Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Sorry I am asking a question that has been asked before but in spite of reading all of them, I am still confused what to do.
What exactly I have to do to implement the remember me feature in my website I am building as my final year project. Is calling the function "setcookie()" alone sufficient?
setCookie() is all you need.
You can use it like this:
$cookie_value = 'MyUsername';
$cookie_expire = time() + 60*60*24*365;// 365 days
$cookie_path = '/';
setcookie('remember_me',$cookie_value, $cookie_expire, $cookie_path);
On the next pageload, you can fetch the remember_me cookie value with:
$_COOKIE['remember_me'];
But the 'next pageload' part is important because PHP cookies cannot be set and also read in the same browser action.
In the most simple way possible. The way I would bring this all together for demonstration for your project is have a php page with an html <form> that posts to itself.
Your filename would be something like my_form.php
inside it would be:
<?php
// If we received a username from the form, remember it for a year.
if( $_POST['username'] ):
setcookie('remember_me',$_POST['username'], time()+60*60*24*365, '/');
endif;
?>
<?php
// Display a message if the user is remembered.
if( isset($_COOKIE['remember_me']) ):
echo '<h2>Welcome back, '.$_COOKIE['remember_me'].'!</h2>';
endif;
?>
<form action="" method="post">
<input name="username" type="text" placeholder="Your Username" value="<?php echo $_COOKIE['remember_me'] ?>" required />
<button type="submit">Remember me</button>
</form>
This form submits to itself. If you see the username you just entered in the welcome message, then it is remembering you.
Very important! The setcookie() call in PHP must be the first thing in your my_form.php file. Otherwise setcookie() will not work if any output has happened to the web-browser before you call the setcookie() function.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
It is possible to hide get value from url (rozgaarexpress.com/profile.php?id=22) using .Htaccess.I want to hide ?id=22.
Then URL Looks like rozgaarexpress.com/profile.php
My first page demo.php
I am just passing this url
HTACCESS
second page profile.php
<?php
$id=$_GET['id'];
echo $id;
?>
You can't hide the ID parameter, even if you use .htaccess to achieve that. I mean you can do it but you will be able to use a single ID when accessing profile.php page which I don't think is the case you want.
You can do it by using sessions like:
demo.php
session_start();
$_SESSION['id'] = 22;
echo 'My profile';
profile.php
session_start();
echo $_SESSION['id'];
im sure you asked this question to find a way to avoiding show ID to public.
you can use session in this case like this:
<?php
session_start();
$_SESSION['session_name']=$id; // Set the value of the id you want to pass.
?>
and in profile.php page you need this:
<?php
session_start();
$id = $_SESSION['session_name'];
?>
or you can use JQuery.post to pass your data.
I would rather take the desired profile ID from the Client. This allows the end-user the option to open two different profiles from the same page:
<script type="text/javascript">
function setInputAndSubmit(input) {
var form=document.getElementById("skfrom");
var inputEl=document.getElementById("LANG");
inputEl.value = input;
form.submit();
} </script>
<form id="skfrom" name="myform" action="http://rozgaarexpress.com/profile.php" method="POST">
<div align="center">
First ID
<br>
Another ID
<br><br>
Same ID
<br><br>
You can even receive input from users and send it together with the ID.
<input type="text" size="25" value="Some other field you want visible">
<input type="hidden" id="LANG" name="Language" value="English">
</div>
</form>
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
I'm trying to make a private message system where users can have conversations with each other. Each conversation has its unique hash. I want to store the messages in my database but for some reason the value of hash gets stored as 0 instead of the number I am requesting.
<form method="post" action="exiConversations.php" id="sendMessageFooterForm">
<input type="text" name="userNewMessage" id="userMessage" placeholder="Type een bericht" />
<input type="submit" name="sendNewMessageSubmit" id="sendMessageSubmit" value="Verzend" />
<?php
if (isset($_POST['sendNewMessageSubmit'])) {
$message = $_POST['userNewMessage'];
$fromUser = $_SESSION['userID'];
$today = date("y/m/d H:i:s");
$exiHash = $_GET['hash'];
$insertNewMessage = $conn->query("INSERT INTO messages (fromuser, messagedate, message, grouphash) VALUES ('$fromUser', '$today', '$message', '$exiHash')");
}
?>
</form>
I dont know what to do anymore. It used var_dump($exiHash); which does show me the hash number I want to store but it only stores a 0.
Change your action attr in form tag.
it must me like
action="exiConversations.php?<?=$_GET['hash']?>"
but it will work only if you have current URL like ....?hash=45345345
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I have to create a website with the sole purpose of connecting to a MySQL database and displaying its information in a graphical user interface.
So far everything is working well. My problem, however, is setting up some sort of log in system to get the user's $username and $password.
While the website is being developed for LAN use I would rather not put a username and password in HTML or PHP for security reasons.
How would I go about writing code to ask the user for a password and username on my index page, have it used for all of the other pages on my site, and ultimately have it forgotten when the user closes my website? At the moment I only know HTML, CSS, and some very naive PHP.
in a nutshell:
login.php
<?php
session_start();
function hhb_tohtml($str)
{
return htmlentities($str, ENT_QUOTES | ENT_HTML401 | ENT_SUBSTITUTE | ENT_DISALLOWED, 'UTF-8', true);
}
$accounts=array(
//username =>password
'smith'=>'smell',
'admin'=>'password',
'guest'=>'guestpass'
);
if(array_key_exists('submit',$_POST)){
if(!array_key_exists('username',$_POST)){
$username='';
} else
{
$username=$_POST['username'];
}
if(!array_key_exists('password',$_POST)){
$password='';
}else {
$password=$_POST['password'];
}
if(!array_key_exists($username,$accounts)){
die('This username does not exist.');
}
if($accounts[$username]!==$password){
die('wrong password!');
}
$_SESSION['logged_in']=true;
$_SESSION['username']=$username;
die('you have logged in as: '.hhb_tohtml($username));
}
?>
<!DOCTYPE html>
<html>
<head><title></title></head>
<body>
<form action="?" method="post">
Username: <input type="text" name="username" /><br>
Password: <input type="password" name="password" /><br>
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
and in other places, like controlpanel.php:
session_start();
if(!isset($_SESSION['logged_in'])){die('you need to login first!');}
the session id will be stored in a cookie, thanks to session_start(), and the server will remember whether or not this session id is logged in.
As far as I understand you would be able to use the standard type of login using a session. There are many tutorials to show you how to achieve this and there are many different ways to get to the outcome. It all depends on your skills, level of safety and database requirements, to name a few.
You should start by having a look at a tutorial like this which makes use of a session http://www.formget.com/login-form-in-php/ this will give you the "forget password" functionality. Unless a user saves the password using their browser.
Just in case the tutorial above is not to your liking here a a few more:
http://www.homeandlearn.co.uk/php/php14p2.html
http://www.phpeasystep.com/phptu/6.html
and my personal favorite http://www.tutorialspoint.com/php/php_login_example.htm
I hope you find something to help you, if you have any issues implementing one of these examples please post a question with your code for someone to help you resolve it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have setup a 3 page php login system. first page is login.php. it loads users input to the content.php and content.php will check the username and password. if fails, it will direct the user to the loginfail.php
If i just try to open the content.php without loading login.php first. I will be directed to loginfail.php
The design is using the post method on login.php and just simply checking the $_POST value inside content.php.
Here is my question : is this a secure design for protecting the content.php file ? it seemed no one will have the access to content.php unless they load login.php and get the username and password right.
you can do all in a single page like this:
<?php
session_start();
include("../inc/db.php");
if((isset($_POST['action']))and($_POST['action']=="login")){
$qu = mysql_query("SELECT * FROM `users` WHERE `user_name`='$_POST[uname]' and `password`='$_POST[pass]' LIMIT 1;");
if(mysql_num_rows($qu)!=0){
$uobj = mysql_fetch_object($qu);
$_SESSION["user"] = 'U';
$_SESSION["username"] = $uobj->user_name;
$_SESSION["fname"] = $uobj->full_name;
$_SESSION["id"] = $uobj->uid;
header("location:index.php");
}else{
header("location:login.php?message=wrongpass");
}
}
?>
<form method=post><table border=0>
<tr><td style='width:100px;'>user name</td><td><input type=text name=uname ></td></tr>
<tr><td>pass</td><td><input type=password name=pass ></td></tr>
<tr><td colspan='2'><input type=submit name=submit value=' login ' style='width:120px;'></td></tr>
<input type='hidden' name='action' value='login'>
</table></form>
Quite safe in my opinion yes.
It's difficult to say more without seeing the code.
Now maybe you should restrain number of tries with an IP because : http://i129.photobucket.com/albums/p203/Zelinko/Motivational%20Pictures/ATXNXOTI3MHPD6FS4MOF5IZHKKPBLSVV.jpg
It really depends on how safe you want to get. Its safe enough for a small private app, or something to be used by a few people, but i wouldn't use it in a bank site.
Because you are saving the password in the content.php file directly I guess (it sounds a lot like a homework I had on my first year at the university), if someone gets access to read the file through ftp for example, you would compromise the password. Also, you could brute force the password quite easily if you don't have a blocking method.
To add a bit of security you could hash the password in a database and add a limit to the amount of failures a connection can have.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I am developing a site in PHP that allows users to sign up and enter in some information, and I would like to give each user a unique URL. When the user logs in to his profile, I want JUST the username to be passed to the URL (like www.mysite.com/profile.php?user=username) in order to rewrite it later. However, I'm using the $_POST method, and I'm concerned if I use $_GET while logging in the password will be passed to the URL as well. What should I do?
There shouldn't really be a problem doing this. You could simply use a POST method that points to a URL with a GET parameter.
So you make a POST request to:
www.mysite.com/profile.php?user={$username}
This way the user variable in the URL doesn't need to be used in the authentication.
Consider this for a simplistic example:
<form method="post" action="/profile.php?username=hasan">
<input type="text" name="username" value="hasan" />
<input type="text" name="password" value="********" />
</form>
The URL you are posting to doesn't have to be hard coded either - you could always dynamically add the user name before submitting the form.
On the link to or redirection you can add
Link to the profile
and after you read it (in php file) with $_GET['user']
Since the authentication presumably happens in a separate script, e.g. login.php, it's just a matter of appending the username to the profile URL when redirecting upon successful login.
header('Location: profile.php?username='.$username);
Lix's answer is best and is what you should be doing, but assuming you don't have a login.php and for some strange reason want to go straight to profile.php?user to login, you can use this javascript:
<script type="text/javascript">
$(document).ready(function() {
$("#theForm").submit(function() {
$(this).attr("action", $(this).attr("action") + $("#usernameInput").val());
return true;
});
});
</script>
And your form looks something like:
<form action="http://www.mysite.com/profile.php?user=" method="post" id="theForm">
<input type="text" name="usernameInput" id="usernameInput">
<input type="password" name="passwordInput" id="passwordInput">
<input type="submit" name="submit" value="Login">
</form>
And then your action will change to the inputted username upon submit. But still, you should have an intermediary login.php that redirects to profile.php?user.