SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Thread: Authenticating users with MySQL & cookies

  1. Oct 15, 2003 17:08 #1
    rrreview
    rrreview is offline
    SitePoint Zealot rrreview's Avatar
    Join Date
    Jul 2002
    Posts
    117
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Authenticating users with MySQL & cookies

    Basic question here.

    I have a MySQL database full of usernames, passwords, and ID's. To log in, they use a form that checks data in the database, and if it matches, it sets 2 cookies - clanid set to their ID, and clanname set to their name. Theoretically, to check to see if they're logged in or not, all I would need to do is either have an !isset($cookie) code at the top of every restricted page.

    Anyways, here's my question...if you delete a user, but they still have the cookie on their computer, how would I keep that user from being able to access the restricted areas? I'm thinking maybe add a "restricted" setting to the table, and when the user accesses the site, it checks the database with their user id to see if restricted=1 or something, and deletes their cookie, then deletes their info from the database.

    I'd appreciate any help.
  2. Oct 16, 2003 02:41 #2
    frezno
    frezno is offline
    does not play well with others frezno's Avatar
    Join Date
    Jan 2003
    Location
    Munich, Germany
    Posts
    1,391
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If in the cookie a session id is included you only have to check whether the session id in the cookie equals the current session id; session cookies
    We are the Borg. Resistance is futile. Prepare to be assimilated.
    I'm Pentium of Borg.Division is futile.Prepare to be approximated.
  3. Oct 16, 2003 07:18 #3
    Gaheris
    Gaheris is offline
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How about changing your "is-logged-in" part, instead of just looking for a cookie you could try to log in with the data in the cookies (userid & hashed password).
  4. Oct 16, 2003 13:18 #4
    rrreview
    rrreview is offline
    SitePoint Zealot rrreview's Avatar
    Join Date
    Jul 2002
    Posts
    117
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by frezno
    If in the cookie a session id is included you only have to check whether the session id in the cookie equals the current session id; session cookies
    Wouldn't that defeat the whole purpose of having cookies in the first place? If this were the case, wouldn't it be better if I switched over to sessions instead of cookies?
  5. Oct 16, 2003 13:22 #5
    boccio
    boccio is offline
    ko pročita magarac :) boccio's Avatar
    Join Date
    Oct 2003
    Location
    belgrade
    Posts
    354
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    why don't you set your cookie to expire after 24 or 48 hrs?

    stay good
    Vivvo CMS - Web publishing at your fingertips
    Mile voli disko, a ja belo kolumbijsko
  6. Oct 17, 2003 02:48 #6
    frezno
    frezno is offline
    does not play well with others frezno's Avatar
    Join Date
    Jan 2003
    Location
    Munich, Germany
    Posts
    1,391
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rrreview
    Wouldn't that defeat the whole purpose of having cookies in the first place? If this were the case, wouldn't it be better if I switched over to sessions instead of cookies?
    Cookies are not unsafe as such, since they were on your machine and not at the server or whereever else.

    Of course, sessions are always the better choice.
    You shouldn't rely just on cookies. You can set expiration time of cookie to the past thus they were deleted immediately after use.
    We are the Borg. Resistance is futile. Prepare to be assimilated.
    I'm Pentium of Borg.Division is futile.Prepare to be approximated.
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules