11 Replies - 651 Views - Last Post: 22 January 2018 - 04:09 PM Rate Topic: -----

#1 pfar54   User is offline

  • D.I.C Regular

Reputation: 0
  • View blog
  • Posts: 473
  • Joined: 30-April 15

Cookie based automatic login

Posted 01 January 2018 - 09:00 PM

I watched a tutorial on a simple php login/user framework a couple of years ago. Occasionally, I use it, but one thing I could never get to work is the automatic login when a user clicks the "Remember me" checkbox when signing in. The framework uses a mix of session and cookies.

Below is my understanding of how it works, as well as the code for it. Please let me know if you see what is wrong. There are multiple files working together, which include; init, session, cookie, user, signin and index.

Just to clarify, one aspect of this that does work is that I have a 'users_session' database table and the session does get sent correctly to this table and deleted upon logging out.

Init file:

I have my initialization file on every page.

session_start();
	
$GLOBALS['config'] = array(
	'mysql' => array(
		'host' => 'localhost',
		'username' => 'username',
		'password' => 'password',
		'db' => 'db'
	),
	'remember' => array(
		'cookie_name' => 'hash',
		'cookie_expiry' => 604800
	),
	'session' => array(
		'session_name' => 'user',
		'token_name' => 'token'
		)
	);
	
	spl_autoload_register(function($class) {
		require_once 'classes/' . $class . '.php';
	});
		
	require_once 'functions/sanitize.php';

	if(Cookie::exists(Config::get('remember/cookie_name')) && !Session::exists(Config::get('session/session_name'))) {
		$hash = Cookie::get(Config::get('remember/cookie_name'));
		$hashCheck = DB::getInstance()->get('users_session', array('hash', '=', $hash));
		
		if($hashCheck->count()) {
			$user = new User($hashCheck->first()->user_id);
			$user->login();
		}
	}


When a user signs in, they have the choice to click 'remember me'. Doing this sends the user info into a database table if it is clicked.

if(Input::exists()) { 
	if(Token::check(Input::get('token'))) { 

		$validate = new Validate();
		$validation = $validate->check($_POST, array( 
			'username' => array('required' => true), 
			'password' => array('required' => true) 
		)); 

		if($validation->passed()) { 
			$user = new User();
			$cookieName = Config::get('remember/cookie_name');

			/*$login = true;
			if(Cookie::exists($cookieName)) {
				if( $user->data()->password === Cookie::get($cookieName)){
					echo $logged = '<span class="signinpanel">' . "You've been automatically logged in." . '</span>';
				}
				else {
					echo $logged = '<span class="signinpanel">' . "You could not be automatically logged in." . '</span>';
					//Cookie::delete($cookieName);
				}
			} 
			else { */

			$remember = (Input::get('remember') === 'on') ? true : false;
			$login = $user->login(Input::get('username'), Input::get('password'), $remember);

			}
			if($login) {
				Redirect::to('/account/dashboard');
			} else {  
				$tryagain = '<span class="signinpanel">' . "The information you entered did not match our records.<br>Please try again." . '</span>';  
				}

		} else { 
			foreach($validation->errors() as $error) { 
				echo $error, '<br>'; 
			} 
		} 
	} 


The info is sent to the users file.

public function login($username = null, $password = null, $remember = false) {
		
		if(!$username && !$password && $this->exists()) {
			Session::put($this->_sessionName, $this->data()->id);
		} else {
			$user = $this->find($username);
		
			if($user) {
				if($this->data()->password === Hash::make($password, $this->data()->salt)) {
				//if(Auth::check($this->data()->password, $password)){
					Session::put($this->_sessionName, $this->data()->id);
					
					if($remember) {
						$hash = Hash::unique();
						$hashCheck = $this->_db->get('users_session', array('user_id', '=', $this->data()->id));
						
						if(!$hashCheck->count()) {
							$this->_db->insert('users_session', array(
								'user_id' => $this->data()->id,
								'hash' => $hash
							));
						} else {
							$hash = $hashCheck->first()->hash;
						}
						
						Cookie::put($this->_cookieName, $hash, Config::get('remember/cookie_expiry'));
					}
					return true;
				}
			}
		
		}
		return false;
	}


A cookie is then created:

class Cookie {
	public static function exists($name) {
		return (isset($_COOKIE[$name])) ? true : false;
	}
	
	public static function get($name) {
		return $_COOKIE[$name];
	}
	
	// view video 19 a little after 4 minutes to see this
	public static function put($name, $value, $expiry) {
		if(setcookie($name, $value, time() + $expiry, '/')) {
			return true;
		}
		return false;
	}
	
	public static function delete($name) {
		self::put($name, '', time() - 1);
	}
}


Then on my index page, I am calling the init file. This should check and see that I have the session/cookie and log me in, right? What I mean by this is redirect me to the portion of the website that you need a credentials for.

Any help or clarification would be appreciated.

Is This A Good Question/Topic? 0
  • +

Replies To: Cookie based automatic login

#2 pfar54   User is offline

  • D.I.C Regular

Reputation: 0
  • View blog
  • Posts: 473
  • Joined: 30-April 15

Re: Cookie based automatic login

Posted 04 January 2018 - 06:21 AM

Anyone have any ideas about this?
Was This Post Helpful? 0
  • +
  • -

#3 andrewsw   User is online

  • Bouncy!
  • member icon

Reputation: 6562
  • View blog
  • Posts: 26,615
  • Joined: 12-December 12

Re: Cookie based automatic login

Posted 04 January 2018 - 07:11 AM

You have a lot of code there, what does it do and what does it not do? Are there errors? What debugging steps have you taken? Whereabouts in that code do you think the problems lie?

Currently, your question is vague.
Was This Post Helpful? 0
  • +
  • -

#4 no2pencil   User is offline

  • Professor Snuggly Pants
  • member icon

Reputation: 6644
  • View blog
  • Posts: 30,937
  • Joined: 10-May 07

Re: Cookie based automatic login

Posted 04 January 2018 - 07:16 AM

I wouldn't base authentication on a cookie, seems insecure. If you want automation, I would instead look to ajax & POST array element values. You should never store anything in client visible code that even has a wiff of authentication values.

But that's just me.
Was This Post Helpful? 0
  • +
  • -

#5 pfar54   User is offline

  • D.I.C Regular

Reputation: 0
  • View blog
  • Posts: 473
  • Joined: 30-April 15

Re: Cookie based automatic login

Posted 04 January 2018 - 07:26 AM

View Postandrewsw, on 04 January 2018 - 07:11 AM, said:

You have a lot of code there, what does it do and what does it not do? Are there errors? What debugging steps have you taken? Whereabouts in that code do you think the problems lie?

Currently, your question is vague.


Right now, the session is being sent to the database if they click 'Remember me', so this part of it works. The cookie part is where I am unsure if anything is being stored. I am unsure of how to debug cookie data to see what is wrong. Where would you recommend to start debugging at?

Sorry that this is so vague. I am working on this project in order to learn more about this framework and learn more about php.
Was This Post Helpful? 0
  • +
  • -

#6 andrewsw   User is online

  • Bouncy!
  • member icon

Reputation: 6562
  • View blog
  • Posts: 26,615
  • Joined: 12-December 12

Re: Cookie based automatic login

Posted 04 January 2018 - 07:29 AM

You can check cookie values from your browser.
Was This Post Helpful? 0
  • +
  • -

#7 pfar54   User is offline

  • D.I.C Regular

Reputation: 0
  • View blog
  • Posts: 473
  • Joined: 30-April 15

Re: Cookie based automatic login

Posted 04 January 2018 - 07:34 AM

Ok, just checked. There are no cookies stored in my browser.
Was This Post Helpful? 0
  • +
  • -

#8 pfar54   User is offline

  • D.I.C Regular

Reputation: 0
  • View blog
  • Posts: 473
  • Joined: 30-April 15

Re: Cookie based automatic login

Posted 06 January 2018 - 10:36 AM

Does anyone see anything that could cause the cookie to not be created?
Was This Post Helpful? 0
  • +
  • -

#9 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2041
  • View blog
  • Posts: 6,263
  • Joined: 15-January 14

Re: Cookie based automatic login

Posted 08 January 2018 - 10:13 AM

Sure, there are all kinds of if statements before you set the cookie, for one. Start with basic debugging, add some output to tell you where the code is going and what it's doing. Print the variables it's working with. When you set a cookie, for example, print all of the data you're sending to setcookie to verify. And if you're testing this on localhost, it's probably best to use an online server instead of a local one for testing cookies.
Was This Post Helpful? 0
  • +
  • -

#10 pfar54   User is offline

  • D.I.C Regular

Reputation: 0
  • View blog
  • Posts: 473
  • Joined: 30-April 15

Re: Cookie based automatic login

Posted 10 January 2018 - 07:47 PM

Thank you.

Some findings. I added a simple echo to check if the cookie existed in the init file. The else statement was running.

if(Cookie::exists(Config::get('remember/cookie_name')) && !Session::exists(Config::get('session/session_name'))) {
		$hash = Cookie::get(Config::get('remember/cookie_name'));
		$hashCheck = DB::getInstance()->get('users_session', array('hash', '=', $hash));
		echo "Cookie exists";
		if($hashCheck->count()) {
			$user = new User($hashCheck->first()->user_id);
			$user->login();
		}
	} else {
		echo "Cookie does NOT exist";
	}


Then when the user signs in and clicks "Remember Me", which is supposed to generate the cookie, I added the following after the code checks if the user exists and passes validation:

The var_dump outputs "hash" for $cookieName.

if($validation->passed()) { 
			$user = new User();
			$cookieName = Config::get('remember/cookie_name');
			var_dump("Dumping" . $cookieName);



Some more of the user file:
public function exists() {
		return (!empty($this->_data)) ? true : false;
	}
	
	
	public function data() {
		return $this->_data;
	}
	public function isLoggedIn() {
		return $this->_isLoggedIn;
	}

Was This Post Helpful? 0
  • +
  • -

#11 pfar54   User is offline

  • D.I.C Regular

Reputation: 0
  • View blog
  • Posts: 473
  • Joined: 30-April 15

Re: Cookie based automatic login

Posted 20 January 2018 - 10:58 AM

Does any of this information help? I'm not sure what to check next.
Was This Post Helpful? 0
  • +
  • -

#12 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2041
  • View blog
  • Posts: 6,263
  • Joined: 15-January 14

Re: Cookie based automatic login

Posted 22 January 2018 - 04:09 PM

What about the parameters you're passing to setcookie? If the cookie isn't getting set then start with the place where you actually set it and work backwards from there.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1