false'); } $ticket = explode(";", base64_decode($_GET['suggest'])); @$cookie = $ticket[0]; @$signature = $ticket[1]; openssl_sign($cookie, $signaturecmp, openssl_pkey_get_private("file://C:/signing/privatekey.pem"), OPENSSL_ALGO_SHA1); if($_GET['suggest'] === base64_encode($cookie.";".$signaturecmp)) // authentication key validated { $query = $pdo->prepare("SELECT * FROM sessions WHERE sessionkey = :sesskey"); $query->bindParam(":sesskey", $cookie, PDO::PARAM_STR); $query->execute(); if(!$query->rowCount()){ die('false'); } $row = $query->fetch(PDO::FETCH_OBJ); if($row->created+(86400*3) < time()){ die('false'); } if($row->loginIp != getIpAddress()){ die('false'); } setcookie(".ROBLOSECURITY", $cookie, $row->created+(86400*3), "/"); //set time to 3 days $_SESSION['player'] = $row->userId; die('true'); } else { die('false'); }