"Kom ihåg mig" - säkraste sättet
VPN kryptering, inbyggt tillägg som stegar igenom fördefinerade sha-256 strängar genom ett tillägg i webbläsaren som bakas in vid varje request... Ehm. En lite mer normal lösning;
Använd mcrypt med t.ex. blowfish på ett liknande sätt
Kod:
class Cookie {
private $created;
private $userid;
private $version;
private $td;
private $cookie;
private $cypher = 'blowfish';
private $mode = 'cfb';
private $key = 'choose a better key';
private $cookiename = 'USERAUTH';
private $myversion = '1';
private $expiration = '600';
private $warning = '300';
private $glue = '|';
public function __construct($userid = false) {
$this->td = mcrypt_module_open ($this->cypher, '', $this->mode, '');
if($userid) {
$this->userid = $userid;
return;
}
else {
if(array_key_exists($this->cookiename, $_COOKIE)) {
$buffer = $this->_unpackage($_COOKIE[$this->cookiename]);
}
else {
throw new AuthException("No Cookie");
}
}
}
public function set() {
$cookie = $this->_package();
set_cookie($this->cookiename, $cookie, 0);
}
public function logout() {
set_cookie($this->cookiename);
}
public function validate() {
if(!$this->version || !$this->created || !$this->userid) {
throw new AuthException("Malformed cookie");
}
if ($this->version != $this->myversion) {
throw new AuthException("Version mismatch");
}
if (time() - $this->created > $this->expiration) {
throw new AuthException("Cookie expired");
} else if ( time() - $this->created > $this->resettime) {
$this->set();
}
}
private function _package() {
$parts = array($this->myversion, time(), $this->userid);
$cookie = implode($glue, $parts);
return $this->_encrypt($cookie);
}
private function _unpackage($cookie) {
$buffer = $this->_decrypt($cookie);
list($this->version, $this->created, $this->userid) = explode($glue, $buffer);
if($this->version != $this->myversion ||
!$this->created ||
!$this->userid)
{
throw new AuthException();
}
}
private function _encrypt($plaintext) {
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
mcrypt_generic_init ($this->td, $this->key, $iv);
$crypttext = mcrypt_generic ($this->td, $plaintext);
mcrypt_generic_deinit ($this->td);
return $iv.$crypttext;
}
private function _decrypt($crypttext) {
$ivsize = mcrypt_get_iv_size($this->td);
$iv = substr($crypttext, 0, $ivsize);
$crypttext = substr($crypttext, $ivsize);
mcrypt_generic_init ($this->td, $this->key, $iv);
$plaintext = mdecrypt_generic ($this->td, $crypttext);
mcrypt_generic_deinit ($this->td);
return $plaintext;
}
private function _reissue() {
$this->created = time();
}
}