Are These Persistent Cookie Ideas Safe And Interesting ?

sunny_pro

New member
Joined
Jun 18, 2017
Messages
86
Points
0
Php Masters!

Every php persistent cookie tutorial I come across always save the user's password onto the user's hdd. To make things worst. Save it on the hdd without encrypting it.
Now, I thought it would be best if the cookie got named under the user's computer mach address and the mach address got saved in the db.
Then, when the user loads the login page, the cookie can check it's cookie name against the db and if there is a match then auto log the user into his/her account.
But, now I read, it is not possible to acquire the user's mach address unless uservon same lan of my webserver.

Q1a. So, what else can act as a substitute for the mach address ? What else can php grab from the user's computer which it can use as a reference against the Username to identify that it is the same user ?
IPs change. No good using that.

Q1b. How-about the user's computer name ? Can it grab that from the user's computer so it can use that as the mach substitute or use that as the cookie name ?

Q1c. Or maybe I just get the script to name the cookie in this format:

username-ip

And make that cookie available as long as the user has not got his/her ip changed.
That way, when the user loads the login page whilst the ip hasn't changed, the cookie can check it's cookie name (username-ip) against the db and if there is a match then auto log the user into his/her account. What do you think ?
Can you guys show me how to do this by editing my code ?
I have been googling all night and reading whatever I find on the subject. But, I am still stuck and need to see some code samples to clear the confusion.

PHP:
    <?php
    session_start();
    if(!empty($_POST["login"])) {
	    $conn = mysqli_connect("localhost", "root", "", "blog_samples");
	    $sql = "Select * from members where member_name = '" . 
    $_POST["member_name"] . "' and member_password = '" . 
    md5($_POST["member_password"]) . "'";
	    $result = mysqli_query($conn,$sql);
	    $user = mysqli_fetch_array($result);
	    if($user) {
			    $_SESSION["member_id"]		   = $user["member_id"];
			
			    if(!empty($_POST["remember"])) {
				    setcookie ("member_login",$_POST["member_name"],time()+ (10 
    * 365 * 24 * 60 * 60));
				    setcookie 
    ("member_password",$_POST["member_password"],time()+ (10 * 365 * 24 * 60 * 60));
			    } else {
				    if(isset($_COOKIE["member_login"])) {
					    setcookie ("member_login","");
				    }
				    if(isset($_COOKIE["member_password"])) {
					    setcookie ("member_password","");
				    }
			    }
	    } else {
		    $message = "Invalid Login";
	    }
    }
    ?>	
    <style>
	#frmLogin {
		padding: 20px 60px;
		background: #B6E0FF;
		color: #555;
		display: inline-block;		
		border-radius: 4px;
	}
	.field-group {
		margin-top:15px;
	}
	.input-field {
		padding: 8px;
		width: 200px;
		border: #A3C3E7 1px solid;
		border-radius: 4px;
	}
	.form-submit-button {
		background: #65C370;
		border: 0;
		padding: 8px 20px;
		border-radius: 4px;
		color: #FFF;
		text-transform: uppercase;
	}
	.member-dashboard {
		padding: 40px;
		background: #D2EDD5;
		color: #555;
		border-radius: 4px;
		display: inline-block;
	}
	.member-dashboard a {
		color: #09F;
		text-decoration:none;
	}
	.error-message {
		text-align:center;
		color:#FF0000;
	}
</style>

    <?php if(empty($_SESSION["member_id"])) { ?>
    <form action="" method="post" id="frmLogin">
	<div class="error-message"><?php if(isset($message)) { echo $message; } ?>
    </div>	
	    <div class="field-group">
		    <div><label for="login">Username</label></div>
		    <div><input name="member_name" type="text" value="<?php 
    if(isset($_COOKIE["member_login"])) { echo $_COOKIE["member_login"]; } ?>" 
    class="input-field">
	    </div>
	    <div class="field-group">
		    <div><label for="password">Password</label></div>
		    <div><input name="member_password" type="password" value="<?php 
    if(isset($_COOKIE["member_password"])) { echo $_COOKIE["member_password"]; } 
    ?>" class="input-field"> 
	    </div>
	    <div class="field-group">
		    <div><input type="checkbox" name="remember" id="remember" <?php 
    if(isset($_COOKIE["member_login"])) { ?> checked <?php } ?> />
		    <label for="remember-me">Remember me</label>
	    </div>
	    <div class="field-group">
		    <div><input type="submit" name="login" value="Login" class="form-
    submit-button"></span></div>
	    </div>       
    </form>
    <?php } else { ?>
    <div class="member-dashboard">You have Successfully logged in!. <a 
    href="logout.php">Logout</a></div>
    <?php } ?>
Q1d. What do you think about this unique idea ? Let me know if the idea is flawed or not.
During registration, the system would ask the user to upload any img.
During persistent cookie checking (meaning, when the user has loaded the login.php or home.php), the user would be shown a list of imgs to select. If he/she selects the right one they uploaded during registration then the system (cookie) would auto log them in.
Alternatively, the user can be shown a question and a few answer options in a checkbox or dynamic drop down ui that list the correct answer aswell as the incorrect answers. If the user selects the correct answer from the answering options then the user is auto logged in. Clicking the mouse is simpler than typing the username & password. And so, this little id check won't bother the user that much. Would it bother you, as a user ?

Alternatively, the user can be shown a list of imgs where an img can be of his/her family member (eg, brother, uncle) and a question that asks "what is this person top you ?" and show a few answer options in a checkbox such as:
1. Brother;
2. Uncle;
3. Friend;

etc. If the user selects the right answer then he/she is auto logged in. Else not.
If you like any of the ideas mentioned in Q1d, then how-about editing my code and showing us newbies a sample code on how to achieve the one you liked ?

Thanks!
 

Jud

New member
Joined
Oct 20, 2017
Messages
14
Points
0
Usually if web pages is going to save your cookies that page should have an option either you agree to save your cookie or not. If it's no then I think it violates your right and freedom of choice that your personal data should be safe.
 
Older threads
Replies
0
Views
1,300
Replies
2
Views
1,384
Newer threads
Latest threads
Replies
2
Views
686
Replies
0
Views
650
Replies
4
Views
1,769
Replies
2
Views
770

Latest postsNew threads

Referral contests

Referral link for :

Sponsors

Popular tags

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top