Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted April 18, 20159 yr What components make up the CSRF key for the logout code? In 3.4 it was a combination of a few member items encrypted in md5. I need to create a logout key for sections of my site out side the forum.
April 18, 20159 yr Author That what you need? Yes that is good, but is this what it basically is. I am trying to figure out the logic that was there..md5( email + login key + member_Id + joined + id) ?
April 19, 20159 yr \system\Session\Session.php, init method. /* Set ID */ $this->id = session_id(); /* Crate csrf key */ $this->csrfKey = md5( "{$this->member->email}&{$this->member->member_login_key}& " . ( $this->member->member_id ? $this->member->joined->getTimestamp() : 0 ) . '&' . $this->id ); You aren't going to be able to generate it externally(via an api or such) without loading the framework due to the session_id being used therein, it would seem.
April 19, 20159 yr Author you can query the session id from the ipcore_sessions table. I am not a php programmer so I am just trying to figure out what the logic means here with these variables. overall to me it looks like:md5( email + & + login key + & + member_id + & + joined + & + jsession_id) I am not 100% certain about that member_id / joined date part since it looks like its an if / or
Archived
This topic is now archived and is closed to further replies.