But please do not use cookies to store a password as code! Cookies are human readable with some add-ons....
Check like this:
if someone registers, insert it into a table:
<?php
$username = mysql_real_escape_string($_POST["username"]);
$password = md5($_POST["password"]);
mysql_query("INSERT INTO USER VALUES('" . $username . "','" . $password . "')");
header('location: register_success.php');
?>
Then, if someone wants to log in, use like this:
<?php
$username = mysql_real_escape_string($_POST["username"]);
$password = md5($_POST["password"]);
$sel = "SELECT * FROM USER WHERE USERNAME = '" . $username . "' AND PASSWORD = '" . $password . "'";
$unf = mysql_query($sel);
$count = mysql_num_rows($unf);
if ($count == 1) {
header('location: login_success.php');
}
else {
echo "Login not successful!";
}
?>
If you want to store something into cookies, use a name which is not good understandable, like a shortcut for a logical sentense:
Titcftmws ("This is the cookie for the main webSite") or something ^^
In there, you can save username and password, but PLEASE save the password at least md5()-encryptet, so not everyone can save it.
Now you can check like this:
<?php
if ($_COOKIE['Titcftmws'] == mysql_real_escape_string($_POST["username"]) . "|" . md5($_POST["password"])) {
//in the cookie is for the user with username 'jack' and password 'test' this value: "jack|098f6bcd4621d373cade4e832627b4f6"
echo "you are logged in";
}
else {
echo "not logged in!";
}
?>
This is as far as I know a quite high level of security, in comparisions with other ways.
Regs, Flo
> From: midhungirish@xxxxxxxxx
> Date: Fri, 5 Aug 2011 08:20:11 +0530
> To: wilprim@xxxxxx
> CC: php-general@xxxxxxxxxxxxx
> Subject: Re: saving sessions
>
> On Sat, Aug 6, 2011 at 7:56 AM, wil prim <wilprim@xxxxxx> wrote:
>
> > Hello, im new to the whole storing sessions thing and I really dont know
> > how to ask this question, but here it goes. So on my site when someone logs
> > in the login.php file checks for a the username and password in the table i
> > created, then if it finds a match it will store a $_SESSION [] variable. To
> > be exact the code is as follows:
> > if ($count=='1')
> > {
> > session_start();
> > $_SESSION['user']=$user; // $user is the $_POST['user'] from the login
> > form
> > header('location: login_success.php');
> > }
> >
> > Now what i would like to know is how do i make my website save new changes
> > the user made while in their account?
> >
> > thanks!
> >
> >
>
> You will have to store the user account related data in the database for
> persistence.... Or if the site not having a 'user account system' you may
> use cookies to store the settings...
>
>
>
> Midhun Girish
