Remember me option allows the user to automatically get logged in to the trang web without entering its username và password again.
Bạn đang xem: How to implement remember me in php securely
To do this I am using $_COOKIE that store value on the client-side for detecting the user. Next time when the user comes it will automatically redirect to the homepage.
Encrypt the value before storing it to $_COOKIE and decrypt it while access. It will automatically destroy after 30 days.
Contents
1. Table structure
I am using users table in the example.
CREATE TABLE `users` ( `id` int(11) NOT NULL PRIMARY KEY AUTO_INCREMENT, `username` varchar(80) NOT NULL, `password` varchar(20) NOT NULL) ENGINE=InnoDB mặc định CHARSET=latin1;
2. Configuration
Create a new config.php file for the database configuration.Completed Code
3. Login Page
HTMLCreate a login size that has two input elements for entering username & password, a submit button, & a checkbox for Remember me.
Completed Code
PHP
Created two functions to lớn encrypt and decrypt the userid –
Append $ciphertext with $iv and $key separated by "::" and encode in base64 format và return it.
decryptCookie() – This function takes a single parameter. Explode the $ciphertext by "::" và assign to lớn variables.
Pass values in openssl_decrypt() function and return it.
If $_SESSION<"userid"> is see then redirect to lớn home.php tệp tin otherwise kiểm tra if $_COOKIE<"rememberme"> is phối or not.
Xem thêm: Là Những Loại Ung Thư Carcinoma Là Gì, Là Những Loại Ung Thư Gì
If mix then decrypts the COOKIE value to get the userid. Check if $userid exists in the users table or not. If exists then assign $userid to lớn $_SESSION<"userid"> and redirect to home.php.
Form submit
Check if the username and password exist in the users table or not. If exists then assign user id khổng lồ $userid variable.
If "rememberme" is POST then encrypt the userid & set "rememberme" COOKIE for 30 days.
Assign $userid to $_SESSION<"userid"> & redirect khổng lồ home.php.
Completed Code
0 ) $_SESSION<"userid"> = $userid; header("Location: home.php"); exit; }// Encrypt cookiefunction encryptCookie( $value ) $key = hex2bin(openssl_random_pseudo_bytes(4)); $cipher = "aes-256-cbc"; $ivlen = openssl_cipher_iv_length($cipher); $iv = openssl_random_pseudo_bytes($ivlen); $ciphertext = openssl_encrypt($value, $cipher, $key, 0, $iv); return( base64_encode($ciphertext . "::" . $iv. "::" .$key) );// Decrypt cookiefunction decryptCookie( $ciphertext ) $cipher = "aes-256-cbc"; list($encrypted_data, $iv,$key) = explode("::", base64_decode($ciphertext)); return openssl_decrypt($encrypted_data, $cipher, $key, 0, $iv);// On submitif(isset($_POST<"but_submit">)) $uname = mysqli_real_escape_string($con,$_POST<"txt_uname">); $password = mysqli_real_escape_string($con,$_POST<"txt_pwd">); if ($uname != "" && $password != "") $sql_query = "select count(*) as cntUser,id from users where username="".$uname."" and password="".$password."""; $result = mysqli_query($con,$sql_query); $row = mysqli_fetch_array($result); $count = $row<"cntUser">; if($count > 0) $userid = $row<"id">; if( isset($_POST<"rememberme">) ) // mix cookie variables $days = 30; $value = encryptCookie($userid); setcookie ("rememberme",$value,time()+ ($days * 24 * 60 * 60 * 1000)); $_SESSION<"userid"> = $userid; header("Location: home.php"); exit; else echo "Invalid username and password";
4. Homepage
Within the homepage, I created a logout button.On logout, button click destroy the $_SESSION and $_COOKIE variable và redirect khổng lồ index.php file.
Completed Code
Homepage
5. Conclusion
For security purpose, I encoded the userid before storing it in a $_COOKIE and set the COOKIE expiry time according lớn your requirement.You can view the PDO version of this tutorial here.
If you found this tutorial helpful then don"t forget lớn share.Are you want to lớn get implementation help, or modify or extend the functionality of this script? Submit paid service request.
