Log in

View Full Version : A PHP Session query :S?


LMS16
20-10-2010, 09:34 AM
Hi,

My minds gone blank, how would I set sessions and ensure the user will be logged in until either their password changed or some other stuff I set had changed.

Would I have to set a cookie with a random string assigned to that user and set the session automatically? :S

Im confused... All I want is it to be abit like vbulletin where it keeps you logged in,...

Thanks +REP for help.

Thanks, Lew.
Dentafrice
23-10-2010, 09:24 PM
vBulletin sets a "remember me" cookie if I remember correctly. It has a special "key" in it that is located in the database.

Everytime your user logs in, update their column: key in the users table with say an MD5 hash of the time + their user ID.

Then on your check login method, if they're determined not logged in... check the cookie.. if the cookie contents matches the secret key in the database, treat it as a username + password correct and log them in.
LMS16
23-10-2010, 10:08 PM
vBulletin sets a "remember me" cookie if I remember correctly. It has a special "key" in it that is located in the database.

Everytime your user logs in, update their column: key in the users table with say an MD5 hash of the time + their user ID.

Then on your check login method, if they're determined not logged in... check the cookie.. if the cookie contents matches the secret key in the database, treat it as a username + password correct and log them in.

That what I thought of eventually, although I havent had time to work on my script, I still need to work on it as it throws up a couple of errors :P

Lew.
Dentafrice
24-10-2010, 01:05 AM
One thing most people don't think of is cleaning the input from the cookie :)
LMS16
25-10-2010, 09:29 AM
Another thing I didnt think of is using time() as the md5 hashed token. Cos the value would change by the time it had set the cookie, took me ages to find out why it wouldnt work :P Now, I'm using a random string :)

Lew.
Dentafrice
25-10-2010, 08:16 PM
You could use time to set the cookie...



$random_string = md5(time());
// set cookie stuff here //
setcookie("userhash", $random_string, time() + 2592000); // expires after 30 days.
LMS16
26-10-2010, 12:48 PM
You could use time to set the cookie...



$random_string = md5(time());
// set cookie stuff here //
setcookie("userhash", $random_string, time() + 2592000); // expires after 30 days.


But wouldnt that change if it executed twice or something :P I havent had a play with it yet soo... :P

Lew.
Dentafrice
29-10-2010, 01:55 AM
Why would it need to be executed twice? Remember this cookie is only set on login... not every check_user..

Want to hide these adverts? Register an account for free!