Please take a look at this code. Is it possible to use it to register the user through cookies
if (isset($_COOKIE['rand_nm']) && isset($_COOKIE['token'])) {
$start_date = date("Y-m-d h:i:sa");
$stmt = $con->prepare("SELECT * From tbl_token Where username = ? AND selector_hash = ?");
$stmt->execute(array($_COOKIE['rand_nm'], $_COOKIE['token']));
$row = $stmt->fetch();
$count = $stmt->rowCount();
if($row["expiry_date"] >= $start_date) {
$isExpiryDareVerified = true;
}
if ($_COOKIE['rand_nm'] == $row['username'] && $_COOKIE['token'] == $row['selector_hash'] && $isExpiryDareVerified) {
if ($count > 0) {
$_SESSION['userName'] = $row['username'];
$_SESSION['id'] = $row['id'];
}
}
}
Processing form data when form is submitted and Update the database table
and then stored the cookies information. token [random number] and username in the database. after login…
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['login'])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$hashPass = sha1($pass);
if (empty($_POST['username']) || empty($_POST['password'])) {
header('Location: signup.php?error=fieldsempty');
exit();
} else {
$stmt = $con->prepare("SELECT * From tbl_token Where username = ? AND password_hash = ?");
$stmt->execute(array($user, $hashPass));
$count = $stmt->rowCount();
if ($count > 0) {
if ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
if ($hashPass == $row['password_hash']) {
if (isset($_POST['remember']) == 'POST') {
if ($_POST['remember'] == 'on') {
$validation = uniqid(true);
$start_date = date("Y-m-d h:i:sa");
$date = strtotime($start_date);
$date = strtotime("+1 day", $date);
setcookie('rand_nm', $_POST['username'], time()+ 86400, '/');
setcookie('token', $validation, time()+ 86400, '/');
$stmt = $con->prepare("UPDATE tbl_token SET selector_hash = ?, is_expired = ?, expiry_date = ? WHERE username = ?");
$stmt->execute(array($validation, 1, date('Y-m-d h:i:sa', $date), $_POST['username']));
}
}
$_SESSION['userName'] = $user;
$_SESSION['id'] = $row['id'];
} else {
echo 'password not correct';
}
}
} else {
echo 'the username is not exist';
}
}
}
}
this is the html login form
<form id="contact-form" class "login" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post">
<div class="container">
<label><b>Username</b></label>
<input class="form-control" type="text" placeholder="Enter Username" name="username"><br>
<label><b>Password</b></label>
<input class="form-control" type="password" placeholder="Enter Password" name="password" ><br>
<button class="btn" name="login" type="submit">Login</button>
<label>
<input type="checkbox" checked="checked" name="remember"> Remember me
</label>
</div>
<div class="container">
<span class="psw">Forgot <a href="#">password?</a></span>
</div>
</form>
Advertisement
Answer
It is possible, but I would not suggest you doing that. Especially storing a password, maybe unencrypted, in a cookie.
You may store a session id in your cookie, and also store that code in your database. This way you can “remember” who used your site from that specific browser, and if the user has logged off, or not. Now you don’t need to store sensitive information unencryted in easily accessable cookies.
if(isset($_COOKIE['sessionid']) {
//looking for that session id in the database here... your object is $session filled data from the database.
if($session->stillLogged()) {
//Authenticate the user..
}
}