Solution - Auto-login using cookies

[alpha2zee]

I did not find any posts on this, so I am posting some code that allows auto-login in for users who check a 'remember me' checkbox during login. Please post any bugs, and fixes, that you find.

***
Logic of fixes
***

1. Show a 'remember me' checkbox in login form
2. If the checkbox is checked, upon successful login, the username and MD5-encrypted password values are stored in cookies
3. During login check, if cookie values are available, they are compared. If that fails, the user is taken to the login form.

***
Edit login.php inside include/forms
***

Add a table row before the last <tr... for 'submit button'

<tr>
<td style="align:right; text-align:right;">
Remember me
</td>
<td style="align:left; text-align:left;">
<input type="checkbox" name="remember_me" id="remember_me" class="input_login_form" />
</td>
</tr>

***
Replace function get_user_infos_ar_from_username_password in include/business_logic.php with this
***

function get_user_infos_ar_from_username_password($username_user, $password_user, $md5_or_not)
// $md5_or_not is used to MD5 hash password value if coming from form by POST; not if by COOKIE
{
global $conn, $users_table_name, $users_table_username_field, $users_table_password_field, $users_table_user_type_field, $quote;
if ($md5_or_not == 'md5'){$password_user = md5($password_user);} // md5 hash before comparison; not needed if from cookie
$sql = "SELECT ".$quote.$users_table_username_field.$quote.",
".$quote.$users_table_password_field.$quote.",
".$quote.$users_table_user_type_field.$quote." FROM ".$quote.$users_table_name.$quote." WHERE ".$quote.$users_table_username_field.$quote." = '".$username_user."' AND ".$quote.$users_table_password_field.$quote." = '".$password_user."'";
$res = execute_db($sql, $conn);
if (get_num_rows_db($res) === 1){
$row = fetch_row_db($res);
$user_infos_ar['username_user'] = $row[$users_table_username_field];
$user_infos_ar['password_user'] = $row[$users_table_password_field];
$user_infos_ar['user_type_user'] = $row[$users_table_user_type_field];
return $user_infos_ar;
} // end if
else {return false;}
} // end function get_user_infos_ar_from_username_password()

***
Replace cases check_login and logout in login.php with these
***
case 'check_login':
if (( $_POST['username_user'] === '' || $_POST['password_user'] === '') and (empty($_COOKIE['interface_creator_username']) or empty($_COOKIE['interface_creator_md5_password']))) {
txt_out('<p style="align:center;">'.$login_messages_ar['username_password_are_required'].'</p>', 'error_messages_form');
include 'login_form.php';
} // end if
else{
if (!empty($_COOKIE['interface_creator_username']) and !empty($_COOKIE['interface_creator_md5_password'])){
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_COOKIE['interface_creator_username'], $_COOKIE['interface_creator_md5_password'], 'non-md5');
$using_cookie = 'yes';
} // end if using cookie
else {
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user'], 'md5');
$using_cookie = 'no';
} // end else - using post
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user']);
if ( $_SESSION['logged_user_infos_ar'] !== false){
if (isset($_POST['remember_me'])){
setcookie( 'interface_creator_username', $_SESSION['logged_user_infos_ar']['username_user'], time()+1000000); //~6d
setcookie('interface_creator_md5_password', $_SESSION['logged_user_infos_ar']['password_user'], time()+1000000); //~6d
} // end if 'remember me'
header ('Location: '.$site_url.'index.php');
die();
} // end if
else{
unset($_SESSION['logged_user_infos_ar']);
if (isset($_COOKIE['interface_creator_username']) or isset($_COOKIE['interface_creator_md5_password'])){ // reset cookies
setcookie('interface_creator_username');
setcookie('interface_creator_md5_password');
} // end if
if ($using_cookie == 'no'){txt_out('<p style="align:center;">'.$login_messages_ar['incorrect_login'].'</p>', 'error_messages_form');
} // end if
include 'login_form.php';
} // end else
} // end else
break; // case 'check_login'
case 'logout':
unset($_SESSION['logged_user_infos_ar']);
if (isset($_COOKIE['interface_creator_username']) or isset($_COOKIE['interface_creator_md5_password'])){ // reset cookies
setcookie('interface_creator_username');
setcookie('interface_creator_md5_password');
} // end if
header ('Location: '.$site_url.$dadabik_login_file);
die();
break; // case 'logout'

***
Edit include/check_login.php
***

Replace the {...} after 'if ( !isset($_SESSION['logged_user_infos_ar']) )' near the top with this -

if (!empty($_COOKIE['interface_creator_md5_password'] and !empty($_COOKIE['interface_creator_username']){
$function = 'check_login';
}
else {
$function = 'show_login_form';
}
header ('Location: '.$site_url.$dadabik_login_file.'?function='.$function);
die();

***
Notes
***

The expiry times for cookies can be set to longer if you want (e.g., to 60*60*24*100 instead of 1000000 for a year).

The cookies (the names and values) will be available only inside the dadabik directory. To make them available for use in other web folders, e.g., if you integrate dadabik with phpBB, you will have to modify the setcookie statement.

I have included this feature and some other features (enabling admin-only authentication, proper redirects on login and logout) in the modified DaDaBik described here.



Post Edited (10-10-05 05:49)

 

[DebbieS]

Wow alpha2zee! You are just going to town on the coding stuff here! Thanks for all your contribs!

 

[billthecat]

after the updates, I'm getting an error:

Parse error: syntax error, unexpected T_LOGICAL_AND, expecting ')' in /web/include/check_login.php on line 33

Here's what I have (minus the license info):

<?php
if ($enable_authentication === 1)
if (!empty($_COOKIE['interface_creator_md5_password'] and !empty($_COOKIE['interface_creator_username']){
$function = 'check_login';
}
else {
$function = 'show_login_form';
}
header ('Location: '.$site_url.$dadabik_login_file.'?function='.$function);
die();

// get the current user
$current_user = $_SESSION['logged_user_infos_ar']['username_user'];

// if the user type correspond to the administrator type
if ($_SESSION['logged_user_infos_ar']['user_type_user'] === $users_table_user_type_administrator_value) {
$current_user_is_administrator = 1;
} // end if
else {
$current_user_is_administrator = 0;
} // end else

} // end if
else {
// set the username to 'nobody' if the authentication is disabled (useful if there are some ID_user fields)
$current_user = 'nobody';
$current_user_is_administrator = 0;
} // end else

?>

 

[DebbieS]

I had to make a few mods to the code to be placed in the "login.php" file as referenced above. I used:

case 'check_login':
if (($_POST['username_user'] === '' || $_POST['password_user'] === '') && (empty($_COOKIE['interface_creator_username']) || empty($_COOKIE['interface_creator_md5_password']))) {
txt_out('<p style="align:center;">'.$login_messages_ar['username_password_are_required'].'</p>', 'error_messages_form');
include './include/forms/login.php';
} // end if
else{
if (!empty($_COOKIE['interface_creator_username']) && !empty($_COOKIE['interface_creator_md5_password'])){
$md5_or_not = "non-md5";
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_COOKIE['interface_creator_username'], $_COOKIE['interface_creator_md5_password'], $md5_or_not);
$using_cookie = 'yes';
} // end if - using cookie values
else {
$md5_or_not = "md5";
$_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user'], $md5_or_not);
$using_cookie = 'no';
} // end else - using post values
var_dump ($_SESSION['logged_user_infos_ar']);
// $_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user'], $md5_or_not);
if ($_SESSION['logged_user_infos_ar'] !== false){
if (isset($_POST['remember_me'])){
setcookie('interface_creator_username', $_SESSION['logged_user_infos_ar']['username_user'], time()+1000000); //~6d
setcookie('interface_creator_md5_password', $_SESSION['logged_user_infos_ar']['password_user'], time()+1000000); //~6d
} // end if 'remember me'
//header ('Location: '.$site_url.'index.php');
header ('Location: '.$site_url.$dadabik_main_file.'?empty_search_variables=1');
die();
} // end if
else{
unset($_SESSION['logged_user_infos_ar']);
if (isset($_COOKIE['interface_creator_username']) or isset($_COOKIE['interface_creator_md5_password'])){ // reset cookies
setcookie('interface_creator_username');
setcookie('interface_creator_md5_password');
} // end if
txt_out('<p style="align:center;">'.$login_messages_ar['incorrect_login'].'</p>', 'error_messages_form');
include './include/forms/login.php';
} // end else
} // end else
break; // case 'check_login'
case 'logout':
unset($_SESSION['logged_user_infos_ar']);
if (isset($_COOKIE['interface_creator_username']) or isset($_COOKIE['interface_creator_md5_password'])){ // reset cookies
setcookie('interface_creator_username');
setcookie('interface_creator_md5_password');
} // end if
header ('Location: '.$site_url.$dadabik_login_file);
die();
break; // case 'logout'

If anyone is having trouble getting the originally posted code working, try this one.

Thanks for the great code alpha2zee!!!

 

[k6yxh]

I get the same error message. Did you resolve the problem?

 

[DebbieS]

Which code are you using from which post? My resolution to the problem I was experiencing is already posted.