PHP remember user (cookie)

[Joveice]

Hi I want to remember my users by using the cookies (so they don't get logged out). I want it to expire after 7 days, and it will renew when they visit inside that time. how should I do this?

the way I tought of it first I already see the security flaws of. etc keeping the user id in the cookie. edit the cookie and boom you can loggin as who ever you want.

 

How is this done to keep it safe?

I have never worked with cookies.

[vorticalbox]

1 minute ago, Joveice said:

Hi I want to remember my users by using the cookies (so they don't get logged out). I want it to expire after 7 days, and it will renew when they visit inside that time. how should I do this?

the way I tought of it first I already see the security flaws of. etc keeping the user id in the cookie. edit the cookie and boom you can loggin as who ever you want.

 

How is this done to keep it safe?

I have never worked with cookies.

I suggest you read up on php sessions.

[leonfagan71]

I think a better way to do this is via sessions.

You can create a session with this:

<?php

session_start();
print_r($_SESSION);
$_SESSION['batman']="YAY";

?>

 

[Joveice]

1 minute ago, vorticalbox said:

I suggest you read up on php sessions.

I use php sessions, but it expires. and everyone I ask for help says you should use cookies since you don't want alot of sessions going.

[leonfagan71]

Just now, Joveice said:

I use php sessions, but it expires. and everyone I ask for help says you should use cookies since you don't want alot of sessions going.

Then you can change the cookie to last for a week?

<?php

session_set_cookie_params(3600 * 24 * 7);
session_start();
print_r($_SESSION);
$_SESSION['batman']="batmanny";

?>

 

[Joveice]

4 minutes ago, leonfagan71 said:

Then you can change the cookie to last for a week?

<?php

session_set_cookie_params(3600 * 24 * 7);
session_start();
print_r($_SESSION);
$_SESSION['batman']="batmanny";

?>

 

Is this all I need to do?

[leonfagan71]

Just now, Joveice said:

Is this all I need to do?

yes, basically.

session_set_cookie_params(3600 * 24 * 7);

needs to go just before the first 

session_start();

 

it cannot go after it, it must be before the session is started.

 

It will then have the session on the server and the client for 7 days.

[Joveice]

1 minute ago, leonfagan71 said:

yes, basically.

session_set_cookie_params(3600 * 24 * 7);

needs to go just before the first 

session_start();

 

it cannot go after it, it must be before the session is started.

 

It will then have the session on the server and the client for 7 days.

And should this be set in the login or on each page?

[leonfagan71]

Just now, Joveice said:

And should this be set in the login or on each page?

I'd do it on every page if you don't know which page the user will start on.

[vorticalbox]

59 minutes ago, leonfagan71 said:

I'd do it on every page if you don't know which page the user will start on.

depends on the set up my blog I build everything is loaded through index.php so I would only need to do it once.

[leonfagan71]

Just now, vorticalbox said:

depends on the set up my blog I build everything is loaded through index.php so I would only need to do it once.

Exactly, I 100% agree. I also tend to use one file for dynamic content with static templates.

[Joveice]

On 27.11.2016 at 10:11 PM, leonfagan71 said:

yes, basically.

session_set_cookie_params(3600 * 24 * 7);

needs to go just before the first 

session_start();

 

it cannot go after it, it must be before the session is started.

 

It will then have the session on the server and the client for 7 days.

Okey, so I still get logged of when I'm not using the site, what makes this happen?

[leonfagan71]

50 minutes ago, Joveice said:

Okey, so I still get logged of when I'm not using the site, what makes this happen?

It should be fine as long as the server isn't being restarted, for sites hosted on shared hosting, they're usually rebooted daily.

 

Could you please give me some more info regarding the server?

[Joveice]

1 hour ago, leonfagan71 said:

It should be fine as long as the server isn't being restarted, for sites hosted on shared hosting, they're usually rebooted daily.

 

Could you please give me some more info regarding the server?

home hosted, domain is handled by cloudflare and almost never rebooted

[leonfagan71]

3 minutes ago, Joveice said:

home hosted, domain is handled by cloudflare and almost never rebooted

Okay, in that case, it's probably the garbage collector.

 

You may need the modify the PHP.ini file.
PHP will only store session data for a specified time before it's removed from the server.

if you can put this in a PHP file and get the result, that would be great?

print_r( ini_get(’session.gc_maxlifetime’));

[Joveice]

2 minutes ago, leonfagan71 said:

Okay, in that case, it's probably the garbage collector.

 

You may need the modify the PHP.ini file.
PHP will only store session data for a specified time before it's removed from the server.

if you can put this in a PHP file and get the result, that would be great?

print_r( ini_get(’session.gc_maxlifetime’));

1440, (this is just a question, the php dident understand ’ is this just a php thing? changed to ' since thats what all other of my scripts use and it worked as expected)

[leonfagan71]

Just now, Joveice said:

1440, (this is just a question, the php dident understand ’ is this just a php thing? changed to ' since thats what all other of my scripts use and it worked as expected)

Okay, 1440 is 1440 seconds which is about 24 minutes before a session expires.

 

What you'd need to do is change the value in PHP.ini

session.gc_maxlifetime = 86400

1 day=86400

7 days=604800

8 days=691200

 

I'd then restart the server, although it shouldn't really be necessary.

 

In regards to the single quote, I copied and pasted it out of one of my files that sometimes open in a stupid font. I apologise for that.

It is correct that PHP would not understand this character as it's not a standard character.

 

Please send me the value of that command I asked you to run earlier when this is complete.

 

Cheers,

Leon. 

[Joveice]

6 minutes ago, leonfagan71 said:

Okay, 1440 is 1440 seconds which is about 24 minutes before a session expires.

 

What you'd need to do is change the value in PHP.ini

session.gc_maxlifetime = 86400

1 day=86400

7 days=604800

8 days=691200

 

I'd then restart the server, although it shouldn't really be necessary.

 

In regards to the single quote, I copied and pasted it out of one of my files that sometimes open in a stupid font. I apologise for that.

It is correct that PHP would not understand this character as it's not a standard character.

 

Please send me the value of that command I asked you to run earlier when this is complete.

 

Cheers,

Leon. 

604800 had to restart the server for it to change.

[leonfagan71]

Just now, Joveice said:

604800 had to restart the server for it to change.

Cool, the garbage collector shouldn't erase the files now until the session has expired.

 

It might be worth just doing a basic test, e.g leave it for an hour or two without going onto the page.

 

Cheers,

Leon.

[Joveice]

1 minute ago, leonfagan71 said:

Cool, the garbage collector shouldn't erase the files now until the session has expired.

 

It might be worth just doing a basic test, e.g leave it for an hour or two without going onto the page.

 

Cheers,

Leon.

Will do, Also instead of creating a new thread (since it isent relevant) and since you know php.

what is this, like I get this error randomly (sometimes they work and sometimes not)

Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in script.php on line 94

Fatal error: Uncaught Error: Call to a member function bind_param() on boolean in script.php:97 Stack trace: #0 {main} thrown in script.php on line 97

 

[leonfagan71]

1 minute ago, Joveice said:

Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in script.php on line 94

Means that the query failed, you may need to check if there's a mysqli error.

When a query runs, it returns a true or a false meaning if it succeeded or failed.

It will return false when it fails. 

mysqli_fetch_assoc() requires a result of a query instead of a boolean.

 

If you assign the query to a variable and do an if statement to check if the variable is true, if it's true then you can do the mysqli_fetch_assoc otherwise, the query failed.

 

4 minutes ago, Joveice said:

Fatal error: Uncaught Error: Call to a member function bind_param() on boolean in script.php:97 Stack trace: #0 {main} thrown in script.php on line 97

 

This message is basically the same as the top, it's saying that the function "mysqli_fetch_assoc(mysqli_result)" failed to get a mysqli_result as one of it's parameters. 

Basically, fix the first one and the second one will disappear.

 

Cheers,

Leon.

[Joveice]

5 minutes ago, leonfagan71 said:

Means that the query failed, you may need to check if there's a mysqli error.

When a query runs, it returns a true or a false meaning if it succeeded or failed.

It will return false when it fails. 

mysqli_fetch_assoc() requires a result of a query instead of a boolean.

 

If you assign the query to a variable and do an if statement to check if the variable is true, if it's true then you can do the mysqli_fetch_assoc otherwise, the query failed.

 

This message is basically the same as the top, it's saying that the function "mysqli_fetch_assoc(mysqli_result)" failed to get a mysqli_result as one of it's parameters. 

Basically, fix the first one and the second one will disappear.

 

Cheers,

Leon.

I don't see whats wrong, could you help?

[leonfagan71]

1 minute ago, Joveice said:

I don't see whats wrong, could you help?

do 

print_r($stmt->error);

after $result=....get_result...

but before $row=......

[Joveice]

5 minutes ago, leonfagan71 said:

do 

print_r($stmt->error);

after $result=....get_result...

but before $row=......

same error as first

[leonfagan71]

Just now, Joveice said:

same error as first

it should print the SQL error onto the page.