Im trying to design a login system, which when the user is logged will provide a token at the end of each URL, this will have to match the token stored in the cookie, once this is matched the value of the cookie is changed to the value of the current session.
if (isset($_COOKIE['user_token']) && $_SESSION['user_token'])
{
if (isset($_GET['token']))
{
$cookie = explode("-", $_COOKIE['user_token']);
if ($cookie[0] === $_GET['token'] && $cookie[1] === $_SERVER['REMOTE_ADDR'])
{
$session_token = $_SESSION['user_token'];
$ip_address = $_SERVER['REMOTE_ADDR'];
setcookie("user_token", "$session_token-$ip_address", time()+4500 );
#allowed to continue, otherwise show form
}
}
}
else
{
require h_LOGIN;
die();
}
The token is a hashed value...
I've uploaded the full code on pastie: http://pastie.org/1113045 if anyone wants to have a look.
Yes, I am a newbie, and my code wont be the best,.. this was just an experiment. I'll be grateful of anyone has a better way of doing this.