Learn how to securely us php cookie to create login system.
Watch the video first:
Get the code below:
Ajax.php
<?php
//--->get app url > start
if (isset($_SERVER['HTTPS']) &&
($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) ||
isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$ssl = 'https';
}
else {
$ssl = 'http';
}
$app_url = ($ssl )
. "://".$_SERVER['HTTP_HOST']
//. $_SERVER["SERVER_NAME"]
. (dirname($_SERVER["SCRIPT_NAME"]) == DIRECTORY_SEPARATOR ? "" : "/")
. trim(str_replace("\\", "/", dirname($_SERVER["SCRIPT_NAME"])), "/");
//--->get app url > end
header("Access-Control-Allow-Origin: *");
//app url
define("APPURL", $app_url);
//absolute path to root directory of app
define("ABSPATH", str_replace("\\", "/", dirname(__FILE__) ) );
if(isset($_GET['code']))
{
echo json_encode(array('status'=>'success', 'url'=>APPURL.'/dashboard.php'));
//setcookie('code',$_GET['code']);
/*
setcookie(
string $name,
string $value = "",
int $expires = 0,
string $path = "",
string $domain = "",
bool $secure = false,
bool $httponly = false
);
*/
//securly set php cookie
setcookie('code',$_GET['code'],null,'/',null, true,false);
}
else{
echo json_encode(array('status'=>'error', 'msg'=>'no code set',));
}
?>
index.php
<?php
//--->get app url > start
if (isset($_SERVER['HTTPS']) &&
($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) ||
isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$ssl = 'https';
}
else {
$ssl = 'http';
}
$app_url = ($ssl )
. "://".$_SERVER['HTTP_HOST']
//. $_SERVER["SERVER_NAME"]
. (dirname($_SERVER["SCRIPT_NAME"]) == DIRECTORY_SEPARATOR ? "" : "/")
. trim(str_replace("\\", "/", dirname($_SERVER["SCRIPT_NAME"])), "/");
//--->get app url > end
if(isset($_COOKIE['code']))
{
header('Location: '. $app_url.'/dashboard.php');
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>PHP Best Way To Secure Login</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/css/bootstrap.min.css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container text-center" style="padding-top: 100px;">
<h1>PHP Secure Cookie Login System</h1>
<br>
<label for="">Code</label>
<input type="text" class="code"><br><br>
<span class="btn_login btn btn-success">Login - Code With Mark</span><br>
</div>
<script>
$(document).ready(function () {
var ajax_url = '<?php echo $app_url ?>/ajax.php';
$('.btn_login').click(function (e)
{
e.preventDefault();
$.ajax({
type: "get",
url:ajax_url,
data: {code:$('.code').val()},
dataType: "json",
success: function (d1){
if(d1.status == 'success')
{
window.location.href = d1.url;
}
else
{
console.log(d1)
}
}
});
});
});
</script>
</body>
</html>
Dashboard.php
<?php
//--->get app url > start
if (isset($_SERVER['HTTPS']) &&
($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) ||
isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$ssl = 'https';
}
else {
$ssl = 'http';
}
$app_url = ($ssl )
. "://".$_SERVER['HTTP_HOST']
//. $_SERVER["SERVER_NAME"]
. (dirname($_SERVER["SCRIPT_NAME"]) == DIRECTORY_SEPARATOR ? "" : "/")
. trim(str_replace("\\", "/", dirname($_SERVER["SCRIPT_NAME"])), "/");
//--->get app url > end
header("Access-Control-Allow-Origin: *");
//app url
define("APPURL", $app_url);
//absolute path to root directory of app
define("ABSPATH", str_replace("\\", "/", dirname(__FILE__) ) );
if(!isset($_COOKIE['code']))
{
header('Location: '. $app_url);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>PHP Best Way To Secure Login</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/css/bootstrap.min.css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container text-center" style="padding-top: 100px;">
<h1>Welcome to Dashboard...</h1>
<br>
<p>Your entered code: <strong></strong> <?php echo $_COOKIE['code']?></strong> </p>
</div>
</body>
</html>