I was looking through the mybb installer and found the function generate_loginkey.
Could anyone tell what what it is used for. I went to mybb.com/sourcedocs and I found the references to them. All I see is the key being generated and updated but never checked. What is its purpose?
Thanks.
It generates a random key when logging in, which is then used to logout. For example,
http://community.mybb.com/member.php?action=logout&logoutkey=xxxxxxxxxxxxxxxxxxx
the x's are the key.
I think it's stored in the database under mybb_users for every user so only the end user can actually logout. This prevents things like action=logout&uid=27395.
I think, someone will confirm.
(2012-04-15, 04:05 AM)Solidus Wrote: [ -> ]It generates a random key when logging in, which is then used to logout. For example,
http://community.mybb.com/member.php?action=logout&logoutkey=xxxxxxxxxxxxxxxxxxx
the x's are the key.
I think it's stored in the database under mybb_users for every user so only the end user can actually logout. This prevents things like action=logout&uid=27395.
I think, someone will confirm.
Ok but the thing is, is that I DONT see it referenced anywhere to be checked.
http://www.mybb.com/sourcedocs/_function...inkey.html
It it defined there and it is referenced where its merely updated or initially created but not validated. Am I missing something?
It's what's stored in your cookie to keep you logged in. Your login key will be something like 1_qwertyuiopasdfghjklzxcvbnm where i is your UID and the rest is the login key, then when you visit the forum is tries to find a user with that UID and loginkey, and it it does, it logs you in as that user. The generate_loginkey function itself is called a few places in the code, e.g.when you change your password. The logout key is actually the md5 of the loginkey but yes, is there so stop you logging someone else out.