete Contacts</strong></a>
	|	
<!--Logoff link-->
<a href="logout.php" target="_self" tabindex='5'><strong>Logoff</strong></a>
</p>

</body>
</html>

And last but not least is the logout.php:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>

<?php
// Starting the session.
session_start();

// if the user is logged in, unset the session
if (isset($_SESSION['user_is_loged_in'])) 
	{
		unset($_SESSION['user_is_loged_in']);
	}
// redirect user to login page.
header('Location: login.html');
?>

</body>
</html>

Now please provide any relevant knowledge or show me the light please, I will really appreciate it, thanks in advance.

This post has been edited by RGarcia: 14 July 2010 - 04:19 PM

[JackOfAllTrades]

setcookie('username', $_SESSION['Username'], time()+60*60*24*365, '/account', 'http://localhost/login.html');

That last argument is wrong. It should be set to your DOMAIN, not a url. For example, if your domain was "example.com", you would want that argument to be "example.com", or ".example.com" if you want it to cover other subdomains like "www.example.com" and "admin.example.com" and "user.example.com"

The PHP manual, and the Cookie spec have information for you.

[RGarcia]

JackOfAllTrades, on 14 July 2010 - 03:46 PM, said:

setcookie('username', $_SESSION['Username'], time()+60*60*24*365, '/account', 'http://localhost/login.html');

That last argument is wrong. It should be set to your DOMAIN, not a url. For example, if your domain was "example.com", you would want that argument to be "example.com", or ".example.com" if you want it to cover other subdomains like "www.example.com" and "admin.example.com" and "user.example.com"

The PHP manual, and the Cookie spec have information for you.

Well I don't know if I have missed something else. I look for the settled domain in php.ini becaue I am using WAMP as my server. I have already try different alternatives for example I change my code to see if I am able to succeed with one of them:

$PermanentUser = setcookie('username', $_SESSION['Username'], time()+60*60*24*365, '/account', 'http://localhost/login.html');
$PermanentPass = setcookie('password', $_SESSION['Pass'], time()+60*60*24*365, '/account', 'localhost');
$TemporaryPass = setcookie('password', md5($_SESSION['Pass']), false, '/account', '/localhost/');

and many other combinations trying to debug what you state before but I am not able to correct it. Can you tell me if there is a settled domain to WAMP users. This is an assignment so is not being uploaded to any place. Thanks in advance for your prompt response.

[Valek]

Jack is exactly right. On a locally-run server, the domain parameter (the 5th one) should be an empty string.

This post has been edited by Valek: 14 July 2010 - 11:05 PM

[RGarcia]

Valek, on 14 July 2010 - 07:58 PM, said:

Jack is exactly right. On a locally-run server, the domain parameter (the 4th one) should be an empty string.

Ok I did follow the instructions but even that I have include a

print_r($_COOKIE);

to the admin.php, and it is nicely showing it, Username or password still not showing at the login.html. Now I am close to the tenth hour trying this. I must add that I know your recommendations guys are excellent but it still not working. Can I ask you to try again please? Thanks in advance.

[Valek]

/* Set cookie to last 1 year */
	    $PermanentUser;
	    if (isset($_COOKIE['username']))
	    {
	        $_SESSION['user_is_loged_in']=true;
	    }
	         
	     
	    elseif(isset($_POST['RememberPass']))
	    {
	        /* Set cookie to last 1 year */
	        $PermanentPass;
	        if (isset($_COOKIE['password']))
	        {
	                $_SESSION['user_is_loged_in']=true;
	        }
	    }
	    elseif(isset($_POST['RememberBoth']))
	    {
	        /* Set cookie to last 1 year */
	        $PermanentUser;
	        $PermanentPass;
	        if (isset($_COOKIE['username']) && isset($_COOKIE['password']))
	        {
	        $_SESSION['user_is_loged_in']=true;
	        }
	    }
	    else
	        /* Cookie expires when browser closes */
	        $TemporaryPass;

You do realize when you called setcookie() that you created the cookie, right? By that token, the cookie checks become pointless. Also, the lines just containing variable names don't do anything.

[RGarcia]

Ok I will try it and let you know later, thanks a lot for that.

Ok this is what I have now:

<?php 
// store session data
session_start();
$_SESSION['user_is_loged_in']=false;
$_SESSION['Username'];
$_SESSION['Pass'];

if (isset($_POST['RememberUsername'])) 
	setcookie('username', $_POST['username'], time()+60*60*24*365, '/');
	/* Set cookie to last 1 year */
	if (isset($_COOKIE['username']))
	{
	
		$_SESSION['user_is_loged_in']=true;
	}
		
	
	elseif(isset($_POST['RememberPass']))
	{
		setcookie('password', $_POST['password'], time()+60*60*24*365, '/');
		/* Set cookie to last 1 year */
		if (isset($_COOKIE['password']))
		{
				$_SESSION['user_is_loged_in']=true;
		}
	}
	elseif(isset($_POST['RememberBoth']))
	{
		/* Set cookie to last 1 year */
		setcookie('username', $_POST['username'], time()+60*60*24*365, '/');
		setcookie('password', $_POST['password'], time()+60*60*24*365, '/');
		if (isset($_COOKIE['username']) && isset($_COOKIE['password']))
		{
		$_SESSION['user_is_loged_in']=true;
		}
	}
	else
		/* Cookie expires when browser closes */
		setcookie('username', $_POST['username'], false, '/');	
		setcookie('password', $_POST['password'], false, '/');	
	 
?>

I delete the variable declaration at the beginning and the variables at the decission block. I try it and is not working. I was sure this was going to fix it. However I think maybe is late and I must have my mind blowed so see you tomorrow and thanks.

This post has been edited by RGarcia: 14 July 2010 - 10:35 PM

[Valek]

Well, if you're trying to auto-populate fields on the login form, you're going to want to have login.php check to see if such cookies exist. If they do, have the value attribute on the appropriate input element set to the value contained within the cookie. I do recommend keeping an eye on the data that goes into and out of the cookies, however. Being susceptible to user input means they cannot be trusted by default.

[RGarcia]

Valek, on 14 July 2010 - 10:16 PM, said:

Well, if you're trying to auto-populate fields on the login form, you're going to want to have login.php check to see if such cookies exist. If they do, have the value attribute on the appropriate input element set to the value contained within the cookie. I do recommend keeping an eye on the data that goes into and out of the cookies, however. Being susceptible to user input means they cannot be trusted by default.

I told you, it was late for me. This morning when I wake up I try it again, and it works perfectly with your last recommendation. Sorry for that men some times our mind just need to rest. Thanks again, to both of you.

[Valek]

Oh yeah, I completely understand that. Glad you got it working