Here are the two critical functions in this library – the token creation and token verification functions.
Don’t worry – the rest of the library is included here as well.
Don’t worry – the rest of the library is included here as well.
<?php
$hidden_hash_var
='your_secret_password_here';
$LOGGED_IN=false;
unset($LOGGED_IN);
function
user_isloggedin() {
global $user_name,$id_hash,$hidden_hash_var,$LOGGED_IN;
//have we already run the hash checks?
//If so, return the pre-set, trusted var
if ( isset($LOGGED_IN) ) {
return $LOGGED_IN;
}
//are both cookies present?
if ($user_name && $id_hash) {
/*
Create a hash of the user name that was
passed in from the cookie as well as the
trusted hidden variable
If this hash matches the cookie hash,
then all cookie vars must be correct and
thus trustable
*/
$hash=md5($user_name.$hidden_hash_var);
if ($hash == $id_hash) {
//hashes match - set a global var so we can
//call this function repeatedly without
//redoing the md5()'s
$LOGGED_IN=true;
return true;
} else {
//hash didn't match - must be a hack attempt?
$LOGGED_IN=false;
return false;
}
} else {
$LOGGED_IN=false;
return false;
}
}
function
user_set_tokens($user_name_in) {
/*
call this once you have confirmed user name and password
are correct in the database
*/
global $hidden_hash_var,$user_name,$id_hash;
if (!$user_name_in) {
$feedback .= ' ERROR - User Name Missing When Setting Tokens ';
return false;
}
$user_name=strtolower($user_name_in);
//create a hash of the two variables we know
$id_hash= md5($user_name.$hidden_hash_var);
//set cookies for one month - set to any amount
//or use 0 for a session cookie
setcookie('user_name',$user_name,(time()+2592000),'/','',0);
setcookie('id_hash',$id_hash,(time()+2592000),'/','',0);
}
?>
