[PHP] Cookies..

[Sidoh]

<insert generic comment about poor programming habits here>

actually, I'm sure I would be saying more than that if it was in a language that I knew better :)

*grin*

Oh, I missed the entire discussion about seperating display output from other portions of a script.. yeah, I absolutely agree with warrior.  One way may work, but it's a huge fucking pain in the ass to upgrade code when you're stuck with static display output.  I don't necessarily agree that this sort of thing warrants such coding techniques, but it wouldn't hurt to practice these sorts of things, even on such a simple project.

[iago]

Of everything, there are only a couple points that I want to pursue:

I'm criticizing his code and trying to help him learn how to better implement his ideas in PHP.  I'm not trying to be mean or anything.

There's a way to criticize code to help, and a way to criticize to be mean.  I suspect that your original post reflected the latter, but I could be mistaken. 

md5 is infitely easier to collide than sha1, and if someone hijacked an admin cookie, they could easily log in as the superuser.

The only way to find a collision is to control two different plaintext messages and force them to hash to the same.  Both SHA1 and MD5 are vulnerable to that, but that only affects very rare cases.  In general, to store password or other sensitive data in a non-reversable form, MD5 and SHA1 are still fairly strong. 

Yes, there is a slightly higher chance that "Lovecraft" and "Cthulhu" will collide on MD5 than on SHA1, but it's such a miniscule difference that it's not worth considering. 

You really shouldn't store the password in a cookie in any form, technically.  I tend to use a disposable token, like the session variable, that expires when the cookie expires. 

[Chavo]

I'm sorry that I have to do this, a little part of me just died on the inside:

criticize*

There are only two commonly mispelled words that bug me, now you know one ;)

[iago]

I'm sorry that I have to do this, a little part of me just died on the inside:

criticize*

There are only two commonly mispelled words that bug me, now you know one ;)

Yeah, I knew it looked wrong, so I switched the s and z.  It still looked wrong, so I just gave up.  I hate the word. 

[Sidoh]

I'm sorry that I have to do this, a little part of me just died on the inside:

criticize*

There are only two commonly mispelled words that bug me, now you know one ;)

Wut iz teh other won?

[Chavo]

If I told you I'd have to kill you

[iago]

In other words, start intentionally misspelling difficult-to-spell words until he speaks up. :)

[Chavo]

Haha, that would work if there were more than the two that bothered me.  It doesn't help your cause to spam words that don't bother me.

I'll give it up for a really good cookie or a fresh beer.

[rabbit]

How about a pwncookie, or maybe even a whole batch of pwncookies?

[iago]

Haha, that would work if there were more than the two that bothered me.  It doesn't help your cause to spam words that don't bother me.

I'll give it up for a really good cookie or a fresh beer.

No, but evenchally we're bound to find the word. :P

[Sidoh]

I agree iago, we must manetane our efferts.

[Chavo]

lol@ manetane

rabbit, those cookies don't have nearly enough chocolate chips.  Who do you take me for? A non cookie-afficianado? Honestly.

[rabbit]

They have enough, trust me (or did, before I ate them a few months ago).  The chips consolidate towards the bottoms due to the way the dough spreads in the oven.

[Chavo]

Damn't.  Now I'm hungry

[d&q]

lol@ manetane

rabbit, those cookies don't have nearly enough chocolate chips.  Who do you take me for? A non cookie-afficianado? Honestly.

Warez the fudge? Its speled aficionado! Dunt b a hippo-crit!