How to connect user with a login cookie in PHP?
First of all, I am testing on localhost. I have this index.php file which contains the following \"remember me\" checkbox:
-
reason behind your code is not working is
setcookie("rememberme", $email . "," . $key, $timenow); // this is getting expire exactly at same time when it is setreplace it with
setcookie("rememberme", $email . "," . $key, time() * 3600);//expire after 1hour讨论(0) -
There are basically two ways you can implement a login script in PHP:
- Using Sessions
- Using Cookies
I'll try to explain both uses in a raw form below, so keep in mind there is a lot more to know about each of them.
Using Sessions
Making it simple, sessions are unique and lives as long as the page is open (or until it timeouts). If your browser is closed, the same happens to the session.
How to use it?
They are pretty simple to implement. First, make sure you start sessions at the beginning of each page:
<?php session_start(); ?>Note: It's important that this call comes before of any page output, or it will result in an "headers already sent" error.
Alright, now your session is up and running. What to do next? It's quite simple: user sends it's login/password through login form, and you validate it. If the login is valid, store it to the session:
if($validLoginCredentials){ $_SESSION['user_id'] = $id; $_SESSION['user_login'] = $login; $_SESSION['user_name'] = $name; }or as an array (which I prefer):
if($validLoginCredentials){ $_SESSION['user'] = array( 'name' => $name, 'login' => 'login', 'whichever_more' => $informationYouNeedToStore ); }Ok, now your user is logged in. So how can you know/check that? Just check if the session of an user exists.
if(isset($_SESSION['user_id'])){ // OR isset($_SESSION['user']), if array // Logged In }else{ // Not logged in :( }Of course you could go further, and besides of checking if the session exists, search for the session-stored user ID in the database to validate the user. It all depends on the how much security you need.
In the simplest application, there will never exist a $_SESSION['user'] unless you set it manually in the login action. So, simply checking for it's existence tells you whether the user is logged in or not.
Loggin out: just destroy it. You could use
session_destroy();But keep in mind that this will destroy all sessions you have set up for that user. If you also used $_SESSION['foo'] and $_SESSION['bar'], those will be gone as well. In this case, just unset the specific session:
unset($_SESSION['user']);And done! User is not logged in anymore! :)
Using Cookies
Cookies works somewhat alike sessions, except they are stored in the client browser and lasts as long as you tell them to. For instance, you were using cookies "as sessions" when you were setting them to expire at $timeNow.
I usually don't like using cookies for simple logins as they require more advanced security checks. Since they are stored at users' browser, they can easily be manipulated and malicious users could generate false login information and log into your system.
How to use it?
Pretty much as you do with sessions. The difference is about setting/unsetting the cookie:
// To set a Cookie // You could use the array to store several user info in one cookie $user = array( 'id' => $id, 'name' => $name, 'login' => $login, ) setcookie("loginCredentials", $user, time() * 7200); // Expiring after 2 hours // Now to log off, just set the cookie to blank and as already expired setcookie("loginCredentials", "", time() - 3600); // "Expires" 1 hour agoTo check if a user is logged in, you can use the same example as of the session, but using a different variable: $_COOKIE
if(isset($_COOKIE['user']['id'] && !empty(isset($_COOKIE['user']['id']))){ // Logged In }else{ // Not logged in :( }Well, that's it. To remind you again, these are very simple login methods examples. You'll need to study a bit more about both methods and improve your code with some more layers of security checks depending on the security requirements of your application.
讨论(0)
加载中...
- 热议问题