Posted by floortje on 10/31/07 19:53

Op 2007-10-30 14:21:56 +0100, zei Chris Gorospe <chris@ekast.com>:

> You would use something along the lines of:
>
>
> if($_POST['remember'])
> {
> set_cookie("username", $username, time()+3600, "/", "yourwebsite.com");
> }
>
> Obviously you'd want this done after all login credentials have been checked.

I would have lotsa fun with this feature if I wasn't a nice guy. Even
some standard browsers let you manipulate cookies. You should also
store a string to check the validity of the cookie and the last know ip
adress.

Example
$supersercret='mysectret';
$md5hash=md5($_SERVER[''REMOTE_ADDR].$username.$supersecret);
add this value to the cookie.

on every page check if the md5hash of the username, ip and supersecret
match the hd5hash in the cookie

Floortje

[Back to original message]