Setting Cookie for SSO

Started by computergenius, March 24, 2017, 07:05:21 AM

Previous topic - Next topic

computergenius

I have been looking at the (old) post, http://www.simplemachines.org/community/index.php?topic=7562.0

I set up the forum, and examined a user cookie. The value was
a%3A4%3A%7Bi%3A0%3Bs%3A2%3A%2218%22%3Bi%3A1%3Bs%3A40%3A%22d3940613acf3fc139120787931e825897cccde28%22%3Bi%3A2%3Bi%3A1679436379%3Bi%3A3%3Bi%3A2%3B%7D

I have copied the code from the topic above, but my cookie doesn't look that that, it looks like:
a%3A2%3A%7Bi%3A0%3Bs%3A22%3A%[email protected]%22%3Bi%3A1%3Bs%3A32%3A%22edaec4deb4dba5edbeeb1971cc4e5f2e%22%3B%7D

In the cookie from my code, I can see the users email address!

I have been simplifying the code, so that I can spot the problem, without success - here is a simplified version:

$md5_passwrd = md5_hmac('[email protected]', 'mypassword');
$password = md5_hmac($md5_passwrd, 'ys');

setcookie("SMFCookieTest2", serialize(array('[email protected]', $password)), time() + (60 * 1) );


function md5_hmac($data, $key)
{
    if (strlen($key) > 64)
        $key = pack('H*', md5($key));
    $key  = str_pad($key, 64, chr(0x00));

    $k_ipad = $key ^ str_repeat(chr(0x36), 64);
    $k_opad = $key ^ str_repeat(chr(0x5c), 64);

    return md5($k_opad . pack('H*', md5($k_ipad . $data)));
}

Can anyone see what I am doing wrong, please?

Advertisement: