Help with login script (session/cookie)...

[skuliaxe]

Hi, I was wondering if somebody could help me with my LOGIN script!
This is mostly from a tutorial, but I can´t seem to make it do what I want.

I would like for the user so be able to sign in and stay signed in for 6 hours. Right now, when user logs-in he STAYS logged in as long as he doesn't leaver the root page or sub-pages. If he visits Google in the same browser window/tab and goes back the user isn't logged in anymore.

Hoe can I fix these issues with the code below?
ISSUE 1 - User stays logged in when leaving site / closing browser.
ISSUE 2 - User signs out when session is over. When on or off site.

Here´s my LOGIN page code:

PHP: Select all

<?php
require_once('Scripts/dbconnect.php');

$dbops = New MyOps;
$link = $dbops->dbconnect();

session_start();            // Shows we are using sessions

$username = $_POST['username'];            // Gets the inputted username from the form
$password = $_POST['password'];            // Gets the inputted password from the form
$time = time();                            // Gets the current server time

$query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";
$result = mysql_query($query, $link);

if(mysql_num_rows($result))
{
    // If the username and password are correct do the following;
    $_SESSION['loggedin'] = 1;        // Sets the session 'loggedin' to 1
    $cookie = 1;
    
    $access = "Y";
    
    if($cookie == 1)
    {
        // Check to see if the 'setcookie' box was ticked to remember the user
        setcookie("Throunarsaga[username]", $username, $time + 21600);        // Sets the cookie username
        setcookie("Throunarsaga[password]", $password, $time + 21600);        // Sets the cookie password
        
    }
   
}
else        // If login is unsuccessful forwards the user back to the index page with an error
{
    $access = "N";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
</head>
<body>

<?php
    
    if ($access == "Y") 
    {
        echo "You are logged in!";
        
    }
        else
        {
        
        $reload = $_SERVER['PHP_SELF']; 
        echo "<form action=\"$reload\" method=\"post\">
                <table border=\"0\" align=\"center\" bgcolor=\"#000000\">
                <tr>
                  <td colspan=5>&nbsp;</td>
                </tr>
                <tr>
                  <td width=\"137\">&nbsp;</td>
                  <td width=\"57\">User:</td>
                  <td colspan=\"2\"><input type=\"text\" name=\"username\" size=\"20\" maxlength=\"40\" /></td>
                  <td width=\"46\">&nbsp;</td>
                </tr>
                <tr>
                  <td>&nbsp;</td>
                  <td>Pass:</td>
                  <td colspan=\"2\"><input type=\"password\" name=\"password\" size=\"20\" maxlength=\"50\" /></td>
                  <td>&nbsp;</td>
                </tr>
                <tr>
                  <td>&nbsp;</td>
                  <td>&nbsp;</td>
                  <td colspan=\"2\">&nbsp;</td>
                  <td>&nbsp;</td>
                </tr>
                <tr>
                  <td>&nbsp;</td>
                  <td>&nbsp;</td>
                  <td width=\"22\">&nbsp;</td>
                  <td width=\"166\"><input type=\"submit\" name=\"Login\" value=\"Login\" /></td>
                  <td>&nbsp;</td>
                  </tr>
                <tr><td colspan=\"5\" align=\"right\">&nbsp;</td></tr>
                </table>
                </form>";
        }
?>

[alexgeek]

You can log the user out with session_destroy(); But you cannot choose how long the cookie remains on their computer really.
The client's browser has control over the cookie's expiration.

[skuliaxe]

Quote:

Originally Posted by alexgeek

You can log the user out with session_destroy(); But you cannot choose how long the cookie remains on their computer really.
The client's browser has control over the cookie's expiration.

I have a logout button (with session_destroy()).
But what about pages like this one, that keeps me logged in if I check the Remember me button?

Based on this tutorial, this should be possible.

Quote:

What is a cookie anyways? It is a temporary file that is stored on the user's computer on behalf of the website in order to hold information that is important to the website. How long does this temporary file last? As long as we say so. As written, the expiry time is 100 days, after which the cookie will be deleted. However, it also gets deleted when the user decides to log out, as you will soon see.

I might just try and work from this script in the tutorial from the link above, but wouldn't I just end with the same problem? As I´m already using the 'setcookie' as in the tutorial.

[Jack Franklin]

The above tutorial you have linked to does work, I have used it in the past.