Mutley Posted December 30, 2006 Share Posted December 30, 2006 How can I check my cookies and test them to make sure my login is working securely and properly? I don't want people do be able to make the cookies and login, as I feel my system is rather basic. Link to comment https://forums.phpfreaks.com/topic/32326-checking-cookies/ Share on other sites More sharing options...
matto Posted December 31, 2006 Share Posted December 31, 2006 How are you validating the usernames and passwords? Link to comment https://forums.phpfreaks.com/topic/32326-checking-cookies/#findComment-150138 Share on other sites More sharing options...
Mutley Posted January 1, 2007 Author Share Posted January 1, 2007 I just made a cookie with someone elses username in and I could log in to their control panel - whoops! The actual login creates an ID cookie and a Password cookie (which is encoded, the username ID cookies isn't).So my pages must only check the username cookie and not verify the password! I can't believe how easy it was.This is my config file:[code]$logged = MYSQL_QUERY("SELECT * from users WHERE id='$_COOKIE[id]' AND id='".$userid."' ");$logged = mysql_fetch_array($logged);[/code]Which completely ignores the password cookie, I don't have a clue how to make it work, to decode the cookie and check if the login is correct. Link to comment https://forums.phpfreaks.com/topic/32326-checking-cookies/#findComment-150782 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.