vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   I just set a new cookie... is this OK? (https://vborg.vbsupport.ru/showthread.php?t=197637)

LanciaStratos 11-30-2008 02:48 AM

I just set a new cookie... is this OK?
 
I just created this quick one-line plugin to store a user's group ID in a cookie, using the global_setup_complete hook. It works just like I wanted. Is there any inherent security risk in doing this, or any other issue I may have overlooked?

PHP Code:

vbsetcookie('usergroupid'$vbulletin->userinfo['usergroupid']); 

A quick reply is all I'm looking for. If it looks good to you, no need to elaborate. :D

Dismounted 11-30-2008 03:01 AM

Why do you need to do that?

LanciaStratos 11-30-2008 03:11 AM

I wanted an easy way to check the usergroupid of my visitors outside of forum pages, without bothering to include global.php and the overhead that incurs. I use the usergroupid to determine whether or not I need to display ads around my site.

Dismounted 11-30-2008 03:39 AM

Anyone can change that cookie and "fool" your system.

LanciaStratos 11-30-2008 04:01 AM

True, of course, but I'm going to bet that the number of users who figure that out will be too small to have any type of impact on ad impressions. Also, I'm still using vB's template conditionals in the forums, so the technique won't work there (of course, won't visiting vB pages also reset the cookie?). This is primarily designed to hide ads on my WordPress installation, which contains pages and posts that can get hit hard with traffic. If I can save a trip to my vB DB on all those page loads (most of which will come from unregistered, new visitors), it has to be a good thing.

Dismounted 11-30-2008 04:27 AM

If you are only using it for displaying ads - it will be OK. Last thing, make sure you clear the cookie when logging out.

LanciaStratos 11-30-2008 04:41 AM

Great point, I hadn't considered clearing the cookie! Would logout_process be the best hook to use for that?

Dismounted 11-30-2008 10:11 AM

Quote:

Originally Posted by LanciaStratos (Post 1675578)
Would logout_process be the best hook to use for that?

Yes


All times are GMT. The time now is 02:14 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01099 seconds
  • Memory Usage 1,725KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete