Basically took the weekend off due to writers block... Been thinking about
this the whole weekend though.
Some things to consider:
1) With your system, even if the users password has changed, if they still
have a valid cookie with the "code" that matches the "code" in the storage
file, they can override the password and log in. You would have to have a
way that when the password is changed that removes the code from the storage
file to prevent that.
2) The system you using only works for 1 browser and/or machine etc...
If you use multiple browsers (ie, FF, Chrome etc) and/or multiple machines
(one at work, one at home and perhaps a netbook) it won't work because only
one would ever be valid.
It would not work for me as I do login via multiple browsers on multiple
machines.
Food for thought... Example of SMF forum cookies which do allow multiple
browsers and machines.
setcookie($cookiename, serialize(array($ID_MEMBER, $password)), time() + (60
*
$COOKIETIME ), $cookie_url[1], $cookie_url[0], 0);
It's a serialized version of the ID_MEMBER and the password.
The password itself is generated by these two lines:
$md5_passwrd = md5_hmac($PASSWORD, strtolower($USER));
$password = md5_hmac($md5_passwrd, 'ys');
So basically it's double hashed, and uses the username and password entered
by
the user to generate the "password".
md5_hmac is a custom function used by SMF and is this:
// MD5 Encryption.
function md5_hmac($data, $key)
{
if (strlen($key) > 64)
$key = pack('H*', md5($key));
$key = str_pad($key, 64, chr(0x00));
$k_ipad = $key ^ str_repeat(chr(0x36), 64);
$k_opad = $key ^ str_repeat(chr(0x5c), 64);
return md5($k_opad . pack('H*', md5($k_ipad . $data)));
}
If the user accounts password is changed, the cookie no longer works.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/boltwire?hl=en
-~----------~----~----~----~------~----~------~--~---
