Hello,

I am trying to develop a little application in PHP, but I need your help.

When a user open an account or login, some information should be stored in his/her computer (cookies). And then if he/she logged out and try to open another account it should dipaly the message: "Ouuu you already have one account!".

That's all.

I have done that by checking real IP, but I do not know how to do that using cookies.

waiting for your help

This will set a cookie named user which will expire in one hour:

<?php
if (isset($_COOKIE["user"])){
  $message= "Ouuu you already have one account!";
  }
  else{
  setcookie("user", "Current User", time()+3600);
  $message="Welcome new user";
  }
?>
<html>
<head>
</head>
<body>
<?php
echo $message;
?>
</body>
</html>

Thank you for your reply.

Does it work if a user logged out. I think the cookies will be deleted?

Yes it will. Generally a cookie lasts until:
a.)It is manually deleted or modified by the user.
b.)It expires.
Also, Cookies need to be set in the header. This means they must be sent before any HTML is set to the page, or they will not work.

If you actually want to delete the cookie at the time the user clicks your log out button, use this:

setcookie("user", "Current User", time()-3600);

You're actually modifying the expiration time to be negative instead of positive.

Maybe I didnt explain well my problem.

I am using some little cookies, where I store a user information for example: nickname and password. that is working ok. After a user signs out, these cookies will be deleted.
So if the user tries to create another account from the same computer I cant stop that. this is the problem.

I want to store some extra information in cookies that will notice the user and will not let him to create more than one account.

So can anyone give me a solution?

You can't stop someone from creating multiple accounts unless you block entire IPs, which you don't want to do because most IPs are shared. The only thing you can do is keep people from creating accounts with information that has already been used, for ex. email address, user name, nick name etc...

Maybe I didnt explain well my problem.

I am using some little cookies, where I store a user information for example: nickname and password. that is working ok. After a user signs out, these cookies will be deleted.
So if the user tries to create another account from the same computer I cant stop that. this is the problem.

I want to store some extra information in cookies that will notice the user and will not let him to create more than one account.

So can anyone give me a solution?

That is simply not possible. Oh, it is possible if everyone starts using static IP. You can log the IP in a table and cross check whenever a user tries to create an account. (Mind you, Its possible only if everyone has a static IP!). Btw, its a bad idea to let the user create only 1 account. What if everyone in the family wants an account ?
:) As Rob has suggested, check for existing username or email id while registration.

Yes,Nav's answer is damn right...
Better to provide many accounts from one computer...
And try sessions also,if you want to store more user data like nick name etc...
Thnks..

I am using some little cookies, where I store a user information for example: nickname and password.

And try sessions also,if you want to store more user data like nick name etc...

Exactly, I'm not too excited about my password being stored in a cookie, maybe an md5 of my password, but I even get nervous about that. I think its just bad practice.

Thank you all for your idea and for your time.

I did create a table where I store IP for every user who registered. I also write a function to check for real IP, if IP is in the table the user gets the message that he cant create another account. But this a not good idea because the ISP is using randomly IP for clients (I think they are using NAT Protocol).

So I am trying to stop users from creating more than one account in one computer using cookies or something else that you may know.

If anyone has tried or done something like this, please write your idea and give me some information.


Thank you to all members of DaniWeb.

This problem is solved.

Thank you to all of you!

Sincerely
Besart

The solution was so simple I think.

When a user logs in by using username and password, the information are stored in cookies like this:

setcookie("Nick",$nick,time()+3600);
setcookie("Pass",$pass,time()+3600);

and when he/she logs out by typing Log Out button, I just destroy the password cookies and not the nickname cookies so if he tries to open another account he/she will get the message: "Ouupss, You have already another account. Please click here to login.".

This is done by checking if cookies stored in browser exists.

<?

if(isset($_COOKIE["Nick"]))
{

This is so simple. But it works fine in my simple application.

If user clean cookies in his/her browser, it's normally this would not work.


Give your opinion about this solution, please!

Thank you to all.

If user clean cookies in his/her browser, it's normally this would not work.

Exactly.
But why are you creating a password cookie ? What is the need ?

Umm.. and what if the user decides to close the browser instead of logging out ? Password cookie will not be deleted..

I guess that depends on your security needs. DaniWeb stores (encrypted) password in cookie. I hardly ever login here because authentication is done with cookies. However, I wouldn't want my bank or email account to be authenticated with a cookie.

It all depends on how well you trust the security of the site that is storing your password cookie. Trust their input filtering, especially in a forum type site. Daniweb, I have no doubt is well managed and tested, but many are unaware.

This question has already been answered. Start a new discussion instead.