Posted by Cliff Smith on 12/16/05 09:14

gerg wrote:
> Cliff Smith wrote:
>
>> gerg wrote:
>>
>>> I'm having a problem with a code I'm writing to display a login form
>>> if there is no cookie data present. Here is my small code: this
>>> code is yielding this error:
>>>
>>> Parse error: parse error, unexpected $ in
>>> /home/thegofo/public_html/includes/login_functions.php on line 30
>>>
>>>
>>> The code is:
>>>
>>> <?
>>>
>>> // show login form
>>>
>>> function showlogin(){
>>>
>>> // if cookie data is empty, or does not match, show the form
>>>
>>> if ( (empty($_COOKIE['remember'])) || ($_COOKIE['remember'] !=
>>> "some_value") ){
>>> ?>
>>> <div align="center">
>>> <img src="../images/login.gif" alt="Please Login">
>>> <br>
>>> <table class="loginform" width="100%">
>>> <tr>
>>> <td>Username </td><td> <input name="user" type="text"
>>> size="10"></td>
>>> </tr>
>>> <tr>
>>> <td>Password </td><td> <input name="pass" type="password"
>>> size="10"></td>
>>> </tr>
>>> <tr> <td><input class="loginbutton" name="submit"
>>> type="submit" value="Go!"></td><td></td>
>>> </tr>
>>> </table>
>>> </div>
>>> <? }
>>>
>>> showlogin();
>>>
>>> ?>
>>>
>>> Thanks for any help.
>>
>>
>> Yep, a few things...
>>
>> The parsing is due to not closing off the { brackets.
>> Change line 26 to
>> <? }}
>>
>> Secondly, you will need to add a form to submit this data.
>>
>> Thirdly, NEVER use cookies to check whether someone has logged in, as
>> these are client-side, and easily forged.... try $_SESSION values for
>> this purpose. Cookies should only be used for things that don't
>> matter, like user preferences and the like.
>>
>> Happy Hunting!
>
>
> Hello Cliff,
>
> Thanks for your reply. I totally missed the last bracket. Great eye!
> As far as cookies are concerned, I usually use sessions. The site I'm
> building is a family site that we can go to upload pictures, post news
> and events etc... and I wanted to give them the option to not have to
> log in every time the come back to the site. (some users are not so
> computer savy). Would there be a more secure way of doing this? Thanks
> again Cliff.
>
> Greg

Not really sure on which way to go on this....
IP checking through php would be good, but would require all users to be
on your lan or to have static IPs.
User certificates are the easiest for users but would require some
apache tweaking, not so easy if you are not running your own server.
Otherwise, just encourage users to use the 'autofill' function in their
browsers. Far from secure, but means that someone would have to have
already logged in from the same browser. ie. tell users not to use the
site from internet cafes! Worst case scenario, restore from backups!

Cheers.

• Next in forum: Re: can anyone see a problem?
• Prev in forum: Re: can anyone see a problem?
• Thread view: Re: can anyone see a problem?

[Reply to this message]