[Pugged] Secure Cookies
Tim Perdue
ciapug@ciapug.org
Fri, 20 Sep 2002 14:45:51 -0500
--GRPZ8SYKNexpdSJ7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
David asked me to send the code for the secure end-user cookies that I
mentioned.
Below should be the most important parts of the code.
<?php
$user_hash_var=3D'ph$%@i7980578907892890789`120712389-789-1346783###@';
$LOGGED_IN=3Dfalse;
function user_isloggedin() {
global $user_name,$id_hash,$user_hash_var,$LOGGED_IN;
//have we already run the hash checks?
//If so, return the pre-set var
if (isset($LOGGED_IN)) {
return $LOGGED_IN;
}
if ($user_name && $id_hash) {
$hash=3Dmd5($user_hash_var.$user_name.$user_hash_var);
if ($hash =3D=3D $id_hash) {
$LOGGED_IN=3Dtrue;
return true;
} else {
$LOGGED_IN=3Dfalse;
return false;
}
} else {
$LOGGED_IN=3Dfalse;
return false;
}
}
function user_logout() {
global $user_name;
$user_name=3D'';
setcookie('user_name','',(time()+2592000),'/','',0);
setcookie('id_hash','',(time()+2592000),'/','',0);
}
function user_set_tokens($user_name_in) {
global $user_hash_var,$user_name,$id_hash;
if (!$user_name_in) {
$feedback .=3D ' ERROR - User Name Missing When Setting Tokens ';
return false;
}
$user_name=3Dstrtolower($user_name_in);
$id_hash=3D md5($user_hash_var.$user_name.$user_hash_var);
setcookie('user_name',$user_name,0,'/','',0);
setcookie('id_hash',$id_hash,0,'/','',0);
}
?>
--=20
Founder - PHPBuilder.com / Geocrawler.com / SourceForge
GPG Public Key: http://www.perdue.net/personal/pgp.php
Perdue, Inc. / Immortal LLC
515-554-9520
--GRPZ8SYKNexpdSJ7
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9i3rvLxmgedYDVWQRAgB6AJ4qgKhr3jShZdt4FOze/kpBc5v7fQCcCYET
5seNfUyHKz/jS/zYtpEhrx4=
=A0nF
-----END PGP SIGNATURE-----
--GRPZ8SYKNexpdSJ7--