Fresh Powered - Auth Library

[eluser]El EmiZ[/eluser]
You're looking for a chimera, Adam, there's no way to make cookie stealing impossible, there always will be XSS and those things. The only secure way to prevent cookie stealing is to trust in the application developer to adding an extra secure layer to his code (like using HTTPS and/or filtering javascript from user input).

Check this, there's a nice workaround for mitigate the problems. http://ilia.ws/archives/121-httpOnly-coo...P-5.2.html (there's a hint in how to do that in PHP < 5.2).

Great job, good luck =)

PS: Also, if you need a simple cyphering routine, look (I've commented it a bit =P):

Code:

<?php
/*
    cyph 0.3 - Based on an old VB cyphering routine by El EmiZ
    usage:
        cyph(string, encryption key, action)
        * Where action: 0 = cypher | 1 = decypher
    
    returns:
        * -1 = No key specified.
        * -2 = Invalid action.
        * Another value = Cyphered or decyphered data.
*/

function cyph($string, $key, $action) {
    if (empty($key)) {
        return -1;
    }
    if (($action < 0) && ($action > 1)) {
        return -2;
    }

    if ($action == 1) {
        $string = base64_decode($string);
    }
    
    // In the command below we "restart" the rand engine,
    //  with a custom salt number.
    // This _salt_ can (and MUST) be changed =),
    //  preferably to a user choice's one (configuration option?)
    // MUST BE THE SAME SALT IN THE CYPHERING AND DECYPHERING!
    srand (12345678901234);
    $return = '';
    
    for ($x = 0; $x < strlen($string); $x++) {
        for ($y = 0; $y < ord(substr($key, $x % strlen($key), 1)); $y++) {
            // Let's cycle the rand sequence a bit ;)
            $cycle_rand = rand(0, 255);
        }
        $return .= chr(ord(substr($string, $x, 1)) ^ rand(0, 255));
    }
    
    if ($action == 0) {
        $return = base64_encode($return);
    }

    return $return;
}

echo cyph("Testing", "CodeIgniter", 0);
echo "<br />";
echo cyph("swRcNjg+og==", "CodeIgniter", 1);
?&gt;