Thanks makes it alot easier to follow.
On 4/4/06, Dallas Cahker <christmasfruitcake@xxxxxxxxx> wrote:
>
> Okay I'll look at that.
>
> What about switching to setting the password in md5 format in the cookie
> rather then a regular id. I might not call the cookie password but to me in
> thinking about it seems like the same thing as setting a random id and then
> saving the random id in the db.
>
>
> On 4/4/06, Dan McCullough <dan.mccullough@xxxxxxxxx> wrote:
> >
> > hey Dallas,
> >
> > have you thought about breaking this up and making two seperate
> > functions one the checks the cookie and one that checks the session
> > information? I'm not sure if that is what you were looking for as far
> > as an answer but it might be a good start.
> >
> > On 4/4/06, Dallas Cahker <christmasfruitcake@xxxxxxxxx> wrote:
> > > I've been looking at this code for a few hours now and I get the
> > nagging
> > > feeling that I am overcomplicating something, something I never ever
> > do. I
> > > have a login that puts some information on the session, and if the
> > customer
> > > wants they can ask to be remembered, the cookie is given the customers
> > user
> > > name and another cookie stores a unique id, similar to a password I
> > could do
> > > the password in a cookie as its md5 encrypted, but I went with an a
> > unique
> > > id which is store in the user db.
> > >
> > > Anyway here is what I am trying to do with the code below. The
> > authorized
> > > user section requires 4 pieces of information, userid, password,
> > username
> > > and user level, a person who logs in each time gets that information
> > > assigned to their session, that part works *knock on wood*
> > perfectly. When
> > > a customer says "remember me" they go away and come back a while later
> > they
> > > are remembered, so that part works perfectly, however I need to get
> > the
> > > persons information and put that on the session, however I would like
> > the
> > > function to behave in such a way as to not overwrite the information
> > each
> > > time the page load. So for example the cookie is read the information
> > is
> > > valid, the query to the db, the information set to the session. You
> > might
> > > wonder why I dont set the userlevel to the cookie, well I dont want
> > someone
> > > changing the value of a cookie and getting admin access, which reminds
> > me I
> > > should add that as a check.
> > > Thats about it. getCookieInfo() the function inside the checkLogin
> > function
> > > just looks up the information for the cookie in the db. I know that
> > someone
> > > is going to say something really simple that I am going to slap my
> > forehead
> > > over, I would like to thank that person before hand.
> > >
> > > function checkLogin () {
> > > /* Check if user has been remembered */
> > > if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])) {
> > > if (!isset($_SESSION['name']) && !isset($_SESSION['id']) &&
> > > !isset($_SESSION['level']) && !isset($_SESSION['password'])) {
> > > $cookieInfo=getCookieInfo($_COOKIE['cookname'], $_COOKIE['cookid']);
> >
> > > if ($cookieInfo==0) {
> > > return 0;
> > > }
> > > if ($cookieInfo==1) {
> > > setcookie("cookname", "", time()-60*60*24*100, "/");
> > > setcookie("cookid", "", time()-60*60*24*100, "/");
> > > return 1;
> > > }
> > > if ($cookieInfo==2) {
> > > setcookie("cookname", "", time()-60*60*24*100, "/");
> > > setcookie("cookid", "", time()-60*60*24*100, "/");
> > > return 2;
> > > }
> > > }
> > > }
> > >
> > > if (isset($_SESSION['name']) && isset($_SESSION['id']) &&
> > > isset($_SESSION['level']) && isset($_SESSION['password'])) {
> > > if (loginUser($_SESSION['username'], $_SESSION['password'],'') != 1)
> > {
> > > unset($_SESSION['name']);
> > > unset($_SESSION['id']);
> > > unset($_SESSION['level']);
> > > unset($_SESSION['password']);
> > > $_SESSION = array(); // reset session array
> > > session_destroy(); // destroy session.
> > > // incorrect information, user not logged in
> > > return 0;
> > > }
> > > // information valid, user okay
> > > return 1;
> > > } else {
> > > // user not logged in
> > > return 2;
> > > }
> > > }
> > >
> > >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
