First off, cookie documentation: http://www.php.net/manual/en/function.setcookie.php Second, since you store your info in the DB, it might be easier and more scalable to use a "$user" object which contains everything about the user: userID, username, email, etc. for quick reference: $user = mysql_fetch_object($result); $user->id is now (ie) 37. $user->username is now Seabird $user->password is now superman Now register the user variable to the session: session_start(); // will start the session unless it is already started somewhere else session_register("user"); // note, no dollar sign! Now if you have register_globals on, $user will be defined globally. If not, $GLOBALS[user]->username or $_SESSION[user]->username will work. Now go add a column to your user table called "login_cookie." Do something funky like $cookie_string = md5($user->username.$user->email.date("r")); $x = mysql_query("update user set login_cookie='{$cookie_string}' where id=$user->id"); Then $encID = rot13(base64_encode($user->id)). $cookie_contents = "$encID|$cookie_string"; setcookie("MYcookie_string", $cookie_contents, 1399999999); // fix that expire date to whatever you want, 3 days, 6 months When the user comes to any page of the site: if (!empty($_COOKIE[MYcookie_string])) { list($encid, $str) = split("|",$_COOKIE[MYcookie_string]); $realid = rot13(base64_decode($encid)); $x = mysql_query("select * from users where login_cookie='{$str}' and id={$realid}"); if (mysql_num_rows($x) == 1) { $user = mysql_fetch_object($x); session_register("user"); } else { // delete the cookie, it's bad setcookie("MYcookie_string",""); } } Now if their cookie string and their user ID matches what you have in the DB, then you log them in via sessions. If not, you do nothing. Peter On Tue, 29 Oct 2002, Seabird wrote: > Hi everyone, > > I created a login on my page that handles with a session. I also would like > to add a cookie so that people don't have to sign in every time they visit > my page, but I have no clue how to create it. Is there anyone out there > willing to help? > > my login script: > > <?php > if(isset($_POST['submit'])) { // if form has been submitted > /* check they filled in what they were supposed to and authenticate */ > if(!$_POST['uname'] | !$_POST['passwd']) { > print '<form action="index.php" method="post"> > <div align="left"> > <input class="test" name="uname" type="text" size="8" > maxlength="8"> > <input class="test" type="password" size="8" maxlength="8" > name="passwd"> > <input name="submit" type="submit" value="Login"> > <br> > <span class="welcome">please fill in the required > fields.</span></div> > </form> > '; > } > // authenticate. > if(!get_magic_quotes_gpc()) { > $_POST['uname'] = addslashes($_POST['uname']); > } > $check = $db_object->query("SELECT username, password FROM users WHERE > username = '".$_POST['uname']."'"); > if(DB::isError($check)) { > print '<form action="index.php" method="post"> > <div align="left"> > <input class="test" name="uname" type="text" size="8" > maxlength="8"> > <input class="test" type="password" size="8" maxlength="8" > name="passwd"> > <input name="submit" type="submit" value="Login"> > <br> > <span class="welcome">username doesn\'t exist.</span> <a > class="header" > href="javascript:loadPage(\'mainlayer\',null,\'login/signup.php\')">sign up > here</a></div> > </form> > '; > } > $info = $check->fetchRow(); > // check passwords match > $_POST['passwd'] = stripslashes($_POST['passwd']); > $info['password'] = stripslashes($info['password']); > $_POST['passwd'] = md5($_POST['passwd']); > if($_POST['passwd'] != $info['password']) { > print '<form action="index.php" method="post"> > <div align="left"> > <input class="test" name="uname" type="text" size="8" > maxlength="8"> > <input class="test" type="password" size="8" maxlength="8" > name="passwd"> > <input name="submit" type="submit" value="Login"> > <br> > <span class="welcome">wrong password, try again</span></div> > </form> > '; > } > > // if we get here username and password are correct, register session > variables and set > // last login time. > $date = date('m d, Y'); > $update_login = $db_object->query("UPDATE users SET last_login = '$date' > WHERE username = '".$_POST['uname']."'"); > $_POST['uname'] = stripslashes($_POST['uname']); > $_SESSION['username'] = $_POST['uname']; > $_SESSION['password'] = $_POST['passwd']; > $db_object->disconnect(); > ?> > <span class="welcome">Welcome<br>You are logged in as: > <?=$_SESSION['username']?> > </span> > <?php > } > else { // if form hasn't been submitted > ?> > <form action="index.php" method="post"> > <div align="left"> > <input class="test" name="uname" type="text" size="8" > maxlength="8"> > <input class="test" type="password" size="8" maxlength="8" > name="passwd"> > <input name="submit" type="submit" value="Login"> > <br> > <a class="header" > href="javascript:loadPage('mainlayer',null,'login/signup.php')">sign up > here</a> </div> > </form> > <?php > } > ?> > > I use a MySQL DB to store user-info. > Jacco > > ps (if this is the wrong forum to ask this, then let me know and I'll post > it elsewhere. > > -- > http://seabird.jmtech.ca > > Attitude is Everything! > But Remember, Attitudes are Contagious! > Is Yours worth Catching???? > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > --------------------------------------------------------------------------- Peter Beckman Systems Engineer, Fairfax Cable Access Corporation beckman@purplecow.com http://www.purplecow.com/ --------------------------------------------------------------------------- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
