I created a login page that contain email id/username, password and remember me checkbox. For the first time if i checked the remember me checkbox it works fine. If i try to login through other email address or password and untick remember me checkbox then it login with the previous email id and password. For example : I logged in with xyz@gmail.com email id and select remember me checkbox then login work fine. After that i again logged in with another email id suppose abc@gmail.com an untick remember me then it log in me through the previous email id that is xyz@gmail.com.
I don't understand why this is happening.
Here is my code:
HTML:
<div class="row form-row">
<div class="col-md-12"><div class="input-with-icon right">
<input type="text" placeholder="<?php echo _('Email Id/Username'); ?>" class="form-control" title="<?php echo _('Enter your Email Id/Username'); ?>" name="email_id" value="<?php
if (isset($_COOKIE['email_id'])) {
echo $_COOKIE['email_id'];
}
?>"/>
</div>
</div>
</div>
<div class="row form-row">
<div class="col-md-12">
<div class="input-with-icon right">
<input name="password" type="password" placeholder="<?php echo _('Password'); ?>" class="form-control" id="password" title="<?php echo _('Enter your password'); ?>" value="<?php
if (isset($_COOKIE['password'])) {
echo $_COOKIE['password'];
}
?>"/>
</div>
</div>
</div>
<br/>
<div class="row">
<div class="col-md-6 Heading-text">
<div class="checkbox2">
<label><input type="checkbox" name="remember" <?php echo isset($_COOKIE['remember_me']) ? "checked='checked'" : "";?> id="remember"><span style="color:black;"><?php echo _('Remember Me'); ?></span></label>
</div>
</div>
</div>
<br/>
<div class="input-group center-block text-right">
<button class="btn btn-info btn-cons center-block center-text " type="submit" name="user_login"><?php echo _('Login'); ?></button>
</div>
This is my PHP Code:
if(isset($_REQUEST['user_login'])
{
$data = $_REQUEST;
$email_id = $data['email_id'];
$password = $data['password'];
$sql = "SELECT userid,username FROM users WHERE password = '" . $password."' AND (email_id = '" . $email_id . "' OR username = '".mysqli_real_escape_string($this->getConnection(),$email_id)."')";
if ($this->checkRecordExists($sql)) {
$result = $this->getRecords($sql);
if (isset($data['remember']) && $data['remember'] == 'on')
{
/*
* Set Cookie from here for one hour
*/
setcookie("email_id", $data['email_id'], time() + (3600 * 24 * 30));
setcookie("password", $data['password'], time() + (3600 * 24 * 30)); /* expire in 1 hour */
setcookie("remember_me", 1, time() + (3600 * 24 * 30));
} else
{
/**
* Following code will unset the cookie
* it set cookie 1 sec back to current Unix time
* so that it will invalid
*/
setcookie("email_id", $data['email_id'], time()-1);
setcookie("password", $data['password'], time()-1);
setcookie("remember_me", 1, time()-1);
}
$_SESSION['user_info']['username'] = stripcslashes(urldecode($result[0]['username']));
$_SESSION['user_info']['userid'] = $result[0]['userid'];
}
}
Kindly help me where i am wrong.
