Home/ Questions/Q 8772657
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T18:05:20+00:00

I’m Using phpfox with userplane webchat and this function is to grab sessionGuid from

  • 0

I’m Using phpfox with userplane webchat and this function is to grab sessionGuid from the database Original function is:
Function 1:

function get_current_online_session_login() {
        $oSrvSec = &App::getModuleService('Account', 'Security');
        $login = $oSrvSec->getCurrentUserLogin();
        $aReq = getRow(App::getT('online_session'), 'online_session_user = "' . $login . '"');
//      return $aReq['online_session_login'];
        return $aReq['online_session_id'];
    }

And i make change’s in it so it return the salted hash but Chat is not working and show error that you are not authorized to enter in chat.
Here is what i make change in this code:

function get_current_online_session_login() {
        $oSrvSec = &App::getModuleService('Account', 'Security');
        $login = $oSrvSec->getCurrentUserLogin();
        $aReq = getRow(App::getT('online_session'), 'online_session_user = "' . $login . '"');
        $salt='waka_waka_shaka_laka_8342394';
//      return $aReq['online_session_login'];
        $umSar = $aReq['online_session_id'];
        $saltedHash = md5($umSar . $salt);
        return $saltedHash;
    }

in this file have 2 function for session_id so i am not sure how to resolve this issue
here is the 2nd session_id function:
Function 2

function get_user_with_session_id($session_id) {
        $session = getRow(App::getT('online_session'), "online_session_id = '$session_id'");
//      $session = getRow(App::getT('online_session'), "online_session_login = '$session_id'");
        $oSecurityService = &App::getModuleService('Account', 'Security');
        $user = $oSecurityService->getUserByName($session['online_session_user']);      
        return isset($user) ? $user->aData['id'] : null;
    }

Please i need help.
You can see function 1: and function 2: are original function in my common.php file and this function return the normal figure’s for session_id and i want to return session_id as md5 salted hash or base_64.
Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First you should understand, what a session-id is for. Normally the server will not recognize, that a user has already done some actions on a website, each request is like a new visit. To remember a user and his actions, the server stores them together with a random number, the session-id.

    This session-id will be passed to the browser, and if the user e.g. presses a button, this session-id is handled back to the server. Now the server can look for the stored actions with this number and therefore will “remember” the user.

    In your example you took the session-id, destroyed it with a one way hash function, and passed it to the browser. When the browser handles back this invalid session-id, the server has no chance to find the stored actions with this invalid number.

    That said, the session-id is only a number to refind the already stored information on the server. It does in no way improve security, when you alter this number, because the browser will just send back what he gets, and the server has to recognize it, whether he previously encrypted/obfuscated it or not.

    If your session-ids are predictable, like 203, 204, …, then you should find the piece of code which generates such inappropriate numbers and modify this code, so it produces “truly” random numbers.

    • 0