Login using cookies

[khunsanuk]

Hi,

 

 

 

In order to allow both sessions and cookies, I have added an extra login page.

 

 

 

If you go to http://board.nanaplaza.com/my_login.php you can enter your username and password. Then click the 'setcookie' to set a cookie on your computer. When you next reload the page your username/password will have been entered and you can hit the login button. This will bring you to the standard login page where your info will have been filled in already. Just hit the login button and you will be logged in.

 

 

 

You can bookmark this page (the normal login page, check that it has the username / password in the URL), but I would not do this unless you are using your own computer.

 

 

 

The main risk with this option is that your username and password are visible when logging in, so DO NOT use this option if you are sharing a machine with others. So DO NOT use this in an internet cafe.

 

 

 

If you prefer to use sessions, just keep logging in like you are doing now.

 

 

 

**** UPDATE ****

 

 

 

Think1stBKK and Db_sed_Aloha have made some good comments which I will try to incorporate in a new version. So please don't use this yet, but wait until the final version is done.

 

 

 

Sanuk!

 

 

[Guest]

Some suggestions:

 

 

 

- Make the password field in the pre-login type password. In that case the password is not shown, only *******

 

- Take out the debug information if you use setcookie.

 

- Better to make from setcookie a checkbox and name it "Remember login" If you process the login button, you just check if the user checked to checkbox and store the cookie just before linking to the normal login page.

 

- Better incorporate this into the normal login page. Then you do not have to pass the values of the username and password using the URL. Very bad if someone stands behind you and looks over your shoulder. (That's why password type fields only echo * instead of the password characters)

 

 

 

 

[khunsanuk]

Hi,

 

 

 

Very good suggestions.

 

I'll try fixing this tomorrow.

 

 

 

Sanuk!

 

 

[Guest]

Post deleted by DoxyBlue

[khunsanuk]

Hi,

 

 

 

"One more: the cookie stores the password as is. Could it be encrypted?"

 

I think this should be doable. I'll check it out.

 

 

 

Sanuk!

 

 

[Guest]

Encryption will be hard, unless PHP has a build in encryptor. If you have set up your PC in a good way, other users cannot read your cookies if you're not logged in. Mostly passwords are stored unencrypted in cookies.

 

 

 

Remember, the READING of the cookie and the parsing of the vars into the value and the checkbox must be done in the login.php, the storage of the information in the cookie should be done in start_page.php because that's called as form to process the info from login.php

 

start_page.php will probably also check the username and password. It's prudent to store the info in the cookie AFTER the login has been checked.

 

 

 

(maybe better move this to Technology )

[khunsanuk]

Hi,

 

 

 

"Encryption will be hard, unless PHP has a build in encryptor."

 

It has.

 

 

 

"(maybe better move this to Technology )"

 

Yeah, guess so.

 

 

 

Sanuk!

 

 

 

 

[khunsanuk]

Hi,

 

 

 

I have just uploaded the new version, this one incorporates most of the changes requested. Only one I have not done yet is the encryption, will try to have a look at this over the weekend.

 

 

 

The current version has gotten rid of the additional page and all the stuff is now on the 'normal' login page. By checking the 'Remember login' checkbox on the login screen a cookie will be set when you login. The cookie will expire after 3 days.

 

 

 

If you return to the board within those 3 days, your username / password will have been remembered and you can login by hitting the login button. (The cookie will be refreshed.)

 

 

 

If you wish the program to stop remembering your login info, unselect the checkbox and the cookie will not be refreshed (and will thus expire in 3 days).

 

 

 

BTW, I could bypass the login screen completely if a cookie is set, but it would then not be possible anymore to 'unremember' login info. I therefore think this is the better setup.

 

 

 

I think that this should take care of most of the request / problems, however if there is anything I have overlooked, please let me know.

 

 

 

Sanuk!

 

 

[Guest]

Sorry to be difficult but:

 

 

 

When I came in for the first time, the remember login was checked. It seems better to unckeck it by default, so people in internet cafe's cannot forget to uncheck it. However, when the username and passowrd are retieved from the cookie, so the previous time the user checked the checkbox, it should be checked by default.

 

 

 

When you hit 'logout' you go to the logout page, same page as the login page. Is it wise to to it there also (the checkbox?) to prevent problems with the called page?

 

 

 

For the rest: GOOD WORK!

 

 

[khunsanuk]

Hi,

 

 

 

"When I came in for the first time, the remember login was checked. It seems better to unckeck it by default, so people in internet cafe's cannot forget to uncheck it. However, when the username and passowrd are retieved from the cookie, so the previous time the user checked the checkbox, it should be checked by default. "

 

Actually this is how I set it up. Guess I need to have another look at it.

 

 

 

"When you hit 'logout' you go to the logout page, same page as the login page. Is it wise to to it there also (the checkbox?) to prevent problems with the called page?"

 

Yeah, this is still on the wish list. The setup is slightly different here, since it also deals with people that have just registered.

 

Need to have a closer look at the code first.

 

 

 

Sanuk!