JEFF MACK Posted April 18, 2015 Share Posted April 18, 2015 What components make up the CSRF key for the logout code? In 3.4 it was a combination of a few member items encrypted in md5. I need to create a logout key for sections of my site out side the forum. Link to comment Share on other sites More sharing options...
noj75 Posted April 18, 2015 Share Posted April 18, 2015 That what you need? Link to comment Share on other sites More sharing options...
JEFF MACK Posted April 18, 2015 Author Share Posted April 18, 2015 That what you need? Yes that is good, but is this what it basically is. I am trying to figure out the logic that was there..md5( email + login key + member_Id + joined + id) ? Link to comment Share on other sites More sharing options...
Marcher Technologies Posted April 19, 2015 Share Posted April 19, 2015 \system\Session\Session.php, init method. /* Set ID */ $this->id = session_id(); /* Crate csrf key */ $this->csrfKey = md5( "{$this->member->email}&{$this->member->member_login_key}& " . ( $this->member->member_id ? $this->member->joined->getTimestamp() : 0 ) . '&' . $this->id ); You aren't going to be able to generate it externally(via an api or such) without loading the framework due to the session_id being used therein, it would seem. Link to comment Share on other sites More sharing options...
JEFF MACK Posted April 19, 2015 Author Share Posted April 19, 2015 you can query the session id from the ipcore_sessions table. I am not a php programmer so I am just trying to figure out what the logic means here with these variables. overall to me it looks like:md5( email + & + login key + & + member_id + & + joined + & + jsession_id) I am not 100% certain about that member_id / joined date part since it looks like its an if / or Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.