I am having a bit of trouble. i am working on a small cms. When i login everything is fine. but if i sit there the session seems to require me to login again after 3 minutes maybe. so I tried to implement a remember me feature. and have no luck with it either. it also still require me to login.
in my functions I have the following code snip.
function logged_in(){
if(isset($_SESSION['email']) || isset($_COOKIE['email'])){
return true;
} else {
return false;
}
}
Then i created another function that if the page requires login and your not logged in. it will redirect.
function require_loggin(){
if (logged_in()) {} else {
redirect(ROOT_URI);
}
}
now on all the pages that require loggin i have this in the header of the page.
<?php require_loggin(); ?>
and this is my post data for the login page.
$email = clean($_POST['email']);
$password = clean($_POST['password']);
$remember = isset($_POST['remember']);
and finally my login.
function login_user($email, $password, $remember){
$active = 1;
$connection = dbconnect();
$stmt = $connection->prepare('SELECT user_pwd, user_email, uid, username FROM users WHERE user_email = ? AND active= ?');
$stmt->bind_param('ss', $email, $active);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 1) {
$row = $result->fetch_array();
$db_password = $row['user_pwd'];
if (password_verify($password, $db_password)) {
if($remember == "on") {
setcookie('email', $email, time() + 86400);
}
$_SESSION['uid'] = $row['uid'];
$_SESSION['email'] = $row['user_email'];
$_SESSION['username'] = $row['username'];
return true;
} else {
return false;
}
return true;
} else {
return false;
}
}
everything works with no error. login and logout are fine..
The issue is that once they login the default session dies in about a 4 minutes if they are not clicking links. and the remember me function wont work.. I read some where that a default session should last about 30 minutes. but the session requires login after 4 minutes of not moving through the site.
Someone mentioned to me about Garbage Collection but I have to admit I am totally lost on it.
I am still fairly new to php and I want to learn the correct way not the incorrect way. my project works great i just cannot keep a user logged in or get the remember me to function.
I recommend creating an application config file.. call it config.php
and include it at the top of your pages. As simple as your application appears I'm assuming your not using an auto loader. Include the following snippit in it:
<?php
/**
* File: config.php
* This file should be included in every php script to configure the session. Like this:
* require_once('config.php');
*/
/*
* This is 30 minutes. The length only depends on the requirements of
* your application.
*/
$sessionLength = 30 * 60;
ini_set(’session.gc_maxlifetime’, $sessionLength);
ini_set(‘session.gc_maxlifetime’,30);
session_set_cookie_params($sessionLength , "/", "yourdomain.com")
session_name('PHPSESSION');
session_start();
//This will force the cookie to reset with a new timeout on every page load.
setcookie( session_name(), session_id(), time() + $sessionLength );
?>
Based on the latest edit of your question (9), and the codebin as it stands right now (please stop editing the question and code - create a new question if it changes that much!)
Your call to login_user($email, $password)
does not pass the $remember
variable as expected in the declaration
function login_user($email, $password, $remember)
So it'll never set the cookie.
Tips:
echo $remember . "<br>";
or echo "I'm Here<br>;
or echo "I'm at " . __FILE__ . "/" . __LINE__ . "<br>";
or similar in your code at various points so you know where it's tracking. You'll see that it never gets to the "setcookie" lineerror_reporting(E_ALL);
and ini_set('display_errors', 'on');
as this will reveal your problemsession_start()
sessions and do it all yourself) but that then leads to suggestions you should use a library if you're not 100% sure of your logic and security - and given the base64_decode issue that's true. Hopefully your verify_password
is not self-written but something commmercial? Perfect for learning but have someone check over the code before launching if you want it to go live.Good luck
(And please, don't change the question again! No one will want to help you.)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With