How To Add Remember Me Feature With Cookies ?

sunny_pro

New member
Joined
Jun 18, 2017
Messages
86
Points
0
Hi,

This is a login.php.

The user is given a choice to either input his/her Username & Password or Email & Password. In short, either log-in inputting your Username or your Email.
People are welcome to provide their own code samples in mysqli procedural or edit (fix) my code by adding comments and displaying it on this thread for all newbies to learn from. From your code and your code comments, I, aswell as other newbies would learn.
It is written in mysqli procedural. I have not learned pdo oop yet. I need help in the login.php to add the "Remember Me" feature using Cookies.
Can someone be the Great Samaritan here to show me an example ? You're welcome to not start from scratch but work on my work (login.php).
registration.php, logout.php and account_acivation.php finished. Those last 3 files are working fine. Working on the home.php now.

login.php
Code:
<?php
 
/*
ERROR HANDLING
*/
declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
 
include 'config.php';
 
// check if user is already logged in
if (is_logged() === true) 
{
	//Redirect user to homepage page after 5 seconds.
	header("refresh:2;url=home.php");
	exit; //
}


if (isset($_POST["login_username_or_email"]) && isset($_POST["login_password"]))
	{
		$username_or_email = trim($_POST["login_username_or_email"]);
		$password = $_POST["login_password"];		
         
		//Select Username or Email to check against Mysql DB if they are already registered or not.
				
        if(strpos("$username_or_email", "@"))
		{
			$email = $username_or_email;
						
			$query = "SELECT ids, usernames, passwords, emails, accounts_activations_statuses FROM users WHERE emails = ?";
			$stmt = mysqli_stmt_init($conn);
			$stmt = mysqli_prepare($conn, $query);			
			mysqli_stmt_bind_param($stmt, 's', $email);
			mysqli_stmt_execute($stmt);
		    //$result = mysqli_stmt_get_result($stmt); //Which line to use ? This line or the next ?
			$result = mysqli_stmt_bind_result($stmt, $db_id, $db_username, $db_password, $db_email, $db_account_activation_status); // Which line to use ? This line or the one above ?
		}
		else
		{
			$username = $username_or_email;
						
			$query = "SELECT ids, usernames, passwords, emails, accounts_activations_statuses FROM users WHERE usernames = ?";
			$stmt = mysqli_stmt_init($conn);
			$stmt = mysqli_prepare($conn, $query);
			mysqli_stmt_bind_param($stmt, 's', $username);
			mysqli_stmt_execute($stmt);
			$result = mysqli_stmt_bind_result($stmt, $db_id, $db_username, $db_password, $db_email, $db_account_activation_status); // Which line to use ? This line or the one above ?
		}
      	
		$row = mysqli_stmt_fetch($stmt);		
		mysqli_stmt_close($stmt);
		
		if (!password_verify($password, $db_password))
		{
			echo "Incorrect User Credentials!';<br>";
			exit();
		}
		else
		{
			$_SESSION["user"] = $db_username;			
			header("location:home.php?user=$db_username");	
		}
	}

	
?>

<!DOCTYPE html>
<html>
<head>
<title><?php $site_name?> Member Login Page</title>
  <meta charset="utf-8">
</head>
<body>
<form method="post" action="">
	<h3><?= $site_name ?> Member Login Form</h3>
	<fieldset>
		<label for="login_name">Username/Email:</label>
		<input type="text" name="login_username_or_email" id="login_name" value="">
		<br>
		<label for="login_pass">Password:</label>
		<input type="password" name="login_password" id="login_pass" value="">
	</fieldset>
	<div class="submitsAndHiddens">
		<label for="login_remember">Remember Login Details:</label>
		<input type="checkbox" name="login_remember" />
		<br>
		<button type="submit">Login</button>
		<br>
		<a href="login_password_reset.php">Forgot your Password ? Reset it here!</a>
		<br>
		<a href="register.php">Register here!</a>
	</div>
</form>

</body>
</html>

registration.php (working)

Code:
<?php

/*
ERROR HANDLING
*/
declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

include 'config.php';

//Step 1: Before registering User account, check if User is already registered or not.

//Check if User is already logged-in or not.
if (is_logged() === true) {
	die("You are already logged-in! No need to register again!");
}

if ($_SERVER['REQUEST_METHOD'] == "POST")
{
//Step 2: Check User Submitted Details.
	
	//Check if user made all the required inputs or not.
	if (isset($_POST["username"]) && 
	   isset($_POST["password"]) &&
	   isset($_POST["password_confirmation"]) && 
	   isset($_POST["email"]) && 
	   isset($_POST["email_confirmation"]) && 
	   isset($_POST["first_name"]) && 
	   isset($_POST["surname"]) && 
	   isset($_POST["gender"])) {
		   
//Step  3: Check User details for matches against database. If no matches then validate inputs and register User account.
		   
		//Create variables based on user inputs.
		$username 	= trim($_POST["username"]);
		$password 	= $_POST["password"];
		$password_confirmation = $_POST["password_confirmation"];
		$email 		= trim($_POST["email"]);
        $email_confirmation = trim($_POST["email_confirmation"]);
        $first_name	= trim($_POST["first_name"]);
        $surname 	= trim($_POST["surname"]);
		$gender 	= $_POST["gender"];	
	   	$account_activation_code = sha1( (string) mt_rand(5, 30)); //Type Casted the INT to STRING on the 1st parameter of sha1 as it needs to be a STRING.
		$account_activation_link = "http://www.".$site_domain."/".$social_network_name."/activate_account.php?email=".$_POST['email']."&account_activation_code=".$account_activation_code."";
		$account_activation_status = 0; // 1 = active; 0 = not active.
        $hashed_password = password_hash($password, PASSWORD_DEFAULT); //Encrypt the password.
        
		//Select Username and Email to check against Mysql DB if they are already registered or not.
		$stmt = mysqli_prepare($conn, "SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?");
		mysqli_stmt_bind_param($stmt, 'ss', $username, $email);
		mysqli_stmt_execute($stmt);
		$result = mysqli_stmt_get_result($stmt);		
		$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
        
		// Check if inputted Username is already registered or not.
		if ($row['usernames'] == $username) {
			$_SESSION['error'] = "That username is already registered.";
			exit();
		// Check if inputted Username is between the required 8 to 30 characters long or not.
		} elseif (strlen($username) < 8 || strlen($username) > 30) {
			$_SESSION['error'] = "Username must be between 8 to 30 characters long!";
			exit();
		// Check if both inputted Emails match or not.
		} elseif ($email != $email_confirmation) {
			$_SESSION['error'] = "Emails don't match!";
			exit();
		// Check if inputed Email is valid or not.
		} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
			$_SESSION['error'] = "Invalid email! Insert your real Email in order for us to email you your account activation details.";
			exit();
		// Check if inputted Email is already registered or not.
		} elseif ($row['emails'] == $email) {
			$_SESSION['error'] = "That email is already registered.";
			exit();
		// Check if both inputted Passwords match or not.
		} elseif ($password != $password_confirmation) {
			$_SESSION['error'] = "Passwords don't match.";
			exit();
		// Check if Password is between 8 to 30 characters long or not.
		} elseif (strlen($password) < 8 || strlen($password) > 30) {
			$_SESSION['error'] = "Password must be between 6 to 30 characters long!";
			exit();
		} 
		else 
		{
			//Insert the user's inputs into Mysql database using php's sql injection prevention method "Prepared Statements".
			$stmt = mysqli_prepare($conn, "INSERT INTO users(usernames, passwords, emails, first_names, surnames, genders, accounts_activations_codes, accounts_activations_statuses) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
			mysqli_stmt_bind_param($stmt, 'sssssssi', $username, $hashed_password, $email, $first_name, $surname, $gender, $account_activation_code, $account_activation_status);
			mysqli_stmt_execute($stmt);
			echo "INSERTING";

			//Check if user's registration data was successfully submitted or not.
			if (!$stmt)
			{
				$_SESSION['error'] = "Sorry! Our system is currently experiencing a problem registering your account! You may try registering some other time.";
				exit();
			}
			else 
			{
				//Email the account activation link for user to click it to confirm their email and activate their new account.
				$to = $email;
				$subject = "Your ".$site_name." account activation details!";
				$body  = nl2br("
				===============================\r\n
				".$site_name." \r\n
				===============================\r\n
				From: ".$site_admin_email."\r\n
				To: ".$email."\r\n
				Subject: Yours ".$subject." \r\n
				Message: ".$first_name." ".$surname."\r\n You need to click on this following <a href=".$account_activation_link.">link</a> to activate your account. \r\n");
				$headers = "From: " . $site_admin_email . "\r\n";
			
			    if (!mail($to,$subject,$body,$headers)) 
				{
					$_SESSION['error'] = "Sorry! We have failed to email you your account activation details. Please contact the website administrator!";
					exit();
				}
				else
				{
					echo "<h3 style='text-align:center'>Thank you for your registration!<br /> Check your email for details on how to activate your account which you just registered.</h3>";
					exit();
				}
			}
	    }
	}
}

?>

<!DOCTYPE html>
<html>
	<head>
		<title><?php $social_network_name ?> Signup Page</title>
	</head>
<body>
<div class ="container">

<?php
// Error Messages.
if (isset($_SESSION['error']) && !empty($_SESSION['error'])) {
	echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
}
?>

<?php
//Session Messages.
if (isset($_SESSION['message']) && !empty($_SESSION['message'])) {
	echo '<p style="color:red;">'.$_SESSION['error'].'</p>';
}
?>

<?php
//Clear Registration Session.
function clear_registration_session()
	{
		//Clear the User Form inputs, Session Messages and Session Errors so they can no longer be used.
		unset($_SESSION['message']);
		unset($_SESSION['error']);
		unset($_POST);
		exit();
	}
?>

<form method="post" action="">
	<center><h2>Signup Form</h2></center>
	<div class="form-group">
		<center><label>Username:</label>
		<input type="text" placeholder="Enter a unique Username" name="username" required [A-Za-z0-9] value="<?php if(isset($_POST['username'])) { echo htmlentities($_POST['username']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>Password:</label>
		<input type="password" placeholder="Enter a new Password" name="password" required [A-Za-z0-9]></center>
	</div>
	<div class="form-group">
		<center><label>Repeat Password:</label>
		<input type="password" placeholder="Repeat a new Password" name="password_confirmation" required [A-Za-z0-9]></center>
	</div>
		<div class="form-group">
		<center><label>Email:</label>
		<input type="email" placeholder="Enter your Email" name="email" required [A-Za-z0-9] value="<?php if(isset($_POST['email'])) { echo htmlentities($_POST['email']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>Repeat Email:</label>
		<input type="email" placeholder="Repeat your Email" name="email_confirmation" required [A-Za-z0-9] value="<?php if(isset($_POST['email_confirmation'])) { echo htmlentities($_POST['email_confirmation']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>First Name:</label>
		<input type="text" placeholder="Enter your First Name" name="first_name" required [A-Za-z] value="<?php if(isset($_POST['first_name'])) { echo htmlentities($_POST['first_name']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>Surname:</label>
		<input type="text" placeholder="Enter your Surname" name="surname" required [A-Za-z] value="<?php if(isset($_POST['surname'])) { echo htmlentities($_POST['surname']); }?>"></center>
	</div>
	<div class="form-group">
		<center><label>Gender:</label>
		<input type="radio" name="gender" value="male" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Male<input type="radio" name="gender" value="female" <?php if(isset($_POST['gender'])) { echo 'checked'; }?> required>Female</center>
	</div>
	<center><button type="submit" class="btn btn-default" name="submit">Register!</button></center>
	<center><font color="red" size="3"><b>Already have an account ?</b><br><a href="login.php">Login here!</a></font></center>
</form>
</div>
</body>
</html>
account_activation.php (working)
Code:
<?php

/*
ERROR HANDLING
*/
declare(strict_types=1);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

include 'config.php';

if (!isset($_GET["email"], $_GET["account_activation_code"]) === true)
{
    $_SESSION['error'] = "Invalid Email Address! Invalid Account Activation Link! This email is not registered! Try registering an account if you do not already have one! <a href=\"register.php\">Register here!</a>";
    exit();
} 
else 
{	
	$email = htmlspecialchars($_GET['email']);
	$account_activation_code = htmlspecialchars($_GET['account_activation_code']);

	$stmt_one = mysqli_stmt_init($conn);	
	if (mysqli_stmt_prepare($stmt_one, "SELECT usernames, accounts_activations FROM users WHERE emails = ? AND accounts_activations_codes = ?"))
	{
		mysqli_stmt_bind_param($stmt_one, 'si', $email,  $account_activation_code);
		mysqli_stmt_execute($stmt_one);
		mysqli_stmt_bind_result($stmt_one, $username, $account_activation_state);
		mysqli_stmt_fetch($stmt_one);
		mysqli_stmt_close($stmt_one);
    	
		if ($account_activation_state != 0)
		{	
			echo "Since your account is already activated, why are you trying to activate it again ? Do not do that again and just login from <a href=\"login.php\">this webpage</a> next time! Make a note of that webpage, ok ?";
			exit;
		}
		else
		{
			$account_activation_state = 1;
				
			$stmt_two = mysqli_stmt_init($conn);
			if(mysqli_stmt_prepare($stmt_two, "UPDATE users SET accounts_activations = ? WHERE usernames = ?"))
			{
				mysqli_stmt_bind_param($stmt_two, 'is', $account_activation_state, $username);
				mysqli_stmt_execute($stmt_two);	
				mysqli_stmt_fetch($stmt_two);
				mysqli_stmt_close($stmt_two);
			
				echo "Account Activation State: $account_activation_state";?><br>
				<?php
				echo "Username: $username";			
		
				echo "<h3 style='text-align:center'>Thank you for your confirming your email and activating your account.<br /> You may now try logging into your account.</h3>";
				$_SESSION["user"] = $username;
			}
			else
			{
				echo 'Failure: Something is wrong. Unable to activate your account! Contact Site Admin.';
				echo 'Failure: Mysqli_stmt_prepare($stmt_two)';
				exit;
			}
		}	
	}
	else
	{
		echo 'Failure: This account activation link is invalid or has expired. Try <a href="register.php">registering</a> for an account now.';
		echo 'Failure: Mysqli_stmt_prepare($stmt_one)';
		exit;
	}			
}

?>
logout.php (working)

Code:
<?php
       session_start();
       session_destroy();
       echo "You have successfully logged-out!";
?><br>
<?php
       echo "<a href='login.php'>Re-Login.</a>";
?><br>
 

Mike001

New member
Joined
Apr 27, 2016
Messages
578
Points
0
I have some great example videos on my site, you should check them out.

To ask someone to walk through all that code is quite an undertaking and would require a couple of hours to go through and clean up.
 

Mike001

New member
Joined
Apr 27, 2016
Messages
578
Points
0
I do not use cookies on my home page or any page of my site, I have used them for customer sites at their request but I try to convince them that Sessions are a better fit for them and there customers.

Now what you have asked would not work in a Session as the sessions are destroyed as soon as the user exits the site.

I am quite surprised that you would make an assumption that I could easily go through your code and make changes easily. Obviously to you my time is worth nothing. Just because you have a block of code listed as working does not in anyway mean that the code is working for what you are trying to do.
 

Jud

New member
Joined
Oct 20, 2017
Messages
14
Points
0
Adding feature in front end usually done by html and javascript, html is for face of the page or the user inter face where the user can input his data in an input filled. The work of javascript is waiting or watching if the user is going to click the submit button or just clicking the enter key in keyboard. The javascript serves as the backend of html and has code in it with set of instructions on what should be done with the data inputted by user.
 
Newer threads
Latest threads
Replies
0
Views
29
Replies
0
Views
31
Replies
1
Views
41
Replies
3
Views
106
Recommended threads
Top