Log in

View Full Version : Cookie safety...


shorty
10-23-2004, 06:25 PM
I took a long hard look at the cookie check stuff from VB3.03 today as I want to lose the need for including global.php & all it's extra parts (this is a small CMS which is semi-standalone).

What are the risks (if any as I am almost copying VB's cookie check routine)... (as part of a class).

$usr is an array pulled from the VB db against $_COOKIE, $userpassword reads from $_COOKIE .. $prefix is my license number..

Code: Part of a class..


function checkIsRealUser($usr, $userpassword, $prefix)
{
if( md5( $usr['password'].$prefix ) == $userpassword )
{
$endUser = array();
$endUser['username'] = $usr['username'];
$endUser['userid'] = $usr['userid'];
$endUser['usergroupid'] = $usr['usergroupid'];
return $endUser;
}


Thoughts? :)

shorty
10-26-2004, 09:49 AM
Friendly "few days later" bump :)

Crank
04-23-2005, 03:12 AM
also interested for vb3.0.7