0

I have this method that has login logic, but when I tried to set cookies to something it store, But the issue is on redirection when I close the browser it redirect me back to login form even if I checked the remember checkbox input, Here is my code

<?php
    public function login()
    {
        $stmt = $this->db->prepare("SELECT userid FROM users WHERE username = :username AND password = :password");
        $stmt->execute(array(
               ':username' => $_POST['username'],
               ':password' => md5($_POST['password'])
        ));
        $data = $stmt->fetch(PDO::FETCH_ASSOC);
        $count = $stmt->rowCount();

        if($count > 0){
            Session::init();
            Session::set('loggedIn', true);
            Session::set('userId', $data['userId']);
            $duration = time() + 3600 * 24 * 30;

            if ( isset($_POST['rememberme']) ) {
                setcookie('loggedIn', Session::get('loggedIn'), $duration );
                setcookie('userId', Session::get('userId'), $hour );
                header('location: '. URL .'/homedashboard');
                // echo $_COOKIE['userId'];
            } else {
                setcookie('loggedIn', "" );
                setcookie('userId', "" );
                header('location: '. URL .'/homedashboard');
            }
        } else {
            header('location: '. URL .'/Login');
        }
    }
RiggsFolly
  • 89,708
  • 20
  • 100
  • 143
ven
  • 175
  • 9
  • Please dont __roll your own__ password hashing, specially not using MD5() or SHA1(). PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them for the safety of your users. – RiggsFolly Mar 03 '20 at 10:22
  • If this `Session::init();` does your `session_start()` that should be done as the first thing any script does, not in a function where data may already have been sent to the browser before it gets called – RiggsFolly Mar 03 '20 at 10:24
  • Thank you RiggsFolly, the Session::init(); start session, but the issue is on setting a remember me value if set and redirection if cookies stored successfully after that. – ven Mar 03 '20 at 10:40
  • Are you using any PHP framework? – Van Tho Mar 21 '20 at 02:20
  • Yes, but a simple MVC. – ven Mar 21 '20 at 03:06
  • @Van Tho, I use a framework made with jream. – ven Mar 21 '20 at 03:08
  • When you reopen the browser, you will have some function to check that current user is logged in or not, and it shoud have some logic to check the cookie (because you've used `setcookie` before). Could you post the code of that function here? – Van Tho Mar 21 '20 at 03:11
  • @Van Tho, I use the mvc structure made with jream, And extend according to my needs, Is it because of session Class? – ven Mar 21 '20 at 03:11
  • The session and cookies are stored well but seems to no remember after I close and reopen a browser – ven Mar 21 '20 at 03:13
  • @OneBuyu I'm not sure, becase you need to check the cookie after reopening browser, if cookie exist, then problem is your code, if it does not exist, it shoud be a problem of class Session. Can you check too see does it exist after reopening browser? – Van Tho Mar 21 '20 at 03:14
  • I checked the cookies expire april, and last accessed 4hous ago, but I the problem is I cannot redirected and I cant bypass login process, need me to login again – ven Mar 21 '20 at 03:24
  • There are only login function to the question above @Van Tho – ven Mar 21 '20 at 03:31
  • So you're missing some code to check the cookie/session (should be session bz it sstored on server side). You will need to find the code that redirect you to the login screen, and then change it – Van Tho Mar 21 '20 at 03:40
  • Hello @Van Tho, I sent an email with files to the email __7760@ – ven Mar 21 '20 at 04:12
  • Thank you @Van Tho. please check the files I sent to email – ven Mar 21 '20 at 04:49
  • Okay, I will check it, please wait a moment! – Van Tho Mar 21 '20 at 04:59
  • Okey, Thank you, tell me if you received. – ven Mar 21 '20 at 05:03
  • I've received your files. I've checked that you're missing code check cookie existance. You set cookie by PHP `setcookie` and you should have `getcookie` some where. But be aware that the client can edit that cookie, so you better using session instead. There is some ways that you can extend lifetime of session: https://stackoverflow.com/questions/8311320/how-to-change-the-session-timeout-in-php – Van Tho Mar 21 '20 at 05:06
  • Okey @VanTho.!, I am waiting please – ven Mar 21 '20 at 05:10
  • @OneBuyu I'm so sorry but the code that you've sent to me does not enough, I still need the code that validate user logged in or not – Van Tho Mar 21 '20 at 05:15
  • I use that to log in, but from line of : if ( isset($_POST['rememberme']) condition I commented all So it redirecting to /Main . And after that it redirecting to Main Controller class with no error, Please comment from isset($_POST['rememberme']) – ven Mar 21 '20 at 05:20

0 Answers0