How to implement the function? I know that I need to keep the session in the cookies, but I do not know which ones? Or tell me some article with a simple example (I searched but found nothing good on the Internet).

index.html

<div align="center"> <form name="form" action="home.php" method="post" class="form"> <label>Логин</label> <br> <input class="inputlp" type="text" name="login" value="admin" > <br><br> <label>Пароль</label> <br> <input class="inputlp" type="password" name="pass" value="123456" > <br> <input type="submit" id="submit" class="input_button-" value="Войти"> </form> </div>

home.php

  session_start(); $login = trim($_POST['login']); $pass = trim($_POST['pass']); require_once ("./config/admin_config.php"); if(isset($login) && isset($pass)){ $res = profile($login,$pass); if($res == 1){ $_SESSION['register'] = $login; $register = $_SESSION['register']; } } ?> <?php if($_SESSION['register']){ require_once ("./html/home_page.php"); } else { include("./error/error.php"); }

Check function in the database login and password:

 function profile($login,$pass) { $sql = mysql_query("SELECT * FROM `admin_profile` WHERE `login`='$login' AND `pass`=md5('$pass')"); $res = mysql_num_rows($sql); return $res; }

    1 answer 1

    not tested, but in principle should work. add the token field to the admin_profile table

     session_start(); $login = trim($_POST['login']); $pass = trim($_POST['pass']); require_once ("./config/admin_config.php"); function auth() { if (isset($_COOKIE['session'])) { $session = json_decode(base64_decode($_COOKIE['session']), true); if (array_key_exists('user_id', $session) && array_key_exists('token', $session)) { $sql = mysql_query("SELECT * FROM `admin_profile` WHERE `id` = '" . $session['id'] . "' AND `token` = '" . $session['token'] . "'"); if (mysql_fetch_assoc($sql)) return true; return false; } } else if (isset($_SESSION['register'])) return true; return false; } function profile($login, $pass) { $sql = mysql_query("SELECT * FROM `admin_profile` WHERE `login`='$login' AND `pass`=md5('$pass')"); $res = mysql_fetch_assoc($sql); return $res; } if (isset($login) && isset($pass)) { $res = profile($login, $pass); if ($res) { if (isset($_POST['remember']) == 1) { $session = array( 'user_id' => $res['id'], 'token' => md5(uniqid(null, true)), ); mysql_query("UPDATE `admin_profile` SET `token` = '" . $session['token'] . "' WHERE `id` = '" . $session['user_id'] . "'"); setcookie('session', base64_encode(json_encode($session)), 31536000 + time(), '/'); } else { $_SESSION['register'] = $login; } } } if (auth() == true) { require_once ("./html/home_page.php"); } else { include ("./error/error.php"); }

    the form

     <div align="center"> <form name="form" action="home.php" method="post" class="form"> <label>Логин</label> <br> <input class="inputlp" type="text" name="login" value="admin" > <br><br> <label>Пароль</label> <br> <input class="inputlp" type="password" name="pass" value="123456" > <br> <input type="checkbox" name="remember" value="1" checked> Запомнить меня <br> <input type="submit" id="submit" class="input_button-" value="Войти"> </form> </div>
    • Is it possible to somehow make it easier not to create an additional token field in the database, or is it necessary (or can this field make the input more secure)? - Petrovich
    • Store the login and password in the session and do not need the token field, but I would not do that. Not safe - ArchDemon
    • @Petrovich can login and password (in MD5) stored in cookies. but it is not safe. - Solo_777
    • @ Solo_777 This code for some reason does not work, I could not figure out why. - Petrovich