Menu
Community /Pin to ProfileBookmark
@NogDogAug 19.2018 — #Rather than doing all that work, I'd just do something like:
Random Token Generation
Hello community, I’m fairly new to PHP, so any guidance is pretty much appreciated. Currently I’m trying to implement a login page. I started to think that identity authentication (email + pass) wasn’t good enough to prevent someone from accessing pages that require user to login (by directly accessing the script file). For example, adding posts, managing users, etc.
And as far as I’m concerned, this goes through my mind:
session_start();
class Token{
private $upper = “ABCDEFGHIJKLMNOPQRSTUVWXYZ”;
private $lower = “abcdefghijklmnopqrstuvwxyz”;
private $num = “0123456789”;
private $alphaLen = 26;
private $numLen = 10;
private $key;
function __construct(){
for($i = 0; $i < 10; $i++){
$x = rand(0, 2);
switch($x){
case 0:
$r = rand(0, $this->alphaLen);
$this->key .= $this->upper{$r};
break;
case 1:
$r = rand(0, $this->alphaLen);
$this->key .= $this->lower{$r};
break;
case 2:
$r = rand(0, $this->numLen);
$this->key .= $this->numLen{$r};
}
}
}
function getKey(){
return $this->key;
}
}
$t = new Token();
$token = $t->getKey();
$_SESSION[‘auth’] = $token;
setcookie(‘token’, $token, 0);
//Below is code for other PHP script
session_start();
if(!isset($_COOKIE[‘token’]) && !isset($
echo ‘Hotlinking’;
} else if($_COOKIE[‘token’] != $
echo ‘Hotlinking’;
} else {
echo ‘good’
//script goes here
}
Is this acceptable in term of security? Or perhaps is there any better way to do so?
Sign in
to post a comment1 Comments(s) ↴
0
@NogDogAug 19.2018 — #Rather than doing all that work, I'd just do something like:``<i>
</i>$token = sha1(uniqid(null, true));<i>
</i>`</CODE>
E.g.:
<CODE>`<i>
</i>15:29 $ php -a
Interactive shell
php > $token = sha1(uniqid(null, true));
php > echo $token;
9f627e0076d8042ffa3de6f6f93265d778a177fa
php > $token = sha1(uniqid(null, true));
php > echo $token;
3ba0657f00dcbed6eb66140e88f385b38a7bbbdd<i>
</i>``