08-25-2010, 02:51 AM
Pages: 1 2
08-25-2010, 06:13 AM
It really depends on the script. It it's a forum, then it's something, if it's an user panel, it's another thing.
08-26-2010, 09:44 AM
store the username and some sort of session key that expires every X minutes and only works if the current ip matches last login ip.
08-26-2010, 01:49 PM
(08-26-2010, 09:44 AM)Iarkey Wrote: [ -> ]store the username and some sort of session key that expires every X minutes and only works if the current ip matches last login ip.
Use a cookie.
in the log in block put this
PHP Code:
$x = 3600; // time to expire
setcookie("IP", $_SERVER['REMOTE_ADDR'], time()+$x);
you can check if they match by doing this
PHP Code:
if($_COOKIE['IP'] == $_SERVER['REMOTE_ADDR']){
//do stuff
}else
die();
08-26-2010, 03:24 PM
(08-26-2010, 01:49 PM)Proof Wrote: [ -> ]Use a cookie.Then someone can just steal the cookie D:
in the log in block put this
PHP Code:$x = 3600; // time to expire
setcookie("IP", $_SERVER['REMOTE_ADDR'], time()+$x);
you can check if they match by doing this
PHP Code:if($_COOKIE['IP'] == $_SERVER['REMOTE_ADDR']){
//do stuff
}else
die();
08-26-2010, 03:52 PM
(08-26-2010, 03:24 PM)Iarkey Wrote: [ -> ]Then someone can just steal the cookie D:
You can steal a session if you're on the same server... I think it goes the same for a cookie. You can also add more parameters to it.
08-26-2010, 04:15 PM
(08-26-2010, 03:52 PM)Proof Wrote: [ -> ]You can steal a session if you're on the same server... I think it goes the same for a cookie. You can also add more parameters to it.you want to check the client uses the same ip as the one you assigned the cookie too.
08-26-2010, 05:30 PM
(08-26-2010, 04:15 PM)Iarkey Wrote: [ -> ]you want to check the client uses the same ip as the one you assigned the cookie too.
Either I'm not understanding you or you didn't read it..
PHP Code:
if($_COOKIE['IP'] == $_SERVER['REMOTE_ADDR']){
//do stuff
}else
die();
08-26-2010, 06:22 PM
(08-26-2010, 05:30 PM)Proof Wrote: [ -> ]Either I'm not understanding you or you didn't read it..wouldn't you just be able to edit the ip in the cookie to yours?
PHP Code:if($_COOKIE['IP'] == $_SERVER['REMOTE_ADDR']){
//do stuff
}else
die();
08-26-2010, 11:42 PM
(08-26-2010, 06:22 PM)Iarkey Wrote: [ -> ]wouldn't you just be able to edit the ip in the cookie to yours?
I guess you register a random md5 hash and then put it in the DB and check if it matches up each time a page loads.
Pages: 1 2