Jump to content

cookie handling in login script

paulus4605

By paulus4605
in PHP Coding Help

 Share

Recommended Posts

paulus4605 Newbie

paulus4605

Posted
Posted

Hi

I have a login script that allows the user to store info into a cookie if he doesn't want to be bothered by entering is password and other login credentials.

 

however I read somewhere that's not smart to leave a cookie with your pass on your pc.

Therefore I want to ask your opionion on how to adapt the below mentioned script so that's safe to store delicate information in a cookie

 

<?php

include("config.php");



if(isset($_SESSION['user_id'])) {

// Inloggen correct, updaten laatst actief in db

$sql = "UPDATE gebruikers SET lastactive=NOW() WHERE id='".$_SESSION['user_id']."'";

mysql_query($sql);

}else{

if(isset($_COOKIE['user_id'])) {

  $sql = "SELECT wachtwoord,status FROM gebruikers WHERE id='".$_COOKIE['user_id']."'";

  $query = mysql_query($sql);

  $rij = mysql_fetch_object($query);

  $dbpass = htmlspecialchars($rij->wachtwoord);

  $dbstatus = htmlspecialchars($rij->status);

  if($dbpass == $_COOKIE['user_password']) {

   $_SESSION['user_id'] = $_COOKIE['user_id'];

   $_SESSION['user_status'] = $dbstatus;

  }else{

   setcookie("user_id", "", time() - 3600);

   setcookie("user_password", "", time() - 3600);

   echo "Cookies incorrect. Cookies verwijderd.";

   header("Location: inloggen.php");

  }

}else{

  header("Location: inloggen.php");

}

}

?>

this is the concerning table

 

CREATE TABLE IF NOT EXISTS `gebruikers` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `naam` varchar(50) NOT NULL DEFAULT '',
  `wachtwoord` varchar(50) NOT NULL DEFAULT '',
  `status` char(1) NOT NULL DEFAULT '0',
  `email` varchar(100) NOT NULL DEFAULT '',
  `actief` char(1) NOT NULL DEFAULT '0',
  `actcode` varchar(15) NOT NULL DEFAULT '',
  `lastactive` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=20 ;

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.