Use cookies to check whether a user is logged on and whether the user is secure

Use cookies to check whether a user is logged on. is it secure? Use cookies to check whether a user is logged on. is it secure? $ Cookies & nbsp ;=& nbsp; & nbsp; $ _ COOKIE ["wordpress_logged_in _". md5 ("http: // localhost uses cookies to check whether a user is logged on. is it secure?
Use cookies to check whether a user is logged on. is it secure?

$ Cookies = $ _ COOKIE ["wordpress_logged_in _". md5 ("http: // localhost/wp")];
$ Userinfo = explode ('|', $ cookies );
$ Db = mysql_connect ("localhost", "root", "root ");
Mysql_select_db ("wp", $ db );
Mysql_query ("set names utf8 ");
$ Result = @ mysql_query ("SELECT user_login FROM wp_users where user_login = '". mysql_real_escape_string ($ userinfo [0]). "'limit 1 ");
$ Total = mysql_num_rows ($ result );
Mysql_close ($ db );
If ($ total> 0 ){
Echo 'hello: '. $ userinfo [0]);
} Else {
Echo 'login'; // If you have not logged on, a logon hyperlink is displayed.
}

------ Solution --------------------
Whether it is safe or not depends on the code you write. it has nothing to do with cookies. The key is how you apply cookies.
------ Solution --------------------
Reference:

Whether it is safe or not depends on the code you write. it has nothing to do with cookies. The key is how you apply cookies.

+ 1
If you write the password into the cookie, you don't need to ask anything.
------ Solution --------------------
It is best to add a cookie for the test to check whether the cookies are modified (spoofed );
The procedure is as follows:
1. the user ID or user name is written into the cookie, named
2. use the following method to encrypt the user ID or user name and write it into the cookie. name B
3. decrypt B to determine whether it is the same as A to determine the logon location.

Share code:

/**
* Security code
* @ Param string $ string the text to be processed
* @ Param string $ operation processing method (DECODE: decoding, ENCODE: encoding)
* @ Param string $ key
* @ Param int $ expiry expiration time
* @ Return string
*/
Function oauthCode ($ string, $ operation = 'Decode', $ key = '', $ expiry = 0)
{
$ Ckey_length = 4;
$ Key = md5 ($ key! = ''? $ Key: '000000'); // Default key
$ Keya = md5 (substr ($ key, 0, 16 ));
$ Keyb = md5 (substr ($ key, 16, 16 ));
$ Keyc = $ ckey_length? ($ Operation = 'decode '? Substr ($ string, 0, $ ckey_length): substr (md5 (microtime (),-$ ckey_length )):'';
$ Cryptkey = $ keya. md5 ($ keya. $ keyc );
$ Key_length = strlen ($ cryptkey );
$ String = $ operation = 'decode '? Base64_decode (substr ($ string, $ ckey_length): sprintf ('% 010d', $ expiry? $ Expiry + time (): 0). substr (md5 ($ string. $ keyb), 0, 16). $ string;
$ String_length = strlen ($ string );
$ Result = '';
$ Box = range (1, 0,255 );
$ Rndkey = array ();
For ($ I = 0; $ I <= 255; $ I ++)
{
$ Rndkey [$ I] = ord ($ cryptkey [$ I % $ key_length]);
}
For ($ j = $ I = 0; I I <256; $ I ++)
{
$ J = ($ j + $ box [$ I] + $ rndkey [$ I]) % 256;
$ Tmp = $ box [$ I];
$ Box [$ I] = $ box [$ j];
$ Box [$ j] = $ tmp;
}
For ($ a = $ j = $ I = 0; $ I <$ string_length; $ I ++)
{
$ A = ($ a + 1) % 256;
$ J = ($ j + $ box [$ a]) % 256;
$ Tmp = $ box [$ a];
$ Box [$ a] = $ box [$ j];
$ Box [$ j] = $ tmp;
$ Result. = chr (ord ($ string [$ I]) ^ ($ box [($ box [$ a] + $ box [$ j]) % 256]);