switch ($_SESSION["security-level"]) {
case "0":
// This code is insecure
// This code is insecure
case "1":
// This code is insecure
/* Use the clients authorization token which is stored in
* the cookie (in this case). Placing authorization tokens
* on the client is fairly ridiculous.
*
* Known Vulnerabilities: SQL Injection, Authorization Bypass, Session Fixation,
* Lack of custom error page, Application Exception
*/
if (isset($_COOKIE['uid'])) {
try {
$lQueryResult = $SQLQueryHandler->getUserAccountByID($_COOKIE['uid']);
// Switch to whatever cookie the user sent to simulate sites
// that use client-side authorization tokens. Auth information
// should never be in cookies.
if ($lQueryResult->num_rows > 0) {
$row = $lQueryResult->fetch_object();
$_SESSION['loggedin'] = 'True';
$_SESSION['uid'] = $row->cid;
$_SESSION['logged_in_user'] = $row->username;
$_SESSION['logged_in_usersignature'] = $row->mysignature;
$_SESSION['is_admin'] = $row->is_admin;
header('Logged-In-User: '******'logged_in_user'], true);
}
// end if ($result->num_rows > 0)
} catch (Exception $e) {
echo $CustomErrorHandler->FormatError($e, $lQueryString);
