I was recently browsing the web looking for an easily reproducible php remember me code snippet.
By this I meant I wanted to be able to auto fill the text input on my login form if a user had checked a remember me checkbox. I was already using cookies to keep a user logged in, but wanted to add this feature to improve usability.
This is a common feature on the web and I was surprised by the lack of tutorials detailing how it was done. As such, I decided to write my own snippet, and put it out there for others to use. So here goes.
The original script
The form
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> Username: <input type="text" name="username" maxlength="40"> Password: <input type="password" name="pass" maxlength="50"> <input type="submit" name="submit" value="Log in"> </form>
An extremely simple login form with fields for a username, a password and of course a submit button. I should also mention at this point that for the sake of simplicity for this tutorial, I am using “PHP_SELF” (forms action code is contained within the same file) I would recommend keeping all of your scripts in separate files for actual development.
The php
For security reasons, and so that I don’t give away all of my secrets, I wont be sharing the entire login script here. If you are still reading this tutorial I assume you have a working knowledge of php and indeed, a login script that you are trying to improve upon, so this shouldn’t be a problem.
Once I have connected to my database and carried out all of my validation checks I proceed to log in a verified user using the following code:
$hour = time() + 3600; setcookie('ID_my_site', $_POST['username'], $hour); //then redirect them to the members area header("Location:example-page.php");
Above I simply set two cookies lasting one hour each, one for username, and one for password, and redirect them to the members area.
Adding the remember me functionality
The form
Firstly, we need to actually provide our form with a remember me checkbox. Adding this makes our form look like this:
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> Username: <input type="text" name="username" maxlength="40"> Password: <input type="password" name="pass" maxlength="50"> <input type="checkbox" name="remember" value="1">Remember Me <input type="submit" name="submit" value="Log in"> </form>
The php
Now we need to make this checkbox do something. Namely, when checked, remember the users username and place it in the username field on each of their corresponding visits to the login page. To do so, I decided to use cookies. I couldn’t use the “ID_my_site” username cookie that I set above, as this was being killed each time the user logged out. The solution was to create an additional cookie named “remember” which also stored the username, like so:
$year = time() + 31536000; setcookie('remember_me', $_POST['username'], $year);
Above we have added this additional cookie, lasting for a year, so that when a user logs in it creates an additional cookie that holds the users username. However, at the moment, it is not being used. Changing:
<input type="text" name="username" maxlength="40">
to:
<input type="text" name="username" maxlength="40" value="<?php echo $_COOKIE['remember_me']; ?>">
in our login form will now store this username into the text field for future visits:
We are not finished yet though. Currently, the code is storing this information for every user. We want it to remember only those users who specifically request this functionality. To do this, we run a simple check before we create the additional cookie. This check looks to see if the remember me checkbox has been checked, and only creates our new cookie if it has. Like so:
if($_POST['remember']) { setcookie('remember_me', $_POST['username'], $year); } elseif(!$_POST['remember']) { if(isset($_COOKIE['remember_me'])) { $past = time() - 100; setcookie(remember_me, gone, $past); } }
The above code also handles the scenario where a cookie is present, but the user has identified that they no longer want to be remembered, by seting any existing cookies to a time in the past, essentially killing them.
Further improvements
The above code does indeed achieve the main aim of this tutorial, to remember a users username in a log in form when they request it. However, to improve usability further, I wanted the checkbox to be automatically checked when a user has requested to be remembered, and unchecked when they haven’t. Adding this into our form gives us our final form code:
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> Username: <input type="text" name="username" maxlength="40" value="<?php echo $_COOKIE['remember_me']; ?>"> Password: <input type="password" name="pass" maxlength="50"> <input type="checkbox" name="remember" <?php if(isset($_COOKIE['remember_me'])) { echo 'checked="checked"'; } else { echo ''; } ?> >Remember Me <input type="submit" name="submit" value="Log in"> </form>
Hope this helps someone out!
7:11 am
6:23 am
5:55 am
12:54 pm
12:50 pm
8:56 am
12:06 pm
3:53 pm
7:22 am
11:57 am
12:19 am
7:15 am
8:38 am
4:43 pm
7:34 am
6:43 pm
2:40 am
6:39 am
1:03 pm
8:17 pm
5:59 am
9:43 am
11:56 am
8:21 pm
1:11 pm
9:46 am
10:51 am
5:29 am
5:48 am
6:52 am
6:10 am
12:25 pm
6:12 am
3:50 pm
9:39 pm
7:09 am
7:09 am
8:10 am
2:55 am
9:12 am
6:33 am
7:36 am
6:31 am
6:08 pm
9:39 pm
6:01 pm
4:10 am
10:43 am
2:23 am