Okay I'll look at that.
What about switching to setting the password in md5 format in the cookie
rather then a regular id. I might not call the cookie password but to me in
thinking about it seems like the same thing as setting a random id and then
saving the random id in the db.
On 4/4/06, Dan McCullough <dan.mccullough@xxxxxxxxx> wrote:
>
> hey Dallas,
>
> have you thought about breaking this up and making two seperate
> functions one the checks the cookie and one that checks the session
> information? I'm not sure if that is what you were looking for as far
> as an answer but it might be a good start.
>
> On 4/4/06, Dallas Cahker <christmasfruitcake@xxxxxxxxx> wrote:
> > I've been looking at this code for a few hours now and I get the nagging
> > feeling that I am overcomplicating something, something I never ever
> do. I
> > have a login that puts some information on the session, and if the
> customer
> > wants they can ask to be remembered, the cookie is given the customers
> user
> > name and another cookie stores a unique id, similar to a password I
> could do
> > the password in a cookie as its md5 encrypted, but I went with an a
> unique
> > id which is store in the user db.
> >
> > Anyway here is what I am trying to do with the code below. The
> authorized
> > user section requires 4 pieces of information, userid, password,
> username
> > and user level, a person who logs in each time gets that information
> > assigned to their session, that part works *knock on wood*
> perfectly. When
> > a customer says "remember me" they go away and come back a while later
> they
> > are remembered, so that part works perfectly, however I need to get the
> > persons information and put that on the session, however I would like
> the
> > function to behave in such a way as to not overwrite the information
> each
> > time the page load. So for example the cookie is read the information
> is
> > valid, the query to the db, the information set to the session. You
> might
> > wonder why I dont set the userlevel to the cookie, well I dont want
> someone
> > changing the value of a cookie and getting admin access, which reminds
> me I
> > should add that as a check.
> > Thats about it. getCookieInfo() the function inside the checkLogin
> function
> > just looks up the information for the cookie in the db. I know that
> someone
> > is going to say something really simple that I am going to slap my
> forehead
> > over, I would like to thank that person before hand.
> >
> > function checkLogin () {
> > /* Check if user has been remembered */
> > if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])) {
> > if (!isset($_SESSION['name']) && !isset($_SESSION['id']) &&
> > !isset($_SESSION['level']) && !isset($_SESSION['password'])) {
> > $cookieInfo=getCookieInfo($_COOKIE['cookname'], $_COOKIE['cookid']);
> > if ($cookieInfo==0) {
> > return 0;
> > }
> > if ($cookieInfo==1) {
> > setcookie("cookname", "", time()-60*60*24*100, "/");
> > setcookie("cookid", "", time()-60*60*24*100, "/");
> > return 1;
> > }
> > if ($cookieInfo==2) {
> > setcookie("cookname", "", time()-60*60*24*100, "/");
> > setcookie("cookid", "", time()-60*60*24*100, "/");
> > return 2;
> > }
> > }
> > }
> >
> > if (isset($_SESSION['name']) && isset($_SESSION['id']) &&
> > isset($_SESSION['level']) && isset($_SESSION['password'])) {
> > if (loginUser($_SESSION['username'], $_SESSION['password'],'') != 1) {
> > unset($_SESSION['name']);
> > unset($_SESSION['id']);
> > unset($_SESSION['level']);
> > unset($_SESSION['password']);
> > $_SESSION = array(); // reset session array
> > session_destroy(); // destroy session.
> > // incorrect information, user not logged in
> > return 0;
> > }
> > // information valid, user okay
> > return 1;
> > } else {
> > // user not logged in
> > return 2;
> > }
> > }
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
