Login

wolfgang1983 · 07-27-2016, 01:21 AM

I have a function below which creates / inserts the customers autologin information

How ever I am not sure if the tokens and unique_tokens secure enough.

There is no personal information set in the cookie just tokens

Should I improve the tokens what would you suggest for tokens?

PHP Code:
public function create_autologin($customer_id) 
{
    $size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
    $msg = uniqid(rand());
    $key = $this->CI->config->item('encryption_key');
    $token = $this->CI->encrypt->encode($msg, $key);
    $unique_token = bin2hex(mcrypt_create_iv($size, MCRYPT_DEV_RANDOM));

    $data = array(
        'customer_id' => $customer_id,
        'token' => $token,
        'unique_token' => $unique_token,
        'created' => time()
    );

    if ($this->CI->db->insert($this->CI->db->dbprefix . 'customer_autologin', $data)) {

        setcookie('remember', "$token:$unique_token", $this->set_the_time_for_cookie_to_expire, '/', '.localhost', false, true);

        $session_data = array(
            'customer_id' => $customer_id,
            'is_logged_in' => true
        );

        $this->CI->session->set_userdata($session_data);
    }
} 

There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!