My login page is a simple form: username and password.
If a user is not logged in and tries to visit an admin page, then he/she is automatically directed to the login page first.
But, I don't like that anymore. I would like to create a checkbox that says "Keep me logged in!" on the login page for convenience. This way the user is only logged out when they go through the logout process.
But, what is the programming logic to set this up? A cookie that is stored on the device?
If that's the case, would I have to add some type of script to EVERY admin php page to get this to work then?
I've searched around, but couldn't find any straight answers. What do you think?
Set a cookie after login success and set it for example for 1 week.
At the header of the admin panel, you will need to add code for cookie validation. If the cookie is valid and the cookie's value it's the same as it stored into the database, then
you should allow access. If not, then you will redirect the user to login page.
Then on every page you need to check to see if the cookie exists, if it does (do your checks) and show them the page.
On my login page now, when a user logins, multiple session variables are created for: user_id, default_location, default_provider. This information is used to auto complete forms and for queries on certain php pages.
If I use the cookies for the remember me, then once the user selects "Remember Me" and logs into the CMS, would I have to set cookies for each of the session variables? Then, I'm guessing, on each page when checking for the remember me cookie, I'd have to assign the other cookies saved for the user to the session variables I'd need.
So, to get this to work, I'd have to save multiple cookies to match each session variable that is created normally at login.
Is that the proper method? Hope I conveyed this clearly.
You should be writing your code OOP with classes and functions. In your code you can have functions like get_userid() or get_default_location(), etc. Then those functions can do what ever you want. So if all of your code is written using those functions, and you decide you want to change how that function works (ex. go from sessions to cookies) it will not be a pain in the butt to have to go through all of your pages to switch sessions to cookies.
If you are building a large enough CMS, I would hope you are using classes. It makes your code a lot more organized and allows changes to be made way easier. If you do not have classes, I would strongly suggest you look into them.
Thanks for the insight. I have not used classes yet. I will take your advice and research it. I'll eventually redo my CMS since I've learned so much since I started it. And using classes seems like the best approach.