I did not find any posts on this, so I am posting some code that allows auto-login in for users who check a 'remember me' checkbox during login. Please post any bugs, and fixes, that you find.
***
Logic of fixes
***
1. Show a 'remember me' checkbox in login form
2. If the checkbox is checked, upon successful login, the username and MD5-encrypted password values are stored in cookies
3. During login check, if cookie values are available, they are compared. If that fails, the user is taken to the login form.
***
Edit login.php inside include/forms
***
Add a table row before the last <tr... for 'submit button'
<tr>
<td style="align:right; text-align:right;">
Remember me
</td>
<td style="align:left; text-align:left;">
<input type="checkbox" name="remember_me" id="remember_me" class="input_login_form" />
</td>
</tr>
***
Replace function get_user_infos_ar_from_username_password in include/business_logic.php with this
***
function get_user_infos_ar_from_username_password($username_user, $password_user, $md5_or_not)
// $md5_or_not is used to MD5 hash password value if coming from form by POST; not if by COOKIE
{
global $conn, $users_table_name, $users_table_username_field, $users_table_password_field, $users_table_user_type_field, $quote;
if ($md5_or_not == 'md5'){$password_user = md5($password_user);} // md5 hash before comparison; not needed if from cookie
$sql = "SELECT ".$quote.$users_table_username_field.$quote.",
".$quote.$users_table_password_field.$quote.",
".$quote.$users_table_user_type_field.$quote." FROM ".$quote.$users_table_name.$quote." WHERE ".$quote.$users_table_username_field.$quote." = '".$username_user."' AND ".$quote.$users_table_password_field.$quote." = '".$password_user."'";
$res = execute_db($sql, $conn);
if (get_num_rows_db($res) === 1){
$row = fetch_row_db($res);
$user_infos_ar['username_user'] = $row[$users_table_username_field];
$user_infos_ar['password_user'] = $row[$users_table_password_field];
$user_infos_ar['user_type_user'] = $row[$users_table_user_type_field];
return $user_infos_ar;
} // end if
else {return false;}
} // end function get_user_infos_ar_from_username_password()
***
Replace cases check_login and logout in login.php with these
***
case 'check_login':
if (( $_POST['username_user'] === '' || $_POST['password_user'] === '') and (empty($_COOKIE['interface_creator_username']) or empty($_COOKIE['interface_creator_md5_password']))) {
txt_out('<p style="align:center;">'.$login_messages_ar['username_password_are_required'].'</p>', 'error_messages_form');
include 'login_form.php';
} // end if
else{
if (!empty($_COOKIE['interface_creator_username']) and !empty($_COOKIE['interface_creator_md5_password'])){
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_COOKIE['interface_creator_username'], $_COOKIE['interface_creator_md5_password'], 'non-md5');
$using_cookie = 'yes';
} // end if using cookie
else {
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user'], 'md5');
$using_cookie = 'no';
} // end else - using post
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user']);
if ( $_SESSION['logged_user_infos_ar'] !== false){
if (isset($_POST['remember_me'])){
setcookie( 'interface_creator_username', $_SESSION['logged_user_infos_ar']['username_user'], time()+1000000); //~6d
setcookie('interface_creator_md5_password', $_SESSION['logged_user_infos_ar']['password_user'], time()+1000000); //~6d
} // end if 'remember me'
header ('Location: '.$site_url.'index.php');
die();
} // end if
else{
unset($_SESSION['logged_user_infos_ar']);
if (isset($_COOKIE['interface_creator_username']) or isset($_COOKIE['interface_creator_md5_password'])){ // reset cookies
setcookie('interface_creator_username');
setcookie('interface_creator_md5_password');
} // end if
if ($using_cookie == 'no'){txt_out('<p style="align:center;">'.$login_messages_ar['incorrect_login'].'</p>', 'error_messages_form');
} // end if
include 'login_form.php';
} // end else
} // end else
break; // case 'check_login'
case 'logout':
unset($_SESSION['logged_user_infos_ar']);
if (isset($_COOKIE['interface_creator_username']) or isset($_COOKIE['interface_creator_md5_password'])){ // reset cookies
setcookie('interface_creator_username');
setcookie('interface_creator_md5_password');
} // end if
header ('Location: '.$site_url.$dadabik_login_file);
die();
break; // case 'logout'
***
Edit include/check_login.php
***
Replace the {...} after 'if ( !isset($_SESSION['logged_user_infos_ar']) )' near the top with this -
if (!empty($_COOKIE['interface_creator_md5_password'] and !empty($_COOKIE['interface_creator_username']){
$function = 'check_login';
}
else {
$function = 'show_login_form';
}
header ('Location: '.$site_url.$dadabik_login_file.'?function='.$function);
die();
***
Notes
***
The expiry times for cookies can be set to longer if you want (e.g., to 60*60*24*100 instead of 1000000 for a year).
The cookies (the names and values) will be available only inside the dadabik directory. To make them available for use in other web folders, e.g., if you integrate dadabik with phpBB, you will have to modify the setcookie statement.
I have included this feature and some other features (enabling admin-only authentication, proper redirects on login and logout) in the modified DaDaBik described here.
Post Edited (10-10-05 05:49)
***
Logic of fixes
***
1. Show a 'remember me' checkbox in login form
2. If the checkbox is checked, upon successful login, the username and MD5-encrypted password values are stored in cookies
3. During login check, if cookie values are available, they are compared. If that fails, the user is taken to the login form.
***
Edit login.php inside include/forms
***
Add a table row before the last <tr... for 'submit button'
<tr>
<td style="align:right; text-align:right;">
Remember me
</td>
<td style="align:left; text-align:left;">
<input type="checkbox" name="remember_me" id="remember_me" class="input_login_form" />
</td>
</tr>
***
Replace function get_user_infos_ar_from_username_password in include/business_logic.php with this
***
function get_user_infos_ar_from_username_password($username_user, $password_user, $md5_or_not)
// $md5_or_not is used to MD5 hash password value if coming from form by POST; not if by COOKIE
{
global $conn, $users_table_name, $users_table_username_field, $users_table_password_field, $users_table_user_type_field, $quote;
if ($md5_or_not == 'md5'){$password_user = md5($password_user);} // md5 hash before comparison; not needed if from cookie
$sql = "SELECT ".$quote.$users_table_username_field.$quote.",
".$quote.$users_table_password_field.$quote.",
".$quote.$users_table_user_type_field.$quote." FROM ".$quote.$users_table_name.$quote." WHERE ".$quote.$users_table_username_field.$quote." = '".$username_user."' AND ".$quote.$users_table_password_field.$quote." = '".$password_user."'";
$res = execute_db($sql, $conn);
if (get_num_rows_db($res) === 1){
$row = fetch_row_db($res);
$user_infos_ar['username_user'] = $row[$users_table_username_field];
$user_infos_ar['password_user'] = $row[$users_table_password_field];
$user_infos_ar['user_type_user'] = $row[$users_table_user_type_field];
return $user_infos_ar;
} // end if
else {return false;}
} // end function get_user_infos_ar_from_username_password()
***
Replace cases check_login and logout in login.php with these
***
case 'check_login':
if (( $_POST['username_user'] === '' || $_POST['password_user'] === '') and (empty($_COOKIE['interface_creator_username']) or empty($_COOKIE['interface_creator_md5_password']))) {
txt_out('<p style="align:center;">'.$login_messages_ar['username_password_are_required'].'</p>', 'error_messages_form');
include 'login_form.php';
} // end if
else{
if (!empty($_COOKIE['interface_creator_username']) and !empty($_COOKIE['interface_creator_md5_password'])){
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_COOKIE['interface_creator_username'], $_COOKIE['interface_creator_md5_password'], 'non-md5');
$using_cookie = 'yes';
} // end if using cookie
else {
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user'], 'md5');
$using_cookie = 'no';
} // end else - using post
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user']);
if ( $_SESSION['logged_user_infos_ar'] !== false){
if (isset($_POST['remember_me'])){
setcookie( 'interface_creator_username', $_SESSION['logged_user_infos_ar']['username_user'], time()+1000000); //~6d
setcookie('interface_creator_md5_password', $_SESSION['logged_user_infos_ar']['password_user'], time()+1000000); //~6d
} // end if 'remember me'
header ('Location: '.$site_url.'index.php');
die();
} // end if
else{
unset($_SESSION['logged_user_infos_ar']);
if (isset($_COOKIE['interface_creator_username']) or isset($_COOKIE['interface_creator_md5_password'])){ // reset cookies
setcookie('interface_creator_username');
setcookie('interface_creator_md5_password');
} // end if
if ($using_cookie == 'no'){txt_out('<p style="align:center;">'.$login_messages_ar['incorrect_login'].'</p>', 'error_messages_form');
} // end if
include 'login_form.php';
} // end else
} // end else
break; // case 'check_login'
case 'logout':
unset($_SESSION['logged_user_infos_ar']);
if (isset($_COOKIE['interface_creator_username']) or isset($_COOKIE['interface_creator_md5_password'])){ // reset cookies
setcookie('interface_creator_username');
setcookie('interface_creator_md5_password');
} // end if
header ('Location: '.$site_url.$dadabik_login_file);
die();
break; // case 'logout'
***
Edit include/check_login.php
***
Replace the {...} after 'if ( !isset($_SESSION['logged_user_infos_ar']) )' near the top with this -
if (!empty($_COOKIE['interface_creator_md5_password'] and !empty($_COOKIE['interface_creator_username']){
$function = 'check_login';
}
else {
$function = 'show_login_form';
}
header ('Location: '.$site_url.$dadabik_login_file.'?function='.$function);
die();
***
Notes
***
The expiry times for cookies can be set to longer if you want (e.g., to 60*60*24*100 instead of 1000000 for a year).
The cookies (the names and values) will be available only inside the dadabik directory. To make them available for use in other web folders, e.g., if you integrate dadabik with phpBB, you will have to modify the setcookie statement.
I have included this feature and some other features (enabling admin-only authentication, proper redirects on login and logout) in the modified DaDaBik described here.
Post Edited (10-10-05 05:49)