Welcome Guest, Not a member yet? Register   Sign In
Remember me?
#1

[eluser]whygod[/eluser]
Anyone would like to take time to teach me how Remember-me,
is done in CodeIgniter?

Any sample or tutorial?
Or at least explain to me the basic idea on how to implement this.

Thanks in advanced.


#2

[eluser]Unknown[/eluser]
do you use any auth library? if not, here is my basic idea how to do this:
(i wrote my own auth library)

when the tick is set at "remember me" the login script generates 3 keys, which i insert into a table (remember_keys is my name) along with the user id.
Here is the table example:
(ID) = 1
(USER_ID) = 52
(KEY1) = sdhg6ajhfd7f6asojghougds...
(KEY2) = dudf73267tfsagfhdgf62gfs...
(KEY3) = ff77whguhgufszgoudsf8hjf...

(the keys are random)
Now, after inserting, i save 3 cookies on the users browser: key1 and key2 and key3

Everytime the user loads the page, my auth library checks first, if the user is logged in, when not: look for the three cookies, if they are present and have the right lenght (security reason) it will look in the table. Now, if the row exists ans all keys are the right ones, it will fetch the user id and log him in. Thats all. greetings
#3

[eluser]tommyadey[/eluser]
MY own way of dealing with cookies.

Check if the remember me check box is checked.
Generate a random string eg
Code:
$random_string = random_string('numeric', whatever length e.g 19);
Get the user_id.
Make a token string
Code:
$cookie_token = $random_string . $user_id;
Log the user_id and the cookie token in the database
the database table should have these fields
Code:
user_id int(11)|cookie_token Varchar(30)|cookie_created|cookie_expire|user_agent|ip_address|is_deleted
If model returns true, or if you log it from the controller, if this db insert etc
Code:
$this->input->set_cookie('cooken', $cookie_token, 86400 * 180//chose how long, '.mywebsite.com');

Then make a standard library, then make a function called cookie_login.
You can get $cookie_token like this in the library;
Code:
$cookie_token = $this->CI->input->cookie('cooken');
Do checks on the $cookie_token e.g not empty, isset and ctype_nu, etc
Make a function in model is_cookie_valid($cookie_token) passing cookie token
Model function should look like this;
Code:
public function is_cookie_valid($cookie_token)
    {
        $user_id = substr($cookie_token, 19);
        $query = $this->db->where('user_id', $user_id)->where('cookie_token', $cookie_token)->where('is_deleted', 0)->get('cookie_control');
        return ($query->num_rows() === 1) ? $user_id : false;
    }
if cooke token has been found, then you return the user_id.
Now back to the cookie_login function,
You can now use the user id to get your user's data, set session as active and so on.
Remember to put
Code:
$this->standard_library(Your library name)->cookie_login();
in a constructor func at the top of the required controllers e.g. login,signup ,home e.t.c . Depends how large your site is.
When the user log's out, you need to destroy the cookie and also set is_deleted in cookie_control as 1.
Code:
delete_cookie('cooken');
That's basically how i do it for now, pretty basic uh. i've seen people set cookie's using the user's email and password. Mine's not the safest and not the worst. It's preety good considering how basic it is though so i guess it should be ok for you, at least for now.
#4

[eluser]whygod[/eluser]
@tommyadey
Thanks for your effort,

But, I really don't understand why we need a database for remember_me with cookie?
Isn't a cookie will store a small piece of information?
Any simple sample without needing the database.

#5

[eluser]tommyadey[/eluser]
Remember me feature is meant for logging a user in automatically even when the session isn't active. It doesn't get easier than that, that is, if you care for security.
You could leave the database out,yes, but you still have to do most of the thing's i mentioned eg the cookie login function.
Oh and it depends on how big your project is,you can easily write the cookie login function on top of the controller you want it in and you only need the database if you need to keep track of the cookies being set. A user can log in on many computers, so you might want to let them know what computer they are still active on and if they want to delete/log out some. Just like how facebook does it.
#6

[eluser]cartalot[/eluser]
normally websites have to remember something unique to the actual person -- like you go to amazon, and it remembers what you put in your shopping cart 2 weeks ago. the only practical way to do that is with a database. the cookie does not store the cart contents, it just stores an id number.

but you could have a case that is more generic. like lets say you have a website with 5 lessons, and you want the user to know which lesson they have completed. you could write a cookie value like LessonOne = completed

then when the user comes back to the website, you do something like IF cookie value LessonOne = completed
skip to Lesson Two. for that you do not need a database.




Theme © iAndrew 2016 - Forum software by © MyBB