switch ($_SESSION["security-level"]) { case "0": // This code is insecure // This code is insecure case "1": // This code is insecure /* Use the clients authorization token which is stored in * the cookie (in this case). Placing authorization tokens * on the client is fairly ridiculous. * * Known Vulnerabilities: SQL Injection, Authorization Bypass, Session Fixation, * Lack of custom error page, Application Exception */ if (isset($_COOKIE['uid'])) { try { $lQueryResult = $SQLQueryHandler->getUserAccountByID($_COOKIE['uid']); // Switch to whatever cookie the user sent to simulate sites // that use client-side authorization tokens. Auth information // should never be in cookies. if ($lQueryResult->num_rows > 0) { $row = $lQueryResult->fetch_object(); $_SESSION['loggedin'] = 'True'; $_SESSION['uid'] = $row->cid; $_SESSION['logged_in_user'] = $row->username; $_SESSION['logged_in_usersignature'] = $row->mysignature; $_SESSION['is_admin'] = $row->is_admin; header('Logged-In-User: '******'logged_in_user'], true); } // end if ($result->num_rows > 0) } catch (Exception $e) { echo $CustomErrorHandler->FormatError($e, $lQueryString);