I've been looking at this code for a few hours now and I get the nagging
feeling that I am overcomplicating something, something I never ever do. I
have a login that puts some information on the session, and if the customer
wants they can ask to be remembered, the cookie is given the customers user
name and another cookie stores a unique id, similar to a password I could do
the password in a cookie as its md5 encrypted, but I went with an a unique
id which is store in the user db.
Anyway here is what I am trying to do with the code below. The authorized
user section requires 4 pieces of information, userid, password, username
and user level, a person who logs in each time gets that information
assigned to their session, that part works *knock on wood* perfectly. When
a customer says "remember me" they go away and come back a while later they
are remembered, so that part works perfectly, however I need to get the
persons information and put that on the session, however I would like the
function to behave in such a way as to not overwrite the information each
time the page load. So for example the cookie is read the information is
valid, the query to the db, the information set to the session. You might
wonder why I dont set the userlevel to the cookie, well I dont want someone
changing the value of a cookie and getting admin access, which reminds me I
should add that as a check.
Thats about it. getCookieInfo() the function inside the checkLogin function
just looks up the information for the cookie in the db. I know that someone
is going to say something really simple that I am going to slap my forehead
over, I would like to thank that person before hand.
function checkLogin () {
/* Check if user has been remembered */
if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])) {
if (!isset($_SESSION['name']) && !isset($_SESSION['id']) &&
!isset($_SESSION['level']) && !isset($_SESSION['password'])) {
$cookieInfo=getCookieInfo($_COOKIE['cookname'], $_COOKIE['cookid']);
if ($cookieInfo==0) {
return 0;
}
if ($cookieInfo==1) {
setcookie("cookname", "", time()-60*60*24*100, "/");
setcookie("cookid", "", time()-60*60*24*100, "/");
return 1;
}
if ($cookieInfo==2) {
setcookie("cookname", "", time()-60*60*24*100, "/");
setcookie("cookid", "", time()-60*60*24*100, "/");
return 2;
}
}
}
if (isset($_SESSION['name']) && isset($_SESSION['id']) &&
isset($_SESSION['level']) && isset($_SESSION['password'])) {
if (loginUser($_SESSION['username'], $_SESSION['password'],'') != 1) {
unset($_SESSION['name']);
unset($_SESSION['id']);
unset($_SESSION['level']);
unset($_SESSION['password']);
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
// incorrect information, user not logged in
return 0;
}
// information valid, user okay
return 1;
} else {
// user not logged in
return 2;
}
}
