SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Evangelist
    Join Date
    Feb 2000
    Location
    England
    Posts
    568
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    one more session and cookie question!

    Have done a lot of reading and learnt a lot about cookies and sessions but looking for one more bit of help.

    I only want to store the username and password in session (or cookie) because i am going to be doing a query on the user table anyway. The whole point of having the session is simply so that the person does not have to log in each time.

    So, i have an include filed, user.php for example. what i want to do on this is just a simple query:

    PHP Code:
    // get the user data
    $db->query(
    "SELECT * FROM user where uid=$uid and pwd=$pwd"
    );

    $user $db->row_array() 
    this will be included on every page. All i want to know is the easiest way for $uid and $pwd do be passed from one page to another. If i don't have to use sessions (and make it php3 compatible, that would be an advantage).

    - the other thing is that if $uid and $pwd do not match that is fine and the script will work (person in unregistered mode) but i don't want the user to be able to override the script using a $uid thing.

    The easiest way i can think of doing this is:

    1. Login script - ask for username/password
    2. Check database to see if these match
    3. If they do, set a cookie with username/password
    4. On every page, use the script at the top to check username and password.

    This seems very easy, both to code and also because it only needs php3. My only worry is that storing the password in a cookie is not a great idea. However i can't think of another way of doing it without risk of spooking?

    Would it be possible to just store $uid in a cookie and then use the cookies array (i forgot what it is). I would then know that the $uid must be in a cookie and the only way it could get there is from login.php. Is this secure?

    thanks, sorry for being long winded.

  2. #2
    SitePoint Evangelist
    Join Date
    Feb 2000
    Location
    England
    Posts
    568
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    p.s., i understand the problem with doing this is the need for cookies but then sessions also need either cookies or to have a ?session= onto every link. For a number of reasons i can't do the latter so using sessions would not help those who do not accept cookies i don't think.

  3. #3
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you want to make it PHP3 compliant the easiest way is to use cookies. You can encrypt the password in the cookie to make it safer, but you will have to perform error checks to make sure that your vaiables are not coming from the query string (?$blah=me). For example, you could check that the variable $uid is not set before getting the data from the cookie.

    You can use sessions with PHP3 using phplib, but I have never tried this.

    Sean

  4. #4
    SitePoint Evangelist
    Join Date
    Feb 2000
    Location
    England
    Posts
    568
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok, i understand that. perhaps in the user table i should have

    password, encrypt_password

    initially, i check login with password but then store the cookies as encrypt password and then check against that when doing the check on every page.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •