spoofing login (2 posts)

  1. KnhJp
    Posted 11 years ago #


    I have noticed the login name is stored in the cookie once you are logged in. Is there a way to get the current logged in user, without being worried about someone spoofing a login (without knowing the password) by changing the cookie?

    (I have been using get_currentuserinfo() to get the logged in user's information. Everything is from the database except the login. A friend of mine bypassed the security on my site (as a test) by spoofing the login via the cookies)

    If anyone can tell me how I can prevent such a security breach, I would really appreciate it :)

    (So my question is -- Is there another function that I should call to get the current user login name, without worrying about getting spoofed via the cookie)

  2. KnhJp
    Posted 11 years ago #

    Oh, I found wp_login() I think that works. :)

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.