On 21/10/06, Dotan Cohen <dotancohen@xxxxxxxxx> wrote:
I'm in the horrible situation where I need a one-page script to hold
it's own password and validate itself. I coded this together, I want
this lists opinion as to whether or not it holds water, considering
the circumstance:
<?php
$sha1_pw="5218lm849l394k1396dip4'2561lq19k967e'30";
if ( $_COOKIE["password"] != sha1($sha1_pw) ) {
$varis=explode("/",$PATH_INFO);
$pre_password=explode("&",$varis[1]);
if ( sha1( substr($pre_password[0],0) ) == $sha1_pw ) {
setcookie("password", sha1($sha1_pw) );
header("Location: ".$_SERVER["SCRIPT_NAME"]."/".rand(999,99999));
exit;
} else {
print "Fvck Off";
exit;
}
}
// REST OF PAGE
?>
The idea is that the user could call the page like this:
http://server.com/directory/page.php/MyPassword
and the page would refresh to not show his password, yet keep him logged in.
Thanks for any and all input.
I should probably add more detail. I didn't want even the sha1 hashed
password stored on in the cookie, so the sha1 hash is sha1 hashed
again. That way, the password is not stored in plain text anywhere,
and the sha1 hash of the password is stored only on the server.
Like said, the file must be self-contained. What do the list memebers
think of this solution? Thanks.
Dotan Cohen
http://lahes.com
http://what-is-what.com/what_is/open_office.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
