Current time: 04-23-2014, 12:36 PM Hello There, Guest! (LoginRegister)


Post Reply 
What is the loginkey
04-15-2012, 03:58 AM
Post: #1
What is the loginkey
I was looking through the mybb installer and found the function generate_loginkey.

Could anyone tell what what it is used for. I went to mybb.com/sourcedocs and I found the references to them. All I see is the key being generated and updated but never checked. What is its purpose?

Thanks.
Find all posts by this user
Quote this message in a reply
04-15-2012, 04:05 AM (This post was last modified: 04-15-2012 04:06 AM by Solidus.)
Post: #2
RE: What is the loginkey
It generates a random key when logging in, which is then used to logout. For example,

Code:
http://community.mybb.com/member.php?action=logout&logoutkey=xxxxxxxxxxxxxxxxxxx

the x's are the key.
I think it's stored in the database under mybb_users for every user so only the end user can actually logout. This prevents things like action=logout&uid=27395.
I think, someone will confirm.

[Image: hdoE.png]
m1ne.net - coming soon
Visit this user's website Find all posts by this user
Quote this message in a reply
04-15-2012, 04:25 AM
Post: #3
RE: What is the loginkey
(04-15-2012 04:05 AM)Solidus Wrote:  It generates a random key when logging in, which is then used to logout. For example,

Code:
http://community.mybb.com/member.php?action=logout&logoutkey=xxxxxxxxxxxxxxxxxxx

the x's are the key.
I think it's stored in the database under mybb_users for every user so only the end user can actually logout. This prevents things like action=logout&uid=27395.
I think, someone will confirm.

Ok but the thing is, is that I DONT see it referenced anywhere to be checked.

http://www.mybb.com/sourcedocs/_function...inkey.html

It it defined there and it is referenced where its merely updated or initially created but not validated. Am I missing something?
Find all posts by this user
Quote this message in a reply
04-15-2012, 10:30 AM (This post was last modified: 04-15-2012 10:31 AM by Matt..)
Post: #4
RE: What is the loginkey
It's what's stored in your cookie to keep you logged in. Your login key will be something like 1_qwertyuiopasdfghjklzxcvbnm where i is your UID and the rest is the login key, then when you visit the forum is tries to find a user with that UID and loginkey, and it it does, it logs you in as that user. The generate_loginkey function itself is called a few places in the code, e.g.when you change your password. The logout key is actually the md5 of the loginkey but yes, is there so stop you logging someone else out.

Can you still feel the butterflies?

Free never tasted like pudding.
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MyBB | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication