View Single Post
  #2  
Old 01 Jan 2013, 18:45
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
I don't have a lot of advice to give you because I'm not familiar with existing scripts that do this kind of thing, I'm only familiar with vbulletin. In any case, it seems like what you posted should work:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


if that's the right url for the shop search. Have you tried it?


About the encryption: you could replace the calls to md5() with whatever encryption function you wanted. I think the built in php crypt() function: http://us2.php.net/manual/en/function.crypt.php used to depend on what was configured on your server, but I believe as of php version 5.3, it has all of the options built in, so it seems like if you want to use something more secure, that's an easy choice.

But looking at the script you posted, it seems the encrypted password is only used to set the password in the cookie. (I really don't know why the script even bothers to encrypt the password before checking it since it's got the plain text password available - maybe the author thought it might be modified to get passwords from a database or something). So I think you're really only worrying about the possibility of the cookie being obtained from the computer of someone who knew the password. I don't know how much of a security risk that is. I think the usual worry is someone stealing the encrypted passwords from a database, but in this case you don't have a database, and the password is stored in plain text in the script.
Reply With Quote