I need this project completed and implemented ASAP (hopefully within the next few hours)
I have an X-Cart Based ecommerce website.
I have become a victim of a Application attack.
Some how, my customer Session ID's are being hacked and their Shopping Carts are being cleared. This has caused an 80% drop is sales/orders on the site.
I require the Sessions ID's in X-cart (called XID's) to be complelely random based on the USER/CUSTOMER IP.
IMPORTANT NOTE: I had a script placed on [url removed, login to view] (that involved the IP address) using the following line:
$sessid = md5($_SERVER[REMOTE_ADDR'])
This script DID NOT work as my site is protected by a Proxy server and the ONLY IP my website allows is the Proxy IP. Therefore, this script will not work.
The key is that the Proxy server relays the IP information and stores all the IP information in the headers.
Therefore, you must base the script on these IP's in the Header and NOT on the incoming IP (as this is the Proxy IP)
Please PMB me with any questions or for clarification.
Either way, I need to create a completely RANDOM Session ID so that the attacker CANNOT guess or figure out the Algorythm. And this script should not cause any issues with my Server/Settings/X-Cart.
Network/Website security specialists will be given priority and I will freeze the project as soon as a satisfactory bid is placed.
Thank you for your interest.