vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   how does the cookie system work? (https://vborg.vbsupport.ru/showthread.php?t=221029)

Hell Bomb 08-16-2009 04:24 PM
how does the cookie system work?
 
so, VB sets the cookie, but when it reads the cookie, how does it make sure its valid?
my cookie for my website looks like follows:

as i am unsure of what is stored in these cookies, i have stared out any data that i feel can be used against me :)


so, how does VB chack to amek sure this cookie is real?, i changed my usernumber to see if that it would work, and it did not work, so how does it do it?

--------------- Added [DATE]1250446596[/DATE] at [TIME]1250446596[/TIME] ---------------

comon, someone has got to know how the cookie system checks to make sure the cookie has not been tampred with?

--------------- Added [DATE]1250453620[/DATE] at [TIME]1250453620[/TIME] ---------------

somone pleasE?

Dismounted 08-17-2009 06:23 AM
vBulletin verifies the password that is stored inside the cookie against the password inside the database. The userid cookie simply tells vBulletin which user should be checked.

Hell Bomb 08-17-2009 08:56 AM
so, basicly, im makign a script, its going nto run of the forum cookie, so if i tell it to read the user id, verify the password is right using the md5($SQLpassword . $licencenumber), it will work?

i wanted to know, so that they cant just change the digits in the cookie and make it log into my script as someone else?
so, just get it to check that the password is currect?

Dismounted 08-17-2009 11:28 AM
Quote:
Originally Posted by hellbomb (Post 1869050)
so, basicly, im makign a script, its going nto run of the forum cookie, so if i tell it to read the user id, verify the password is right using the md5($SQLpassword . $licencenumber), it will work?
Correct.
Quote:
Originally Posted by hellbomb (Post 1869050)
i wanted to know, so that they cant just change the digits in the cookie and make it log into my script as someone else?
so, just get it to check that the password is currect?
Correct again.

Hell Bomb 08-17-2009 03:10 PM
thanks, great help :)

--------------- Added [DATE]1250531608[/DATE] at [TIME]1250531608[/TIME] ---------------

and sorry about my poor spelling and typing, i was in a rush :)


All times are GMT. The time now is 09:05 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01180 seconds
  • Memory Usage 1,718KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete