First we need to have a login page where to put the "remember me" check box to have an identifier whether the user wants to be remembered or not.
Second, we need to set the users table to store the remember me token which we will use to identify as to which user should be logged in.
Please take note that I used token which is another field rather than using the actual user id coz having a token that changes every time is much secure than having just a static id.
I will discuss below on how you can make it much secure.
Okay, once you have the above in placed, we are now ready to do the coding.
You need to capture those users that agrees to be remembered then call this function below. For the benefit of this post, I set the cookie to expire in 14 days.
<?php
if (!mysql_connect('localhost', 'mysql_user', 'mysql_password')) die("can't connect to db: ".mysql_error());
if (!mysql_select_db('database_name')) die("can't select db: ".mysql_error);
$user_id = '<your login user id>';
// call this function to set cookie and expiry time
set_remember($user_id);
// set cookie and expiry time
function set_remember($user_id=0) {
$token = md5($user_id."-".date('YmdGis'));
$expire = time() + (14 * 86400); // 14 days
setcookie("remember_me_token", $token, $expire);
$expire = date('Y-m-d', $expire);
$return = update_user_token($user_id, $token, $expire);
}
// update users table for token and expiry time
function update_user_token($user_id=0, $token='', $expire='') {
$sql = "UPDATE user_table SET token='$token)', expire='$expire' ".
"WHERE user_id='$user_id'";
$query = mysql_query($sql);
return 1;
}
?>
$user_id is the id of the user who successfully logged in to your site. This will be used to generate a random token which we will set in our cookie and update the users table as well.
We will use the function of the PHP to set the cookie.
setcookie("your_cookie_variable", "your_cookie_value", "expiration_of_cookie");
Please take note that you have to make sure that the user be able to login with the right credential before you call the function "set_remember($user_id)".
After calling function, you can get the cookie value by calling $_COOKIE["your_cookie_variable"]; and in our example above, you can call it by this syntax $_COOKIE['remember_me_token'];
I just want to remind you that COOKIE is not like a SESSION that starts when the pages loaded, the COOKIE will store value in your computer, so you need to come up with a COMPLEX name to prevent hackers from hacking your site.
Okay, moving on, since we set our cookie to expire in 14 days, then we have to make the user to be remembered every time they login and extend the expiration accordingly.
To do that, we need to get the token value from the cookie, get the user_id from our database, then call again the function set_remember($user_id);. If there's no cookie available, then redirect the user to login page.
Please see below for the sample implementation.
<?php
if (!mysql_connect('localhost', 'mysql_user', 'mysql_password')) die("can't connect to db: ".mysql_error());
if (!mysql_select_db('database_name')) die("can't select db: ".mysql_error);
$cookie = get_cookie('remember_me_token');
if ($cookie) $user_id = get_user_id_by_cookie($cookie);
// go to login page if no value for user_id
if (!$user_id) header("http://mywebsite/user/login");
// function to get the user id from the cookie
function get_user_id_by_cookie($cookie='') {
$sql = "SELECT user_id FROM user_table WHERE token='$cookie'";
$query = mysql_query($sql);
return mysql_result($query, 0, 0);
}
// call this function to renew token then set a new new expiry datetime
set_remember($user_id);
// set cookie and expiry time
function set_remember($user_id=0) {
$token = md5($user_id."-".date('YmdGis'));
$expire = time() + (14 * 86400); // 14 days
setcookie("remember_me_token", $token, $expire);
$expire = date('Y-m-d', $expire);
$return = update_user_token($user_id, $token, $expire);
}
// update users table for token and expiry time
function update_user_token($user_id=0, $token='', $expire='') {
$sql = "UPDATE user_table SET token='$token)', expire='$expire' ".
"WHERE user_id='$user_id'";
$query = mysql_query($sql);
return 1;
}
?>
Hope this post helps a lot!! Thanks!!