JEFF MACK Posted April 18, 2015 Posted April 18, 2015 What components make up the CSRF key for the logout code? In 3.4 it was a combination of a few member items encrypted in md5. I need to create a logout key for sections of my site out side the forum.
JEFF MACK Posted April 18, 2015 Author Posted April 18, 2015 That what you need? Yes that is good, but is this what it basically is. I am trying to figure out the logic that was there..md5( email + login key + member_Id + joined + id) ?
Marcher Technologies Posted April 19, 2015 Posted April 19, 2015 \system\Session\Session.php, init method. /* Set ID */ $this->id = session_id(); /* Crate csrf key */ $this->csrfKey = md5( "{$this->member->email}&{$this->member->member_login_key}& " . ( $this->member->member_id ? $this->member->joined->getTimestamp() : 0 ) . '&' . $this->id ); You aren't going to be able to generate it externally(via an api or such) without loading the framework due to the session_id being used therein, it would seem.
JEFF MACK Posted April 19, 2015 Author Posted April 19, 2015 you can query the session id from the ipcore_sessions table. I am not a php programmer so I am just trying to figure out what the logic means here with these variables. overall to me it looks like:md5( email + & + login key + & + member_id + & + joined + & + jsession_id) I am not 100% certain about that member_id / joined date part since it looks like its an if / or
Recommended Posts
Archived
This topic is now archived and is closed to further replies.