SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Sep 2003
    Location
    cleveland
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Session / Cookie Woes

    I'm having a bit of trouble using cookies to store session variables. The idea is to have the user login, with an option to set a cookie remembering that users name so they dont have to log in again the next time they visit the site.

    Everything seems to work fine until I close my browser window and reload the page, then my cookie variable isnt being reassigned to the $_session variable.

    It's my first time working with sessions, so I'm sure it is some silly error, but I can't seem to track it down.

    PHP Code:
    <?
    function auth_login($username,$password,$remember='') {
    if(!isset(
    $_SESSION['$auth_username'])){
    $password stripslashes(md5($password)); 
    $username stripslashes(strtolower($username));
    $query "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $sql mysql_query($query); 
    $login_check mysql_num_rows($sql); 

    if(
    $login_check 0){ 
    $row mysql_fetch_array($sql);
    $_SESSION['auth_username'] = $row["username"];
    $_SESSION['auth_userlevel'] = $row["userlevel"];
        if(
    $remember){
        
    SetCookie("auth_cookie",$auth_username,time()+31536000);
        }
    return 
    true;

    } else { return 
    false; } 
    }

    function 
    auth_isremembered() {
    if(!isset(
    $_SESSION['$auth_username'])){
        if(
    $auth_cookie){
        
    $_SESSION['auth_username'] = $auth_cookie;
        
    $query "SELECT userlevel FROM users WHERE username='$auth_username'";
        
    $sql mysql_query($query); 
        
    $row mysql_fetch_array($sql);
        
    $_SESSION['auth_userlevel'] = $row["userlevel"];
        return 
    true;
        }
        else {
        return 
    false;
        }
    }
    }
    ?>
    As my test of the functions, I'm doign this:

    PHP Code:
    <?
    session_start
    ();
    conn();
    if (
    auth_isremembered()) {
    echo (
    "auth_isremembered : $auth_username / $auth_userlevel<br><br>");
    exit;
    }

    if (
    auth_login("jason","jason","1")) {
    echo (
    "auth_login : $auth_username / $auth_userlevel<br><br>");
    } else {
        echo 
    "login failed";
    }
    ?>

    What am I doing wrong here?

  2. #2
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First, where does $auth_cookie come from and second, given your application I could easily login as every user. I would simply have to create a cookie with the username of the user in it. You'd better store the username and the md5'ed password in cookies and do a full permission check.

  3. #3
    SitePoint Member
    Join Date
    Sep 2003
    Location
    cleveland
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $auth_cookie is the cookie that gets set once the user/pass is validated against the submited variables. It contains the users login name. (Additionally a cookie will now be set storing the md5 of the password, I can't believe that didnt occur to me)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •