A
Anonymous
Guest
Hey All,
Im trying to find out the best way to protect the members area of a site with the use of cookies. Till this date i found the following code below the best way to protect with. This is an example of something similar i use. Please if you find a better way to do so please get back to me.
Thanks in advance if you have any ideas..
Im trying to find out the best way to protect the members area of a site with the use of cookies. Till this date i found the following code below the best way to protect with. This is an example of something similar i use. Please if you find a better way to do so please get back to me.
Code:
<?
/* THIS IS USED TO ENCODE THE PASSWORD WHEN SETTING THE COOKIE */
function pw_encode($password)
{
$seed = "";
for ($i = 1; $i <= 8; $i++)
$seed .= substr('0123456789abcdef', rand(0,15), 1);
return md5($seed.$password).$seed;
}
/* THIS IS USED TO DECODE THE CHECK IF THE PASSWORD FROM THE MYSQL DATABASE EQUALS THE ENCODED PASSWORD */
function pw_check($password,$stored_value)
{
$stored_seed = substr($stored_value,32,8);
if (md5($stored_seed.$password).$stored_seed == $stored_value)
return "1";
else
return "2";
}
/* PULL OUT THE USERNAME FROM THE DATABASE WITH THE COOKIE */
$a = mysql_query("SELECT `user` FROM `user` WHERE `user` = '$_COOKIE[USERNAME]'");
$b = mysql_fetch_array($a);
/* CHECK WITH THE FUNCTION CREATED IF USERNAME FROM DATABASE EQUALS ENCODED COOKIE USERNAME */
if (pw_check($b['user'],$_COOKIE[USERNAME]) == '2')
{
echo "FAIL THE USERNAME IS INCORRECT";
exit;
}
?>
Thanks in advance if you have any ideas..