A PHP Session query :S?

LMS16 · 20-10-2010, 09:34 AM

Hi,

My minds gone blank, how would I set sessions and ensure the user will be logged in until either their password changed or some other stuff I set had changed.

Would I have to set a cookie with a random string assigned to that user and set the session automatically? :S

Im confused... All I want is it to be abit like vbulletin where it keeps you logged in,...

Thanks +REP for help.

Thanks, Lew.

Dentafrice · 23-10-2010, 09:24 PM

vBulletin sets a "remember me" cookie if I remember correctly. It has a special "key" in it that is located in the database.

Everytime your user logs in, update their column: key in the users table with say an MD5 hash of the time + their user ID.

Then on your check login method, if they're determined not logged in... check the cookie.. if the cookie contents matches the secret key in the database, treat it as a username + password correct and log them in.

LMS16 · 23-10-2010, 10:08 PM

Originally Posted by Dentafrice

vBulletin sets a "remember me" cookie if I remember correctly. It has a special "key" in it that is located in the database.

Everytime your user logs in, update their column: key in the users table with say an MD5 hash of the time + their user ID.

Then on your check login method, if they're determined not logged in... check the cookie.. if the cookie contents matches the secret key in the database, treat it as a username + password correct and log them in.

That what I thought of eventually, although I havent had time to work on my script, I still need to work on it as it throws up a couple of errors

Lew.

Dentafrice · 24-10-2010, 01:05 AM

One thing most people don't think of is cleaning the input from the cookie

LMS16 · 25-10-2010, 09:29 AM

Another thing I didnt think of is using time() as the md5 hashed token. Cos the value would change by the time it had set the cookie, took me ages to find out why it wouldnt work

Now, I'm using a random string

Lew.

Dentafrice · 25-10-2010, 08:16 PM

You could use time to set the cookie...

PHP Code:


$random_string = md5(time());
// set cookie stuff here  //
setcookie("userhash", $random_string, time() + 2592000); // expires after 30 days.

LMS16 · 26-10-2010, 12:48 PM

Originally Posted by Dentafrice

You could use time to set the cookie...

PHP Code:


$random_string = md5(time());
// set cookie stuff here  //
setcookie("userhash", $random_string, time() + 2592000); // expires after 30 days.

But wouldnt that change if it executed twice or something

I havent had a play with it yet soo...

Lew.

Dentafrice · 29-10-2010, 01:55 AM

Why would it need to be executed twice? Remember this cookie is only set on login... not every check_user..

Thread: A PHP Session query :S?

Thread Tools

A PHP Session query :S?

Posting Permissions