0

I created a log-in page and i used cookies for the auto-login option. For some reason, when i'm trying to test it (going to the log-in page - for testing the redirecting) its not working. When i'm printing the $_COOKIE i see only the 'PHPSESSID'.

This is my code:

public function index(){

    if (isset($_COOKIE[$_SESSION[SESSION_KEY.'id']]) && isset($_COOKIE[$_SESSION[SESSION_KEY.'password']]))
    {

        $login = $_COOKIE[$_SESSION[SESSION_KEY.'id']];
        $password  = 1;

    }
    else if(isset($_POST['login']) && isset($_POST['password']))
    {
            $password = $_POST['password'];
            $login = $_POST['login'];            
    }    
    if(isset($login) && isset($password))
       {        

            $query = "SELECT * FROM myDB WHERE id= '{$login}' AND Password = '{$password}'";
            $result = $this->db->query($query)->result();

            if(count($result) == 0 || count($result) > 1){

                $this->load->view('admin/login');
            }elseif(count($result) == 1){

                $_SESSION[SESSION_KEY.'id'] = $result[0]->id;
                $_SESSION[SESSION_KEY.'password'] = 1;

                if (isset($_POST['remember']) && isset($_POST['remember']) == 1)
                {
                    setcookie($_SESSION[SESSION_KEY.'id'], $login, time()+60*60*24*10, base_url());
                    setcookie($_SESSION[SESSION_KEY.'password'], $password, time()+60*60*24*10, base_url());     
                }                       
                redirect('customers/customers_list');  
            }
        }
        else {
            $this->load->view('admin/login');
             return;
        }
}

What could be the problem? where are all the cookies? And yes, i have session_start();

user3282988
  • 129
  • 1
  • 12
  • Do you have session_start(); on all of your pages? It seems like this would require it: $_COOKIE[$_SESSION[SESSION_KEY.'id']] – James Oct 05 '14 at 20:35
  • yes. i have session_start... any other idea? – user3282988 Oct 05 '14 at 20:48
  • Seems like your login page is `/admin/login`. Are you checking the cookie on some other page e.g. `/customers/customers_list`? – Salman A Oct 05 '14 at 21:03
  • when i'm logging in i'm redirecting to /customers/customers_list. To check the auto-login i'm trying to load /admin/login (the login page). I need to be auto-direct if it worked.. but NO.. i'm staying in the log in menu. – user3282988 Oct 05 '14 at 21:10
  • What does `base_url()` return? – Filippos Karapetis Oct 05 '14 at 21:19
  • the full path of the site – user3282988 Oct 05 '14 at 21:20
  • Is that a CodeIgniter function? If yes, perhaps this answer helps? http://stackoverflow.com/questions/6449386/base-url-function-not-working-in-codeigniter – Filippos Karapetis Oct 05 '14 at 21:22
  • Filippos Karapetis, yes. but my base_url() function is working. The problem that the cookies are gone. I can see them after i create them. But when i'm reloading\redirecting the cookies are all gone (except the PHPSESSID) – user3282988 Oct 05 '14 at 21:25
  • Does this page work for you? http://blog.dubbelboer.com/2012/11/25/302-cookie.html – Filippos Karapetis Oct 05 '14 at 21:28
  • If i delete the 'test' cookie.. its not working. I mean, the line: setcookie('test'); If i'm not removing this line it will work... so i can set a cookie, but when redirecting its not saving it. – user3282988 Oct 05 '14 at 21:38
  • [Never ever ever *ever* store the password in a cookie.](http://jaspan.com/improved_persistent_login_cookie_best_practice) – PeeHaa Oct 05 '14 at 23:13
  • Also I'm fairly certain you code is vulnerable to sql injection – PeeHaa Oct 05 '14 at 23:14

1 Answers1

0

Try to use the php set_cookie() function the first time the user logs in e.g
setcookie ("username" , $_POST ['username' mktime ()+( 84600 *30 ), "/") Then get the username cookie if it exists, so you can use the stored value anywere you want e.g

if (isset($_COOKIE ['username' ])) {           
    //if the cookie exist allow user login e.g    
    $_SESSION['login']= 'true';
}
else { 
    //if a cookie doesn't exist
    echo "Oops you have to log in!"
    //then you display login form
}

Then on the other page you have something like

session_start();
if ($_SESSION['login']='true') {
    //Then you display the page
}
else { 
    //redirect to login page
}
MC Emperor
  • 22,334
  • 15
  • 80
  • 130
Al-Ameen
  • 149
  • 3
  • 4