BestSites.ro

A persistent login mechanism (Remember Me) is most commonly made by storing cookies containing user information in browser. However, these cookies can be stolen and used by an attacker to access protected areas of a website.

One solution to prevent attacks is to use a token (a unique key generated by the system) at each login, which is saved in both the database and the client browser, used later to check the access.

First, add a ‘token’ field varchar (32) in users DB table. Then, adjust/integrate login.php and logout.php files into your website. Don’t forget to replace ‘…’ with your files or functions.

/* login.php
*/

if (isset($_SESSION['userid'])){
	// user already in, redirect to index
	...
}

// check cookie
if (isset($_COOKIE['login'])){
	// do login
	$u = unserialize( base64_decode( $_COOKIE['login'] ) );
	// get user from DB using $u['username']
	$user_id    = ...
	$user_token = ...
	if ($user_id){

		if ($u['key']==$user_token){

			// set session
			$_SESSION['userid'] = $user_id;
			// reset token
			$token  = md5($user_id.time());
			// update users table, set token for this $user_id
			...
                        // encode user data
			$cookie = base64_encode( serialize( array( 'username' => $u['username'], 'key' => $token ) ) );
			setcookie( 'login', $cookie, time()+30*24*3600, '/');

			// you are in, redirect to index
			...
		}
		else{// old cookie or attack

			//delete cookie
			setcookie ("login", false, time() - 3600, "/");
			unset($_COOKIE['login']);
		}
	}
	else{
		// wrong username
		//delete cookie
		setcookie ("login", false, time() - 3600, "/");
		unset($_COOKIE['login']);
	}
}

// from login screen
if(isset($_POST['login'])){

	// login (check username and password)
	$login = ...;
	if($login) {

		// get user id from DB
		$user_id = ...
		// set session
		$_SESSION['userid'] = $user_id;
		if (isset($_POST['remember'])){// persistent?

			// set cookie
			$token  = md5($user_id.time());
			// update users table, set token for this $user_id
			...
                        // encode user data
			$cookie = base64_encode( serialize( array( 'username' => $_POST['username'], 'key' => $token ) ) );
			setcookie( 'login', $cookie, time()+30*24*3600, '/');
		}
		// you are in, redirect to index
		...
	}
}

?>



Username


	    


Password


	    


Remember me


	    





	    

/* logout.php
*/

unset($_SESSION['userid']);
setcookie ("login", false, time() - 3600, "/");
unset($_COOKIE['login']);

Posted by Dan | Posted in Articles | No Comments