the graphic design blog that speaks the truth

I was recently browsing the web looking for an easily reproducible php remember me code snippet.

By this I meant I wanted to be able to auto fill the text input on my login form if a user had checked a remember me checkbox. I was already using cookies to keep a user logged in, but wanted to add this feature to improve usability.

This is a common feature on the web and I was surprised by the lack of tutorials detailing how it was done. As such, I decided to write my own snippet, and put it out there for others to use. So here goes.

The original script

The form

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
Username:
<input type="text" name="username" maxlength="40">
Password:
<input type="password" name="pass" maxlength="50">
<input type="submit" name="submit" value="Log in">
</form>

An extremely simple login form with fields for a username, a password and of course a submit button. I should also mention at this point that for the sake of simplicity for this tutorial, I am using “PHP_SELF” (forms action code is contained within the same file) I would recommend keeping all of your scripts in separate files for actual development.

The php

For security reasons, and so that I don’t give away all of my secrets, I wont be sharing the entire login script here. If you are still reading this tutorial I assume you have a working knowledge of php and indeed, a login script that you are trying to improve upon, so this shouldn’t be a problem.

Once I have connected to my database and carried out all of my validation checks I proceed to log in a verified user using the following code:

$hour = time() + 3600;
setcookie('ID_my_site', $_POST['username'], $hour);

//then redirect them to the members area
header("Location:example-page.php");

Above I simply set two cookies lasting one hour each, one for username, and one for password, and redirect them to the members area.

Adding the remember me functionality

The form

Firstly, we need to actually provide our form with a remember me checkbox. Adding this makes our form look like this:

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
Username:
<input type="text" name="username" maxlength="40">
Password:
<input type="password" name="pass" maxlength="50">
<input type="checkbox" name="remember" value="1">Remember Me
<input type="submit" name="submit" value="Log in">
</form>

The php

Now we need to make this checkbox do something. Namely, when checked, remember the users username and place it in the username field on each of their corresponding visits to the login page. To do so, I decided to use cookies. I couldn’t use the “ID_my_site” username cookie that I set above, as this was being killed each time the user logged out. The solution was to create an additional cookie named “remember” which also stored the username, like so:

$year = time() + 31536000;
setcookie('remember_me', $_POST['username'], $year);

Above we have added this additional cookie, lasting for a year, so that when a user logs in it creates an additional cookie that holds the users username. However, at the moment, it is not being used. Changing:

<input type="text" name="username" maxlength="40">

to:

<input type="text" name="username" maxlength="40" value="<?php
echo $_COOKIE['remember_me']; ?>">

in our login form will now store this username into the text field for future visits:

We are not finished yet though. Currently, the code is storing this information for every user. We want it to remember only those users who specifically request this functionality. To do this, we run a simple check before we create the additional cookie. This check looks to see if the remember me checkbox has been checked, and only creates our new cookie if it has. Like so:

if($_POST['remember']) {
setcookie('remember_me', $_POST['username'], $year);
}
elseif(!$_POST['remember']) {
	if(isset($_COOKIE['remember_me'])) {
		$past = time() - 100;
		setcookie(remember_me, gone, $past);
	}
}

The above code also handles the scenario where a cookie is present, but the user has identified that they no longer want to be remembered, by seting any existing cookies to a time in the past, essentially killing them.

Further improvements

The above code does indeed achieve the main aim of this tutorial, to remember a users username in a log in form when they request it. However, to improve usability further, I wanted the checkbox to be automatically checked when a user has requested to be remembered, and unchecked when they haven’t. Adding this into our form gives us our final form code:

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
Username:
<input type="text" name="username" maxlength="40" value="<?php
echo $_COOKIE['remember_me']; ?>">
Password:
<input type="password" name="pass" maxlength="50">
<input type="checkbox" name="remember" <?php if(isset($_COOKIE['remember_me'])) {
		echo 'checked="checked"';
	}
	else {
		echo '';
	}
	?> >Remember Me
<input type="submit" name="submit" value="Log in">
</form>

Hope this helps someone out!

ABOUT THE AUTHOR

SHARE THIS ARTICLE

  1. 15/12/12
    7:11 am
    This is very useful post.
  2. 07/03/13
    6:23 am
    Gud one... & is very helpful..! Thanks Danie.. :)
  3. 17/03/13
    5:55 am
    Adi
    Thanks Daniel ! This was really helpful.
  4. 20/03/13
    12:54 pm
    cvr
    thanx a lot............it's really helpful.............
  5. 21/03/13
    12:50 pm
    No i know. Thank you for sharing this.
  6. 19/04/13
    8:56 am
    ix
    Your solution seems to be evil. What if i know your login name, and i just set this cookie in my browser?
  7. 23/04/13
    12:06 pm
    This script is nothing to do with including passwords, so not evil at all. I see your point though :)
  8. 05/05/13
    3:53 pm
    Exactly what i was looking for! Thanks a lot for sharing Daniel.
  9. 20/05/13
    7:22 am
    helpful............after long searching finally got good one.......thanks man.
  10. 04/06/13
    11:57 am
    precise and simple..thanks a lot
  11. 12/06/13
    12:19 am
    With litle modification i use it to remember both username n password in my login form. NICE tutorials. Keep up a good work.
  12. 16/06/13
    7:15 am
    That is a really helpful code. Thank you sir for ur help. I appreciate it.
  13. 16/06/13
    8:38 am
    Dev
    Nice........
  14. 17/06/13
    4:43 pm
    Super informative. Just what I was looking for.
  15. 08/07/13
    7:34 am
    Exactly what i was looking for! thanks
  16. 02/09/13
    6:43 pm
    thanks
  17. 23/09/13
    2:40 am
    rus
    thanks, that solve my problem :)
  18. 27/09/13
    6:39 am
    this is very helpful answer.... i got it....
  19. 27/09/13
    1:03 pm
    helpful and nicely structured tutorial !!
  20. 06/10/13
    8:17 pm
    Nice tut!! all though changing form action to: action='".htmlspecialchars($_SERVER['PHP_SELF'])."' could be a good idea for some extra security :)
  21. 07/10/13
    5:59 am
    very helpful it is..
  22. 07/10/13
    9:43 am
    Not a bad suggestion Kiwo but I wouldn't actually recommend using $_SERVER['PHP_SELF'] as the action in any means.
  23. 24/10/13
    11:56 am
    thank u.........
  24. 28/10/13
    8:21 pm
    Nice tricks
  25. 08/11/13
    1:11 pm
    thanks sir this is really useful for me
  26. 30/11/13
    9:46 am
    Thanks, this is what I need for my site...
  27. 30/01/14
    10:51 am
    thank you it was exactly what i was really need
  28. 17/02/14
    5:29 am
    nicely structured tutorial.very helpful .Thank you
  29. 27/02/14
    5:48 am
    Very Nice Tutorial
  30. 16/04/14
    6:52 am
    Excellent... Great Job!! Super like :)
  31. 05/05/14
    6:10 am
    Hi Daniel, You are very right, the whole internet lacks such a simple tutorial and you just made it. BTW I didn't use 'ID_my_site' cookie and it still works great. Thanks a lot.
  32. 28/05/14
    12:25 pm
    thankx bro you done a great job
  33. 23/06/14
    6:12 am
    Thanks so much! This was really helpful!
Voice Your Opinion

Thanks for your comment, it will appear here once it has been moderated.