I run a Nairaland Look alike forum! And am tired of my members login in every hour!!! I want a situation wen they close a browser and reopen dey still get logged in! How do I come by this?! Anyone with an idea?!
Just like Nairaland itself or Facebook; once am logged in, am logged in! Aint a situation am gonna log in again!!!

I would be really grateful!
Yea... For my do_login.php script; the code is posted below

<?php
session_start();
require('incfiles/init.php');
if(functions::isloggedin())
{
if(empty($redirect))
{
functions::go($config->url);
} else {
functions::go('http://'.$redirect);
}
die();
}
if(isset($_POST["submit"])) {
//STEP DOWN VALUES
$username=$_POST["username"];
$password=$_POST["password"];
$redirect=$_POST["redirect"];
//CLEANUP VALUES
$username=functions::cleaninput($username);
$password=functions::cleaninput($password);
$password=md5($password);
$checkquery=mysql_query("SELECT username, password
FROM users WHERE username='$username' AND
password='$password'" or die(mysql_error());
$num=mysql_num_rows($checkquery);
if($num>0)
{
$banq = mysql_num_rows(mysql_query("SELECT * FROM
`bannedusers` WHERE `username`='$username' AND
`boardid`=0" );
if($banq > 0)
{
$binfo = mysql_fetch_array(mysql_query("SELECT * FROM
`bannedusers` WHERE username='$username'" );
$reason = $binfo["reason"];
$date = $binfo["date"];
$unbandate = $binfo["unbandate"];
$today = time();
if($today < $unbandate) {
$pagetitle = "You Have Been Banished By one of the
Administrator!.";
require('incfiles/head.php');
$ud = date('l jS F Y \a\t g:I A', $unbandate);
$bd = date('l jS F Y \a\t g:I A', $date);
echo "<h2>You Have Been Banished By one of the
Administrator!.</h2><div class='display'><p>Reason:
$reason<p>Banned Date: $bd<p>Unbanned Date: $ud</
div>";
require('incfiles/end.php');
die();
} else {
mysql_query("DELETE FROM bannedusers WHERE
username='$username' ANd boardid=0" ;
$pagetitle = "U have Just Been Unbanned";
require('incfiles/head.php');
$msg="U Hav Just Been Unbanned Pls Go Back And Login
Again";
echo "<div class='display'>$msg<br/><a
href='javascript:history.go(-1)'>Go back</a></div>";
}
}
else {
$CookieExpire = 100000;
$time = 60 * 60 * 24 * $CookieExpire;
$time = time() + $time;
$key = $username . date('mY');
$key = strtoupper(md5($key));
setcookie("sessionkey", "$key", "$time" ;
setcookie("user", "$username", "$time" ;
setcookie("password", "$password", "$time" ;
$_SESSION["user"]=$username;
$id=functions::user_info($username, userID); $date=date
();
$guestip=$_SERVER["REMOTE_ADDR"];
$guestbrowser=$_SERVER["HTTP_USER_AGENT"];
mysql_query("UPDATE b_guestsonline SET time=1 WHERE
browser='$guestbrowser' AND guestip='$guestip'" ;
mysql_query("UPDATE users SET sessionkey='$key' WHERE
username='$username'" ;
if(empty($redirect))
{
functions::go($config->url);
} else {
functions::go('http://'.$redirect);
}
}
}
else
{
$pagetitle = "incorrect username and/or password, make
sure you type correctly your username & password !";
require('incfiles/head.php');
$msg="incorrect username and/or password, make sure
you type correctly your username & password !";
echo "<div class='display'>$msg<br/><a
href='javascript:history.go(-1)'>Go back</a></div>";
}
}
else
{
$pagetitle = "Error";
require('incfiles/head.php');
$msg="Error";
echo "<div class='display'>$msg<br/><a
href='javascript:history.go(-1)'>Go back</a></div>";
}
require('incfiles/end.php');
?>

I tink you can adjust this in the forum setting when loged in as an admin

Nah, I can't

ha ha ha

i dont know php, but i have a clue of what you are saying, in asp.net c#, what you want to do has to do with authentication, and this solves that problem in the web.config file


<configuration>
<system.web>
<authentication mode="Forms">
<forms timeout="14400"></forms>
</authentication>
</system.web>
</configuration>


that will automatically keep the user logged in for 14400 minuites, thats 240 hours equally, 10 days if the user checks the "keep me logged in box" as shown below so you have a clue of where to start from in php.. just an opinion though..

Bear in mind that I didn't completely look through your code an the variable names in source posted below might not directly correlate with the variables you used. But for you to have gone this far you should have an idea of what your are doing, so I'm not going to go into details. Add this to your do_login.php

function checkLogin(){
   /* Check if user has been remembered */
   if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      $_SESSION['username'] = $_COOKIE['cookname'];
      $_SESSION['password'] = $_COOKIE['cookpass'];
   }
   /* Username and password have been set */

   if(isset($_SESSION['username']) && isset($_SESSION['password'])){
      /* Confirm that username and password are valid */
      if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
         /* Variables are incorrect, user not logged in */
         unset($_SESSION['username']);
         unset($_SESSION['password']);
         return false;
      }
      return true;
   }
   /* User not logged in */
   else{
      return false;
   }
}

And add this to the login.php

 if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/";
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/";
   }
   /* do some redirect here since user is not logged in*/

   return;
}
/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();

Some where else you can check if a user is logged in as so

function displayLogin(){
   global $logged_in;
   if($logged_in){
      //do login stuffs
   }
   else{ // redirect to login page }
}

NOTE that the source code is not secure as cookies can be extracted from you browser. In a development scenario I'll involve some encryption maybe md5. Additionally you can add an encrypted key to cookie and persist it to the database so that it can be compared to ascertain that it hasn't been tampered with. Than each time i call checkLogin() I'll compare the content of the cookie with what has been persisted. Other security measures exist but it's a thing of style.

Here is a decent explanatory description on steps for achieving a more secured remember me. I'm quite busy now so i can't whip up the entire code for you.

Usually I do something like this:

1) User logs in with 'keep me logged in'
2) Create session
3) Create a cookie called SOMETHING containing: md5(salt+username+ip+salt) and a cookie called somethingElse containing id
4) store cookie in database
5) user does stuff and leaves ----
6) user returns, check for somethingElse cookie, if it exists, get the old hash from the database for that user, check of the contents of cookie SOMETHING match with the hash from the database, which should also match with a newly calculated hash (for the ip) thus: cookieHash==databaseHash==md5(salt+username+ip+salt), if they do, goto 2, if they don't goto 1

off course you can use different cookie names etc. also you can change the content of the cookie a bit, just make sure it isn't to easily created. You can for example also create a user_salt when the user is created and also put that in the cookie.

Also you could use sha1 instead of md5 (or pretty much any algorithm)

Make use of sessions.That's all

tefoko:
Make use of sessions.That's all

Please put more lights on the use of sessions! You got any vivid explanation or example?!