Jump to content

CSRF key for logout


JEFF MACK
 Share

Recommended Posts

\system\Session\Session.php, init method.

		/* Set ID */
		$this->id = session_id();

		/* Crate csrf key */
		$this->csrfKey = md5( "{$this->member->email}&{$this->member->member_login_key}& " . ( $this->member->member_id ? $this->member->joined->getTimestamp() : 0 ) . '&' . $this->id );

You aren't going to be able to generate it externally(via an api or such) without loading the framework due to the session_id being used therein, it would seem.

Edited by Marcher Technologies
Link to comment
Share on other sites

you can query the session id from the ipcore_sessions table.  I am not a php programmer so I am just trying to figure out what the logic means here with these variables.

 

overall to me it looks like:
md5( email + & + login key + & + member_id + & + joined + & + jsession_id) 

 

I am not 100% certain about that member_id / joined date part since it looks like its an if / or

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...