Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,415
    Thanks
    269
    Thanked 32 Times in 31 Posts

    random token key

    Hi i have set up a token key to give me some extra protection against direct url access to the page but i wanted to make it random.

    at first i used session token but it is not set until after a page refresh on login so this has to be its own deal..

    i have found several javascript random codes but how to i pass that value to the window call..

    here is the window call.. as you can see right know i have it hard coded as one token all the time. i just need it random and then sha1 (or md5)

    Code:
    function url_chat(){
    chatwindow = window.open("<?=$CONST_MY_ROOT?>/mychat/chat/index.php?tok=0ed61bdd3a8a86f39e6b4abd01ba4e3649d0ec1c", "chatwindow", "location=0,status=0,scrollbars=0,menubar=0,resizable=0,width=950,height=550");
    }

    i could use this i guess but i dont know how to get that value to the window call above.

    Code:
    document.write(Math.floor(Math.random()*999999999999999999));
    Last edited by durangod; 08-01-2011 at 02:41 PM.

  • #2
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,415
    Thanks
    269
    Thanked 32 Times in 31 Posts
    actually i think im going to work this a different way, i was thinking after i did this that anyone could just type in anything in the tok value in the url and it would pass.

    so what im thinking now is that i will set a value in a cookie maybe or something on login so it is set right way, then have an array check on the other side to verify it. session wont work because i dont allow them access to the session until after verified.

    the way this is now just wont work, but thanks.

  • #3
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,415
    Thanks
    269
    Thanked 32 Times in 31 Posts
    just to update yep thats what i did..

    i set a cookie on login, sha1 it, then set in the javascript url, then verify the sha1 content when the window opens. now its random and works well... just wanted to let you know..


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •