Use cookies to check whether a user is logged on and whether the user is secure

Source: Internet
Author: User
Use cookies to check whether a user is logged on. is it secure? Use cookies to check whether a user is logged on. is it secure? $ Cookies & nbsp ;=& nbsp; & nbsp; $ _ COOKIE ["wordpress_logged_in _". md5 ("http: // localhost uses cookies to check whether a user is logged on. is it secure?
Use cookies to check whether a user is logged on. is it secure?

$ Cookies = $ _ COOKIE ["wordpress_logged_in _". md5 ("http: // localhost/wp")];
$ Userinfo = explode ('|', $ cookies );
$ Db = mysql_connect ("localhost", "root", "root ");
Mysql_select_db ("wp", $ db );
Mysql_query ("set names utf8 ");
$ Result = @ mysql_query ("SELECT user_login FROM wp_users where user_login = '". mysql_real_escape_string ($ userinfo [0]). "'limit 1 ");
$ Total = mysql_num_rows ($ result );
Mysql_close ($ db );
If ($ total> 0 ){
Echo 'hello: '. $ userinfo [0]);
} Else {
Echo 'login'; // If you have not logged on, a logon hyperlink is displayed.
}

------ Solution --------------------
Whether it is safe or not depends on the code you write. it has nothing to do with cookies. The key is how you apply cookies.
------ Solution --------------------
Reference:
Whether it is safe or not depends on the code you write. it has nothing to do with cookies. The key is how you apply cookies.

+ 1
If you write the password into the cookie, you don't need to ask anything.
------ Solution --------------------
It is best to add a cookie for the test to check whether the cookies are modified (spoofed );
The procedure is as follows:
1. the user ID or user name is written into the cookie, named
2. use the following method to encrypt the user ID or user name and write it into the cookie. name B
3. decrypt B to determine whether it is the same as A to determine the logon location.

Share code:

/**
* Security code
* @ Param string $ string the text to be processed
* @ Param string $ operation processing method (DECODE: decoding, ENCODE: encoding)
* @ Param string $ key
* @ Param int $ expiry expiration time
* @ Return string
*/
Function oauthCode ($ string, $ operation = 'Decode', $ key = '', $ expiry = 0)
{
$ Ckey_length = 4;
$ Key = md5 ($ key! = ''? $ Key: '000000'); // Default key
$ Keya = md5 (substr ($ key, 0, 16 ));
$ Keyb = md5 (substr ($ key, 16, 16 ));
$ Keyc = $ ckey_length? ($ Operation = 'decode '? Substr ($ string, 0, $ ckey_length): substr (md5 (microtime (),-$ ckey_length )):'';
$ Cryptkey = $ keya. md5 ($ keya. $ keyc );
$ Key_length = strlen ($ cryptkey );
$ String = $ operation = 'decode '? Base64_decode (substr ($ string, $ ckey_length): sprintf ('% 010d', $ expiry? $ Expiry + time (): 0). substr (md5 ($ string. $ keyb), 0, 16). $ string;
$ String_length = strlen ($ string );
$ Result = '';
$ Box = range (1, 0,255 );
$ Rndkey = array ();
For ($ I = 0; $ I <= 255; $ I ++)
{
$ Rndkey [$ I] = ord ($ cryptkey [$ I % $ key_length]);
}
For ($ j = $ I = 0; I I <256; $ I ++)
{
$ J = ($ j + $ box [$ I] + $ rndkey [$ I]) % 256;
$ Tmp = $ box [$ I];
$ Box [$ I] = $ box [$ j];
$ Box [$ j] = $ tmp;
}
For ($ a = $ j = $ I = 0; $ I <$ string_length; $ I ++)
{
$ A = ($ a + 1) % 256;
$ J = ($ j + $ box [$ a]) % 256;
$ Tmp = $ box [$ a];
$ Box [$ a] = $ box [$ j];
$ Box [$ j] = $ tmp;
$ Result. = chr (ord ($ string [$ I]) ^ ($ box [($ box [$ a] + $ box [$ j]) % 256]);
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.