...

View Full Version : random token key



durangod
08-01-2011, 02:37 PM
Hi i have set up a token key to give me some extra protection against direct url access to the page but i wanted to make it random.

at first i used session token but it is not set until after a page refresh on login so this has to be its own deal..

i have found several javascript random codes but how to i pass that value to the window call..

here is the window call.. as you can see right know i have it hard coded as one token all the time. i just need it random and then sha1 (or md5)



function url_chat(){
chatwindow = window.open("<?=$CONST_MY_ROOT?>/mychat/chat/index.php?tok=0ed61bdd3a8a86f39e6b4abd01ba4e3649d0ec1c", "chatwindow", "location=0,status=0,scrollbars=0,menubar=0,resizable=0,width=950,height=550");
}





i could use this i guess but i dont know how to get that value to the window call above.



document.write(Math.floor(Math.random()*999999999999999999));

durangod
08-01-2011, 03:08 PM
actually i think im going to work this a different way, i was thinking after i did this that anyone could just type in anything in the tok value in the url and it would pass.

so what im thinking now is that i will set a value in a cookie maybe or something on login so it is set right way, then have an array check on the other side to verify it. session wont work because i dont allow them access to the session until after verified.

the way this is now just wont work, but thanks.

durangod
08-01-2011, 05:13 PM
just to update yep thats what i did..

i set a cookie on login, sha1 it, then set in the javascript url, then verify the sha1 content when the window opens. now its random and works well... just wanted to let you know..



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum