MySQL_Narb Posted September 23, 2012 Share Posted September 23, 2012 The below code validates cookies for my website: //VALIDATE THE COOKIE //makes sure the user doesn't manually //change their cookie to something that doesn't exist if(isset($_COOKIE['user'])) { //query to check if their IP is banned $this->database->processQuery("SELECT * FROM `banned_ips` WHERE `ip` = ? LIMIT 1", array($_SERVER['REMOTE_ADDR']), false); $results = $this->database->getRowCount(); //let's make sure that their account isn't banned $d = $this->database->processQuery("SELECT `acc_status` FROM `users` WHERE `cookie` = ? LIMIT 1", array($_COOKIE['user']), true); if($this->database->getRowCount() == 0 || $d[0]['acc_status'] == 0 || $results >= 1) { setcookie('user', null, time()-2147483648, '/', $domain); die('DID'); } } However, upon entering a random cookie (meaning I'm logged in as nobody, but still logged in) - the above code does reach the "DID" line, but never deletes the cookie. This allows users to login as...nobody, but still ineract as if they are a user. This code is suppose to help prevent that. But it's still possible, why? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 23, 2012 Share Posted September 23, 2012 You're only checking to see if the user is banned if the cookie is expired/missing? What happens if the user changes the time value? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.