2013-10-14, 02:14 PM
Hello!
I'm trying to write a plugin for wordpress to use Mybb's cookies to authenticate users, and I would like someone to confirm me that what I thought to do is right.
When I login to the forum, mybb creates a number of cookies:
sid
loginattempts
mybb[lastactive]
mybb[lastvisit]
mybbuser
looking at them, the two that seems being useful to me are:
mybbuser: which contain user id and loginkey
sid which contain user's session id
for use them from wordpress I thought to edit the following values in mybb configuration, so I can access them also from the root of the site, even if the forum is in /forum folder:
To be sure that the user is who the cookie says, i compare loginkey from the mybbuser cookie and the value contained in the database.
Is this right and secure?
Any suggestion?
Thanks
Alder
I'm trying to write a plugin for wordpress to use Mybb's cookies to authenticate users, and I would like someone to confirm me that what I thought to do is right.
When I login to the forum, mybb creates a number of cookies:
sid
loginattempts
mybb[lastactive]
mybb[lastvisit]
mybbuser
looking at them, the two that seems being useful to me are:
mybbuser: which contain user id and loginkey
sid which contain user's session id
for use them from wordpress I thought to edit the following values in mybb configuration, so I can access them also from the root of the site, even if the forum is in /forum folder:
$settings['cookiedomain'] = "";
$settings['cookiepath'] = "/";
$settings['cookieprefix'] = "forum_";
To be sure that the user is who the cookie says, i compare loginkey from the mybbuser cookie and the value contained in the database.
Is this right and secure?
Any suggestion?
Thanks
Alder