#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    295
    Rep Power
    1

    Question How To Add Remember Me Feature With Cookies ?


    Hi,

    This is a login.php.

    The user is given a choice to either input his/her Username & Password or Email & Password. In short, either log-in inputting your Username or your Email.
    People are welcome to provide their own code samples in mysqli procedural or edit (fix) my code by adding comments and displaying it on this thread for all newbies to learn from. From your code and your code comments, I, aswell as other newbies would learn.
    It is written in mysqli procedural. I have not learned pdo oop yet. I need help in the login.php to add the "Remember Me" feature using Cookies.
    Can someone be the Great Samaritan here to show me an example ? You're welcome to not start from scratch but work on my work (login.php).
    registration.php, logout.php and account_acivation.php finished. Those last 3 files are working fine. Working on the home.php now.

    login.php
    PHP Code:
    <?php
     
    /*
    ERROR HANDLING
    */
    declare(strict_types=1);
    ini_set('display_errors''1');
    ini_set('display_startup_errors''1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);
     
    include 
    'config.php';
     
    // check if user is already logged in
    if (is_logged() === true
    {
        
    //Redirect user to homepage page after 5 seconds.
        
    header("refresh:2;url=home.php");
        exit; 
    //
    }


    if (isset(
    $_POST["login_username_or_email"]) && isset($_POST["login_password"]))
        {
            
    $username_or_email trim($_POST["login_username_or_email"]);
            
    $password $_POST["login_password"];        
             
            
    //Select Username or Email to check against Mysql DB if they are already registered or not.
                    
            
    if(strpos("$username_or_email""@"))
            {
                
    $email $username_or_email;
                            
                
    $query "SELECT ids, usernames, passwords, emails, accounts_activations_statuses FROM users WHERE emails = ?";
                
    $stmt mysqli_stmt_init($conn);
                
    $stmt mysqli_prepare($conn$query);            
                
    mysqli_stmt_bind_param($stmt's'$email);
                
    mysqli_stmt_execute($stmt);
                
    //$result = mysqli_stmt_get_result($stmt); //Which line to use ? This line or the next ?
                
    $result mysqli_stmt_bind_result($stmt$db_id$db_username$db_password$db_email$db_account_activation_status); // Which line to use ? This line or the one above ?
            
    }
            else
            {
                
    $username $username_or_email;
                            
                
    $query "SELECT ids, usernames, passwords, emails, accounts_activations_statuses FROM users WHERE usernames = ?";
                
    $stmt mysqli_stmt_init($conn);
                
    $stmt mysqli_prepare($conn$query);
                
    mysqli_stmt_bind_param($stmt's'$username);
                
    mysqli_stmt_execute($stmt);
                
    $result mysqli_stmt_bind_result($stmt$db_id$db_username$db_password$db_email$db_account_activation_status); // Which line to use ? This line or the one above ?
            
    }
              
            
    $row mysqli_stmt_fetch($stmt);        
            
    mysqli_stmt_close($stmt);
            
            if (!
    password_verify($password$db_password))
            {
                echo 
    "Incorrect User Credentials!';<br>";
                exit();
            }
            else
            {
                
    $_SESSION["user"] = $db_username;            
                
    header("location:home.php?user=$db_username");    
            }
        }

        
    ?>

    <!DOCTYPE html>
    <html>
    <head>
    <title><?php $site_name?> Member Login Page</title>
      <meta charset="utf-8">
    </head>
    <body>
    <form method="post" action="">
        <h3><?= $site_name ?> Member Login Form</h3>
        <fieldset>
            <label for="login_name">Username/Email:</label>
            <input type="text" name="login_username_or_email" id="login_name" value="">
            <br>
            <label for="login_pass">Password:</label>
            <input type="password" name="login_password" id="login_pass" value="">
        </fieldset>
        <div class="submitsAndHiddens">
            <label for="login_remember">Remember Login Details:</label>
            <input type="checkbox" name="login_remember" />
            <br>
            <button type="submit">Login</button>
            <br>
            <a href="login_password_reset.php">Forgot your Password ? Reset it here!</a>
            <br>
            <a href="register.php">Register here!</a>
        </div>
    </form>

    </body>
    </html>

    registration.php (working)

    PHP Code:
    <?php

    /*
    ERROR HANDLING
    */
    declare(strict_types=1);
    ini_set('display_errors''1');
    ini_set('display_startup_errors''1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);

    include 
    'config.php';

    //Step 1: Before registering User account, check if User is already registered or not.

    //Check if User is already logged-in or not.
    if (is_logged() === true) {
        die(
    "You are already logged-in! No need to register again!");
    }

    if (
    $_SERVER['REQUEST_METHOD'] == "POST")
    {
    //Step 2: Check User Submitted Details.
        
        //Check if user made all the required inputs or not.
        
    if (isset($_POST["username"]) && 
           isset(
    $_POST["password"]) &&
           isset(
    $_POST["password_confirmation"]) && 
           isset(
    $_POST["email"]) && 
           isset(
    $_POST["email_confirmation"]) && 
           isset(
    $_POST["first_name"]) && 
           isset(
    $_POST["surname"]) && 
           isset(
    $_POST["gender"])) {
               
    //Step  3: Check User details for matches against database. If no matches then validate inputs and register User account.
               
            //Create variables based on user inputs.
            
    $username     trim($_POST["username"]);
            
    $password     $_POST["password"];
            
    $password_confirmation $_POST["password_confirmation"];
            
    $email         trim($_POST["email"]);
            
    $email_confirmation trim($_POST["email_confirmation"]);
            
    $first_name    trim($_POST["first_name"]);
            
    $surname     trim($_POST["surname"]);
            
    $gender     $_POST["gender"];    
               
    $account_activation_code sha1( (string) mt_rand(530)); //Type Casted the INT to STRING on the 1st parameter of sha1 as it needs to be a STRING.
            
    $account_activation_link "http://www.".$site_domain."/".$social_network_name."/activate_account.php?email=".$_POST['email']."&account_activation_code=".$account_activation_code."";
            
    $account_activation_status 0// 1 = active; 0 = not active.
            
    $hashed_password password_hash($passwordPASSWORD_DEFAULT); //Encrypt the password.
            
            //Select Username and Email to check against Mysql DB if they are already registered or not.
            
    $stmt mysqli_prepare($conn"SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?");
            
    mysqli_stmt_bind_param($stmt'ss'$username$email);
            
    mysqli_stmt_execute($stmt);
            
    $result mysqli_stmt_get_result($stmt);        
            
    $row mysqli_fetch_array($resultMYSQLI_ASSOC);
            
            
    // Check if inputted Username is already registered or not.
            
    if ($row['usernames'] == $username) {
                
    $_SESSION['error'] = "That username is already registered.";
                exit();
            
    // Check if inputted Username is between the required 8 to 30 characters long or not.
            
    } elseif (strlen($username) < || strlen($username) > 30) {
                
    $_SESSION['error'] = "Username must be between 8 to 30 characters long!";
                exit();
            
    // Check if both inputted Emails match or not.
            
    } elseif ($email != $email_confirmation) {
                
    $_SESSION['error'] = "Emails don't match!";
                exit();
            
    // Check if inputed Email is valid or not.
            
    } elseif (!filter_var($emailFILTER_VALIDATE_EMAIL)) {
                
    $_SESSION['error'] = "Invalid email! Insert your real Email in order for us to email you your account activation details.";
                exit();
            
    // Check if inputted Email is already registered or not.
            
    } elseif ($row['emails'] == $email) {
                
    $_SESSION['error'] = "That email is already registered.";
                exit();
            
    // Check if both inputted Passwords match or not.
            
    } elseif ($password != $password_confirmation) {
                
    $_SESSION['error'] = "Passwords don't match.";
                exit();
            
    // Check if Password is between 8 to 30 characters long or not.
            
    } elseif (strlen($password) < || strlen($password) > 30) {
                
    $_SESSION['error'] = "Password must be between 6 to 30 characters long!";
                exit();
            } 
            else 
            {
                
    //Insert the user's inputs into Mysql database using php's sql injection prevention method "Prepared Statements".
                
    $stmt mysqli_prepare($conn"INSERT INTO users(usernames, passwords, emails, first_names, surnames, genders, accounts_activations_codes, accounts_activations_statuses) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
                
    mysqli_stmt_bind_param($stmt'sssssssi'$username$hashed_password$email$first_name$surname$gender$account_activation_code$account_activation_status);
                
    mysqli_stmt_execute($stmt);
                echo 
    "INSERTING";

                
    //Check if user's registration data was successfully submitted or not.
                
    if (!$stmt)
                {
                    
    $_SESSION['error'] = "Sorry! Our system is currently experiencing a problem registering your account! You may try registering some other time.";
                    exit();
                }
                else 
                {
                    
    //Email the account activation link for user to click it to confirm their email and activate their new account.
                    
    $to $email;
                    
    $subject "Your ".$site_name." account activation details!";
                    
    $body  nl2br("
                    ===============================\r\n
                    "
    .$site_name." \r\n
                    ===============================\r\n
                    From: "
    .$site_admin_email."\r\n
                    To: "
    .$email."\r\n
                    Subject: Yours "
    .$subject." \r\n
                    Message: "
    .$first_name." ".$surname."\r\n You need to click on this following <a href=".$account_activation_link.">link</a> to activate your account. \r\n");
                    
    $headers "From: " $site_admin_email "\r\n";
                
                    if (!
    mail($to,$subject,$body,$headers)) 
                    {
                        
    $_SESSION['error'] = "Sorry! We have failed to email you your account activation details. Please contact the website administrator!";
                        exit();
                    }
                    else
                    {
                        echo 
    "<h3 style='text-align:center'>Thank you for your registration!<br /> Check your email for details on how to activate your account which you just registered.</h3>";
                        exit();
                    }
                }
            }
        }
    }

    ?>

    <!DOCTYPE html>
    <html>
        <head>
            <title><?php $social_network_name ?> Signup Page</title>
        </head>
    <body>
    <div class ="container">

    <?php
    // Error Messages.
    if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
        echo 
    '<p style="color:red;">'.$_SESSION['error'].'</p>';
    }
    ?>

    <?php
    //Session Messages.
    if (isset($_SESSION['message']) && !empty($_SESSION['message'])) {
        echo 
    '<p style="color:red;">'.$_SESSION['error'].'</p>';
    }
    ?>

    <?php
    //Clear Registration Session.
    function clear_registration_session()
        {
            
    //Clear the User Form inputs, Session Messages and Session Errors so they can no longer be used.
            
    unset($_SESSION['message']);
            unset(
    $_SESSION['error']);
            unset(
    $_POST);
            exit();
        }
    ?>

    <form method="post" action="">
        <center><h2>Signup Form</h2></center>
        <div class="form-group">
            <center><label>Username:</label>
            <input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>"></center>
        </div>
        <div class="form-group">
            <center><label>Password:</label>
            <input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9]></center>
        </div>
        <div class="form-group">
            <center><label>Repeat Password:</label>
            <input type="password" placeholder="Repeat a new Password" name="password_confirmation" required [A-Za-z0-9]></center>
        </div>
            <div class="form-group">
            <center><label>Email:</label>
            <input type="email" placeholder="Enter your Email" name="email" required [A-Za-z0-9] value="<?php if(isset($_POST['email'])) { echo htmlentities($_POST['email']); }?>"></center>
        </div>
        <div class="form-group">
            <center><label>Repeat Email:</label>
            <input type="email" placeholder="Repeat your Email" name="email_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['email_confirmation'])) { echo htmlentities($_POST['email_confirmation']); }?>"></center>
        </div>
        <div class="form-group">
            <center><label>First Name:</label>
            <input type="text" placeholder="Enter your First Name" name="first_name" required [A-Za-z] value="<?php if(isset($_POST['first_name'])) { echo htmlentities($_POST['first_name']); }?>"></center>
        </div>
        <div class="form-group">
            <center><label>Surname:</label>
            <input type="text" placeholder="Enter your Surname" name="surname" required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo htmlentities($_POST['surname']); }?>"></center>
        </div>
        <div class="form-group">
            <center><label>Gender:</label>
            <input type="radio" name="gender" value="male" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input type="radio" name="gender" value="female" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Female</center>
        </div>
        <center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
        <center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center>
    </form>
    </div>
    </body>
    </html>
    account_activation.php (working)
    PHP Code:
    <?php

    /*
    ERROR HANDLING
    */
    declare(strict_types=1);
    ini_set('display_errors''1');
    ini_set('display_startup_errors''1');
    error_reporting(E_ALL);
    mysqli_report(MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT);

    include 
    'config.php';

    if (!isset(
    $_GET["email"], $_GET["account_activation_code"]) === true)
    {
        
    $_SESSION['error'] = "Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering an account if you do not already have one! <a href=\"register.php\">Register here!</a>";
        exit();

    else 
    {    
        
    $email htmlspecialchars($_GET['email']);
        
    $account_activation_code htmlspecialchars($_GET['account_activation_code']);

        
    $stmt_one mysqli_stmt_init($conn);    
        if (
    mysqli_stmt_prepare($stmt_one"SELECT usernames, accounts_activations FROM users WHERE emails = ? AND accounts_activations_codes = ?"))
        {
            
    mysqli_stmt_bind_param($stmt_one'si'$email,  $account_activation_code);
            
    mysqli_stmt_execute($stmt_one);
            
    mysqli_stmt_bind_result($stmt_one$username$account_activation_state);
            
    mysqli_stmt_fetch($stmt_one);
            
    mysqli_stmt_close($stmt_one);
            
            if (
    $account_activation_state != 0)
            {    
                echo 
    "Since your account is already activated, why are you trying to activate it again ? Do not do that again and just login from <a href=\"login.php\">this webpage</a> next time! Make a note of that webpage, ok ?";
                exit;
            }
            else
            {
                
    $account_activation_state 1;
                    
                
    $stmt_two mysqli_stmt_init($conn);
                if(
    mysqli_stmt_prepare($stmt_two"UPDATE users SET accounts_activations = ? WHERE usernames = ?"))
                {
                    
    mysqli_stmt_bind_param($stmt_two'is'$account_activation_state$username);
                    
    mysqli_stmt_execute($stmt_two);    
                    
    mysqli_stmt_fetch($stmt_two);
                    
    mysqli_stmt_close($stmt_two);
                
                    echo 
    "Account Activation State: $account_activation_state";?><br>
                    <?php
                    
    echo "Username: $username";            
            
                    echo 
    "<h3 style='text-align:center'>Thank you for your confirming your email and activating your account.<br /> You may now try logging into your account.</h3>";
                    
    $_SESSION["user"] = $username;
                }
                else
                {
                    echo 
    'Failure: Something is wrong. Unable to activate your account! Contact Site Admin.';
                    echo 
    'Failure: Mysqli_stmt_prepare($stmt_two)';
                    exit;
                }
            }    
        }
        else
        {
            echo 
    'Failure: This account activation link is invalid or has expired. Try <a href="register.php">registering</a> for an account now.';
            echo 
    'Failure: Mysqli_stmt_prepare($stmt_one)';
            exit;
        }            
    }

    ?>
    logout.php (working)

    PHP Code:
    <?php
           session_start
    ();
           
    session_destroy();
           echo 
    "You have successfully logged-out!";
    ?><br>
    <?php
           
    echo "<a href='login.php'>Re-Login.</a>";
    ?><br>
    Last edited by UniqueIdeaMan; October 7th, 2017 at 07:40 PM.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,342
    Rep Power
    630
    Search engines are your friend.

    Improved Persistent Login Cookie Best Practice | Barry Jaspan

    Comments on this post

    • UniqueIdeaMan agrees : Thank you. I gave you a REP.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2017
    Posts
    295
    Rep Power
    1
    Originally Posted by gw1500se
    Thank You! I gave you a REP!

IMN logo majestic logo threadwatch logo seochat tools logo