php - how to have a remember me on login

Question

Hi guys im having a big problem on my project i wan to have a remember me on my log in but when i try it using this code below its not working there are no error messages came out. please help me badly needed thanks in advance. here is my html code for login.

<?php
session_start();

$username = $_POST['username'];
$password = $_POST['password'];

mysql_connect("localhost", "root", "");
mysql_select_db("vrooms");

$result = mysql_query("SELECT * FROM registration where username = '$username' and password = '$password'")
        or die("Failed to query database" .mysql_error());
$row = mysql_fetch_array($result);

if($username != $username){
  header("location: home/homepage.php");
  echo'<script>
    alert("Not Allowed to Login With a Different Account!");
    </script>';
  $username = $_POST['username'];
}

if($row['username'] == 'admin_jake' && $row['password'] == $_POST['password']){
    $_SESSION['type'] = 'admin';
}

if($row['username'] == $_POST['username'] && $row['password'] == $_POST['password'] && $_SESSION['type'] != 'admin'){
    $_SESSION['type'] = 'user';
    $_SESSION['username'] = $username;
    header("location: home/homepage.php");
}

else if($row['username'] != $_POST['username'] && $row['password'] !=  $_POST['password']){
    $_SESSION['message'] = "Incorrect Username or Password";
    header("location: loginpage.php");
}

else if($_SESSION['type'] == 'admin' && $_SESSION['type'] != 'user'){
    $_SESSION['admin'] = $username;
    header("location: admin/adminpage.php");
}

if(isset($_REQUEST['remember']))
    $escapedRemember = myqli_real_escape_string($conn, $_REQUEST['remember']);

$cookie_time = 60 * 60 * 24 * 30;
$cookie_time_Onset = $cookie_time + time();

if(isset($escapedRemember)){
    setcookie("username", $username, $cookie_time_Onset);
    setcookie("escapedPW", $password, $cookie_time_Onset);

}

else{
    $cookie_time_fromOffset = time() - $cookie_time;
    setcookie("username", '', $cookie_time_fromOffset);
    setcookie("password", '', $cookie_time_fromOffset);
}

?>
<?php
session_start();
include_once("CORE/dbconfig.php");

if(isset($_SESSION['type'])){
    if ($_SESSION['type'] == 'user') {
        header("location: home/homepage.php");
    }
    else if ($_SESSION['type'] == 'admin') {
        header("location: admin/adminpage.php");
    }
}
?>

<!DOCTYPE html>
<html>
<head>
<title>Car Hub - Don't dream, ride it!</title>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="CSS FILES/login_chstyle.css">
</head>

<body>
<br>
<?php
if(isset($_SESSION['message'])){
    echo '<div class = "msg">';
        echo '<p>' .$_SESSION['message']. '</p>';
        unset($_SESSION['message']);
    echo '</div>';  
}
?>
<div class="header">
<a href="loginpage.php"><img src="images/CarHubLogos.png" style="margin-top: 10px; height: 50px"></a>

<!-- ___________________________________________________________________________For Log In Syntax_______________________________________________________________ -->

<div id="buttonsize"><button onclick="document.getElementById('id01').style.display='block'" style="width:auto;">Sign In</button></div>
<div id="id01" class="modal">
<span onclick="document.getElementById('id01').style.display='none'" class="close" title="Close Modal" style="margin-top: 50px">&times;</span>
<form class="modal-content animate" action="login.php" method="POST">
<div class="container">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="username" id="username" value="<?php if(isset($_COOKIE['username'])) echo $_COOKIE['username']; ?>" required>

<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password" id="password" value="<?php if(isset($_COOKIE['password'])) echo $_COOKIE['password']; ?>" required> 

<input type ="checkbox" id="remember" name="remember" <?php if(isset($_COOKIE['username'])){ echo"checked = 'checked'";}?> value="1">
<label>Remember Me</label>

<button class="colorgr" name="login" type="submit">Login</button>
<button  type="button" onclick="document.getElementById('id01').style.display='none'" class="cancelbtn">Cancel</button>
</div> 
</form>
</div>

<!-- ___________________________________________________________________________For Log In Syntax_______________________________________________________________ -->

<!--____________________________________________________________________________SCRIPT START ___________________________________________________________________ -->

<script>
    // Get the modal for Log In
    var modal = document.getElementById('id01');

    // When the user clicks anywhere outside of the modal, close it
    window.onclick = function(event) {
    if (event.target == modal) {
    modal.style.display = "none";
    }
}
    // Get the modal for sign up
    var modal = document.getElementById('id02');

    // When the user clicks anywhere outside of the modal, close it
    window.onclick = function(event) {
if (event.target == modal) {
    modal.style.display = "none";
     }
}
</script>
<!--____________________________________________________________________________SCRIPT END ____________________________________________________________________ -->

<!--____________________________________________________________________________Sign Up ____________________________________________________________________ -->    
<div id="buttonResize">
<button onclick="document.getElementById('id02').style.display='block'" style="width:auto;">Sign Up</button>
</div> 

<div id="id02" class="modal">
<span onclick="document.getElementById('id02').style.display='none'" class="close" title="Close Modal" style="margin-top: 50px">×</span>
<form name="myForm" class="modal-content animate" action="signup.php" method="post">
    <div class="container">
    <label><b>Last Name</b></label><br>
    <input type="text" placeholder="Enter Last Name" id="customer_lname" name="customer_lname" pattern="[a-zA-Z ]+" title="Must not contain a special character and numbers.     e.g. !@#$%^&*0-9" required>
<br>
    <label><b>First Name</b></label><br>
    <input type="text" placeholder="Enter First Name" id="customer_fname" name="customer_fname" pattern="[a-zA-Z ]+" title="Must not contain a special character and numbers.     e.g. !@#$%^&*0-9" required>
<br>
    <label><b>Contact Number </b></label><br>
    <input type="tel" placeholder="Enter Contact Number" id="contact_number" name="contact_number" pattern="^\d{4}-\d{3}-\d{4}$" title="XXXX-XXX-XXXX" style = "width: 100%;
     padding: 12px 20px;
     margin: 8px 0;
     display: inline-block;
     border: 1px solid #ccc;
     box-sizing: border-box;" required>
<br>
    <label><b>Email</b></label><br>
    <input type="email" placeholder="Enter Email" id="email_address" name="email_address" style = "width: 100%;
     padding: 12px 20px;
     margin: 8px 0;
     display: inline-block;
     border: 1px solid #ccc;
     box-sizing: border-box;" required>
<br>
    <label><b>Username</b></label><br>
    <input type="text" placeholder="Enter Username" id="username" name="username" pattern="^[a-z0-9_-]{4,16}$"
    title="Must contain at least 4-16 characters and must not have some special character.     e.g !@#$%^&*" required >
<br>
    <label><b>Password</b></label><br>
    <input type="password" placeholder="Enter Password" id="password" name="password" pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters"  onchange="form.c_password.pattern = this.value;" required >
<br>
    <label><b>Repeat Password</b></label><br>
    <input type="password" placeholder="Repeat Password" id="c_password" name="c_password"  pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Password Must Match!" required>
    <p>By creating an account you agree to our <a href="terms.php" style="color: blue;">Terms & Privacy</a>.</p>
        <div class="clearfix">
        <button type="button" onclick="document.getElementById('id02').style.display='none'" class="cancelbtn">Cancel</button>
        <button class="colorgr" type="submit" name="submit_cus" class="signupbtn">Sign Up</button>
        </div>
    </div>
</form>
</div>

<!--____________________________________________________________________________Sign Up ____________________________________________________________________ -->
</div>
<br>
<hr>
<br>
<ul>
<li><a href="loginpage.php">Home</a></li>
<li><a href="vehicle.php">Vehicles</a></li>
<li><a href="aboutus.php">About</a></li>
<li><a href="faq.php">FAQ</a></li>
</ul>

<div id="bodywall">
<br>
<h1 class="gety">Ride a<br>car today</h1>
<p class="stylo1">Sign up for free</p>

<br><br><br><br><br><br><br><br><br><br>



</div>


<div class="footer"><img src="images/CarHubLogos.png" style="height: 100%"></div>

</body>

</html>

<script>
    window.onload = function () {
        if (typeof history.pushState === "function") {
            history.pushState("jibberish", null, null);
            window.onpopstate = function () {
                history.pushState('newjibberish', null, null);
            };
        } else {
            var ignoreHashChange = true;
            window.onhashchange = function () {
                if (!ignoreHashChange) {
                    ignoreHashChange = true;
                    window.location.hash = Math.random();
                } else {
                    ignoreHashChange = false;   
                }
            };
        }
    }
 </script>

Answer 1

First of all, you will need to keep a cookie on the client-side called hash (a randomized string), whenever a user logs in.

Along with this cookie, you must create a row in a table (sessions) within your database with the value of the hash, and the corresponding logged in user id.

For example: If user 4 logs in; it will generate a hash with the value 1234, this value will then be stored within the database table along with that users id (4).

Whenever a user visits the website, you need to check if the cookie value has been set, and if it has, check if the value matches any within the database. Assuming it finds one, grab the user id that matches with the corresponding value, and log that specific user in.

Make sure, once you've logged them in, you generate a new hash and delete the old hash from your sessions table.

Same thing goes for when the user logs out; delete the hash from the client-side and the database table, every time (for security purposes).

Hopefully, this gives you an idea of what you need to do to achieve this.

If you want a more in depth explanation on how to do this, I highly suggest reading these:

1. The definitive guide to form-based website authentication

2. What is the best way to implement “remember me” for a website?

SIDENOTE: I've noticed you're still using the deprecated mysql_* extension. Please discontinue the use of mysql_*, it is no longer secure or safe to use, and there are much better alternatives. I would suggest mysqli_* or PDO.

Answer 2

you have to use session_start() at the top of all your html sites, otherwise you loose reference to the session and to all its stored variables.