Click here to Skip to main content
15,741,407 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
I have this code below I am trying to undestand session and cookie things.I am wondering How to fill username and password fields based on cookie value after log out

What I have tried:


 if (isset($_COOKIE['name']) and isset($_COOKIE['pass'])) {
     $c_name = $_COOKIE['name'];
     $c_pass = $_COOKIE['pass'];
     echo "<script>



if (isset($_SESSION['login'])) {
} else {
    if (isset($_POST['submit'])) {
        $name = $_POST['username'];
        $pass = $_POST['password'];

        $db = new PDO('mysql:host=localhost;dbname=testing;charset=utf8', 'root', '');
        $query = $db->prepare('select * from users where username=? and password=?');
        $query->execute([$name, $pass]);
        $count = $query->rowCount();
        if ($query->rowCount()) {
            $_SESSION['login'] = true;
            $_SESSION['username'] = $name;
            if (isset($_POST['remember'])) {
                setcookie('name', $name, time() + 60 * 60 * 6);
                setcookie('pass', $pass, time() + 60 * 60 * 6);
    } else {
<form action="" method="post">
UserName <input type="text" name="username" id="u_name"><br>
 Password   : <input type="text" name="password" id="u_pass"><br>
 Remember Me :<input type="checkbox" name="remember" >
 <input type="submit" name="submit"><br>


<!DOCTYPE html>
<html lang="en">
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">

Updated 23-Nov-18 2:25am

1 solution

Simple: Don't.

NEVER store the user's credentials in a cookie. That would be a serious security breach, and would most likely result in you or your company having to pay a hefty fine.

Every browser includes a secure password manager built-in. This will let the user choose to remember and auto-fill their credentials. Don't try to replicate or override that in your code.

Troy Hunt: How to build (and how not to build) a secure “remember me” feature[^]

On a similar note, you're storing passwords in plain text. Don't do that!
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

PHP even includes built-in functions to help you do the right thing:
PHP: password_hash[^]
PHP: password_verify[^]
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900