<if variable=debugg>DEBUGGING ON<BR></if> <COMMENT> (15:14:34) Marc Pelzer 436: 'R1EuropeAuth_serial' => 'FE23185378E650FCE033C0A87F2E50FC@20060614131417|5808a6116352a72284b1d5c9632a1b9a' (15:15:49) glomphaim: can you paste your code line where you make the MD5? (15:15:56) Marc Pelzer 436: ok, mompls (15:16:38) Marc Pelzer 436: $this->{response}->{cookies}->{R1EuropeAuth_serial} = $userGuid . '@' . strftime("%Y%m%d%H%M%S", localtime(time)) . "|" . $this->{md5}->add($userGuid . '@' . strftime("%Y%m%d%H%M%S", localtime(time)) . $this->{obj}->{int}->{config}->{COOKIE}->{SECRET_PHRASE_realmusic})->hexdigest; (15:17:39) glomphaim: OK, so you are MD5-ing userguid@timestamp (15:18:05) Marc Pelzer 436: yep - and i connect the secret string directly to that </COMMENT> <if cookie="R1EuropeAuth_serial"> <cset variable=fullcookie preparse><insert cookie=R1EuropeAuth_serial></cset> <arraycadd preparse name=ray delim="|"><insert variable=fullcookie></arraycadd> <cset variable=field0 preparse><arrayfetch name=ray index=0 encode=none></cset> <cset variable=md5input preparse><arrayfetch name=ray index=1 encode=none></cset> <arraycadd preparse name=useranddate delim="@"><insert variable=field0></arraycadd> <cset variable=userguid preparse><arrayfetch name=useranddate index=0 encode=none></cset> <cset variable=usertime preparse><arrayfetch name=useranddate index=1 encode=none></cset> <md5 preparse quiet><insert variable=field0></md5><md5 preparse quiet><insert variable=secret></md5> <cset preparse variable=md5calc><md5digest></cset> <COMMENT> <BR> COOKIE data is <insert variable=field0> <BR> COOKIE MD5 is <insert variable=md5input> <BR> Calculated inbound MD5 is <insert variable=md5calc><BR></COMMENT> <formoutput><if variable="md5input is #md5calc#"><set variable=md5isok value=ya></if></formoutput> <if variable=md5isok> <if variable=debugg><BR>MD5 is OK<BR></if> <formoutput quote=???><sqloutput host=mysql://localhost/serial query="select serial from serial where userid='???userguid???'">#serial#</sqloutput></formoutput><BR> <formoutput quote=???> <cset preparse variable=dbserial><sqloutput host=mysql://localhost/serial query="select serial from serial where userid='???userguid???'">#serial#</sqloutput> <else>NOOL</else></cset> </formoutput> <if not variable="dbserial is NOOL"> <BR>Timestamp <insert variable=dbserial> found<BR> <COMMENT>There is a timestamp for this user, now figure out if it is cool</COMMENT> <insert variable=usertime>is usertime and <insert variable=dbserial> is dbserial<BR> <formoutput><set variable=diff expr="#usertime#-#dbserial#"></formoutput> <BR> diff is <insert variable=diff> <if not variable="diff is -*"> DIFF is POSITIVE. GOOD! <set variable=gooddiff value=ya> </if><COMMENT><else>echo NEGATIVE NUMBER D00D! invalid timestamp</else></COMMENT> </if><COMMENT><else>No entry in timestamp database for user <insert variable=userguid></else></COMMENT> </if><COMMENT><else>MD5 on the cookie is bad!</else></COMMENT> </if><COMMENT><else>No R1EuropeAuth_serial cookie! Wuzzzupppp?</else></COMMENT> <if variable="dbserial is NOOL"><set variable=serialnumberisgood value=ya></if> <if variable="gooddiff"><set variable=serialnumberisgood value=ya></if> <if variable=serialnumberisgood> <COMMENT> SET/UPDATE serial-timestamp </COMMENT> Setting new cookie value <BR> <cset preparse variable=nowtime><date strfmt=%Y%m%d%H%M%S></cset> <md5 preparse quiet><insert variable=userguid>@<insert variable=nowtime></md5><md5 preparse quiet><insert variable=secret></md5> <cset preparse variable=newmd5><md5digest></cset> <cset preparse variable=newuseranddate><insert variable=userguid>@<insert variable=nowtime>|<insert variable=newmd5></cset> <formoutput><set_cookie days=14 domain=.real.com name=R1EuropeAuth_serial value=#newuseranddate#></formoutput> <COMMENT> Enter new timestamp in database for the luser Updating time-based serial number in DB <BR></COMMENT> <formoutput quote=???><sqlquery host=mysql://localhost/serial query="replace into serial values ('???userguid???',???nowtime???)"></formoutput> </if></if>