07-27-2016, 01:21 AM
I have a function below which creates / inserts the customers autologin information
How ever I am not sure if the tokens and unique_tokens secure enough.
There is no personal information set in the cookie just tokens
Should I improve the tokens what would you suggest for tokens?
How ever I am not sure if the tokens and unique_tokens secure enough.
There is no personal information set in the cookie just tokens
Should I improve the tokens what would you suggest for tokens?
PHP Code:
public function create_autologin($customer_id)
{
$size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
$msg = uniqid(rand());
$key = $this->CI->config->item('encryption_key');
$token = $this->CI->encrypt->encode($msg, $key);
$unique_token = bin2hex(mcrypt_create_iv($size, MCRYPT_DEV_RANDOM));
$data = array(
'customer_id' => $customer_id,
'token' => $token,
'unique_token' => $unique_token,
'created' => time()
);
if ($this->CI->db->insert($this->CI->db->dbprefix . 'customer_autologin', $data)) {
setcookie('remember', "$token:$unique_token", $this->set_the_time_for_cookie_to_expire, '/', '.localhost', false, true);
$session_data = array(
'customer_id' => $customer_id,
'is_logged_in' => true
);
$this->CI->session->set_userdata($session_data);
}
}
There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!