i'm making a login form right now that has the option to remember the visitors details using cookies, now the problem is i have no clue how to get the data from the checkbox to see if its checked or not, how to do this?
Printable View
i'm making a login form right now that has the option to remember the visitors details using cookies, now the problem is i have no clue how to get the data from the checkbox to see if its checked or not, how to do this?
if you can't figure it out from looking at this example, run it on your server and try it out.PHP Code:<?php
if(isset($_POST['box'])){
echo "the checkbox was checked";
}else{
echo "the checkbox was not checked";
}
?>
<form method="post">
check this --> <input type="checkbox" name="box" />
<input type="submit" value="go" />
</form>
no i can...
this is what i did... i believe i made a mistake somewhere with the cookies... :(
i'll look at this again tomorrow, getting kinda late.
Post your code so kows or someone can check your code and see if anything is wrong.Quote:
Originally Posted by Justa Lol
no, i'll need to try it my self before i post any code...
i'll update on this post.
edit: i misplaced the variables when i set the cookies, so it set twice the username instead of username and password, but i got it under control now. thanks for the replies.
Don't set cookies with a username and password.
Apologies, I pressed send a little early. Putting a user name and password into a cookie is bad practice because anothe user could view the information.
If you are storing a password, ensure you encrypt it / hash it. If you are hashing it make sure you prepend a append some salt.
e.g. md5($password . $salt);
Why can't use cookies?
Textfield text =PHP Code:setcookie("RememberUsername", $_POST['Username'], time()+86400)
I think that this would work too. :)PHP Code:<?php echo $_COOKIE['RememberUsername']; ?>
could you explain me how another user would view the cookie?Quote:
Originally Posted by visualAd
There are several ways:
- The user leaves the computer unlocked and accessible to others. E.g. at a work place or having just used a public computer. Another individual can then view the cookies in plain text to find the password.
- After setting the cookie the password will be sent to the sever every time the user requests a page on the web site. This will make the password more vulnerable in the event of a man in the middle attack which can be easily orchestrated on a public computer or via a proxy server.
- In the event that your users PC or laptop is stolen or mislaid, the cookie files / cache could be read directly off the disk along with the site for which they are valid.
You could argue that your site does not contain any sensitive information so it is not worth the extra effort to encrypt or protect the password. However, it is common place for the average Internet bod to use the same password for e-banking, porn sites and forums.
You could also argue that you have a moral (possibly legal - dependant on what your site does and where it is host) duty to protect your users data.
good point... i believe i need to update my cookies xD
but this makes cookies never secure, because md5 can be decrypted, here.
uhh. you seem to be a little confused. no, it cannot be decrypted.
just to be clear to anyone else reading -- I am not putting more trust in MD5 than I should. it has been shown to have flaws (and it has even been cracked), but MD5 is still a one-way hash. it cannot be decrypted.
the website you linked to is simply storing a bunch of MD5 hashes that they have created themselves (and probably that have been submitted by some of their users using the "encrypt" form) in a database; when you look up a hash to be "decrypted" it just checks if it exists in the database. the following hash that I just created, for example, does not get "decrypted":
and if you think this makes MD5 insecure, then by using that logic you're also saying that every single hashing algorithm is insecure. if you have a database full of SHA256 hashes that represent simple dictionary words, common passwords, or strings submitted by users, then you might have an exhaustive list of potential hashes. it still doesn't let you decrypt anything, though. anyone who has a four letter password that exists in a dictionary is looking to get hacked, anyway.Code:e27ff59e2284f263f624ad1ee2f0a691
oh, and not to even mention salts! that totally defuncts that website you linked to.