At the moment, I am happy with my current method of authentication; however, I'm wondering if using a value stored in $_SESSION['id'] generated by my own algorithm has any advantages/disadvantages over using the string generated and stored in the users' cookie.
For security reasons, I am not going to post the exact algorithm I am using but posted below is code very similar to what I am using to help illustrate what I have done.
after the users' username & password is authenticated a string is generated and stored in $_SESSION['id']
Code: Select all
$_SESSION['id'] = md5($results['password'] . $results['username'] . $results['password']). md5($results['last_login']);(Again, For security reasons, I am not going to post the exact algorithm I am using but posted below is code very similar to what I am using to help illustrate what I have done.)
Code: Select all
<?php
//*********************************
//*********************************
//*** authorize.php by Hermit TL
//***
//*** validate or generate
//*** authorization code
//*********************************
//*********************************
//START Required Header Code
session_start();
//END Required Header Code
//START authorize function
function authorize($authcode=NULL){
switch($authcode){
case NULL:
$authcode = md5($_SESSION['id'] . md5($_SESSION['id'] . $_SESSION['id']));
$result = $authcode;
break;
case !NULL:
if ($authcode == md5($_SESSION['id'] . md5($_SESSION['id'] . $_SESSION['id']))){
$result = true;
}else{
$result = false;
}
break;
}
return $result;
}
//END authorize function
?>Thanks in advanced to anyone (and everyone) for helping me out with my inexperience.