· 7 years ago · Apr 16, 2018, 01:06 PM
1<?php
2
3define('SECRET_KEY', 'sddhfhwrhwehf87827878bbwf89wfmwjfw4');
4
5function login() {
6 //do login stuff, check for user in DB etc...
7
8 $user_id = 10;
9 $random = sha1(rand(0,100).microtime(TRUE));
10 $time = time();
11
12 $hash = sha1($user_id . $random . $time . SECRET_KEY);
13
14 setcookie('auth', "$hash|$user_id|$random|$time");
15}
16
17function login_from_cookie() {
18 //first check the signature
19 $cookie = explode('|', $_COOKIE['auth']);
20 $sig = sha1($cookie[1] . $cookie[2] . $cookie[3] . SECRET_KEY);
21
22 if ($cookie !== $sig) {
23 die('hacker!');
24 } else {
25 die('logged in!');
26 }
27}