vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   Reading cookies (https://vborg.vbsupport.ru/showthread.php?t=270761)

dilbert 09-23-2011 12:30 AM
Reading cookies
 
I am not looking for coding help with what I discuss below, but how to read the existing vB4.x cookie.

I am developing a new section to my site and want to take advantage of the cookie that vB is creating. The site will be developed in Cold Fusion which is capable of reading the cookie, but I don't understand it (the cookie) very well. My concerns are around security. I presume it is fairly easy to edit the cookie so simply using the userid won't be enough.

The parts I see listed are:
lastvisit
lastactivity
userid
password
fbaccesstoken
fbprofilepicurl

The password doesn't match what is in the db. Aside from the userid is there another part to the cookie that I look up in the db to compare to the users cookie to authenticate them? Is there a way to compare the cookie password to the db password?

Thanks

--------------- Added [DATE]1316744063[/DATE] at [TIME]1316744063[/TIME] ---------------

Tada!

I searched and was able to piece it together.

This is what I am going to compare to the db password, this is cold fusion formatting.
#lCase(Hash(MyDataBase.password & 'COOKIE_SALT', "MD5"))#

COOKIE_SALT comes from includes/functions.php


All times are GMT. The time now is 06:37 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01003 seconds
  • Memory Usage 1,702KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (1)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete