MyHabbo Panel - The ultimate fansite radio DJ panel

[BoyBetterKnow]

Yeah sure, when i first started the project i wasnt sure weather cookies or sessions were more secure, so i chose cookies. Im in the process of changing it all to sessions ect.. and ill post a sample of the main page when its complete

K depends how you've done the cookies. They can be secure...

As long as you're not storing the id of the user in the cookie. Or if you are then store a unique ID that is needed in the cookie that perhaps regenerates every / every few loads and they need that unique id in their cookie to be logged in or w/e.

[LMS16]

K depends how you've done the cookies. They can be secure...

As long as you're not storing the id of the user in the cookie. Or if you are then store a unique ID that is needed in the cookie that perhaps regenerates every / every few loads and they need that unique id in their cookie to be logged in or w/e.

Yeah i spose. Im sure ill figure a way of doing it..

Im gonna be at school soon so release will be delayed.

[Tomm]

If you can't figure that out for yourself I have serious doubts as to how well coded this project will be - especially after you critised other work. While I have no problem with your project and wish you success i'd prefer that you don't criticise other people's work for issues that you don't have sufficient knowledge in.

Yeah sure, when i first started the project i wasnt sure weather cookies or sessions were more secure, so i chose cookies. Im in the process of changing it all to sessions ect.. and ill post a sample of the main page when its complete

You just described how PHP sessions work, to some extent, (Soring the session ID in a cookie - default method) with session_regenerate_id which is a fundermental part of securing your application and should be called when the client's privileges are escalated. The session ID identifies the session data that PHP should use, therefore you need to make sure the supplied session ID is not stolen; changing the session ID, checking the IP address of the client and securing your application from XSS attacks are all essensial parts of PHP application security and will help prevent stolen session IDs being used to masquerade as authenticated clients.

K depends how you've done the cookies. They can be secure...

As long as you're not storing the id of the user in the cookie. Or if you are then store a unique ID that is needed in the cookie that perhaps regenerates every / every few loads and they need that unique id in their cookie to be logged in or w/e.

[LMS16]

Thanks for the advbice guys, im still learning as i go along.

[BoyBetterKnow]

You just described how PHP sessions work, to some extent, (Soring the session ID in a cookie - default method) with session_regenerate_id which is a fundermental part of securing your application and should be called when the client's privileges are escalated. The session ID identifies the session data that PHP should use, therefore you need to make sure the supplied session ID is not stolen; changing the session ID, checking the IP address of the client and securing your application from XSS attacks are all essensial parts of PHP application security and will help prevent stolen session IDs being used to masquerade as authenticated clients.

Yeh That was a pretty insane explanation. Yeh I always regenerate the session id and have it in the online users table. If IDs don't match then log the user out and in some cases log it in an error table.

[Shibby-Shabs]

Any BETA releases or test accounts?

[Shcl]

has dis been released yet :p

[Shibby-Shabs]

Hello, any updates?

[DJ-Ains.T]

Same, update us!!

[LMS16]

Right, update for ya.

The name has changed to "Bobba Panel", all images are in .gif format (decreases the load time), made the panel run on SESSIONS rather than COOKIES for added security, completly new layout.

I am currently looking for any ideas you may have for the panel.

Previews: