Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13

Thread: Cooooooooookie

  1. #1
    New Coder
    Join Date
    Jun 2006
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Thumbs down Cooooooooookie

    Hi
    Ok, Here is the problem... php wont spit out the cookie value..
    $cookieset[0]

    Code:
    IF (!isset($_COOKIE["EMITES"])) {
    
    $cookieset["sid"] = md5(uniqid(rand(), true));
    $cookieset["user"] = "Guest";
    $cookieset["logintime"] = time();
    $cookieset["ip"] = $_SERVER["REMOTE_ADDR"];
    $cookieset["useragent"] = $_SERVER["HTTP_USER_AGENT"];
    setcookie("EMITES", addslashes(serialize($cookieset)),time()+600,"/");
    
    echo "Cookie placed: " . addslashes(serialize($cookieset));
    
    } else {
    
    $cookieset = unserialize(stripslashes($_COOKIE["EMITES"]));
    echo "SessionID: " . $cookieset[0];
    
    }
    Thanks

  • #2
    New Coder
    Join Date
    Jun 2006
    Location
    USA
    Posts
    66
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You do know you don't have to generate session IDs manually, right? If you want to store a session ID, you can use the session_id function to return the session ID. You can also set it using that function. If you are trying to focus on security, and you don't have access to php.ini, you can keep your method, but should change from php.net's suggested method of using md5(uniqid(rand(), true)) to sha1(uniqid(rand(), true)), since the sha-1 hash has a hash sum size of 160 bits (where as md5's is 128).

    Also, for your assoc. array not outputting properly, try using print_r to see what's in $cookieset after unserializing.
    "Some people, when confronted with a problem, think, 'I know, I'll use regular expressions.' Now they have two problems."
    --Jamie Zawinski

  • #3
    New Coder
    Join Date
    Jun 2006
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Unhappy

    Hi

    Thanks for your suggestion. I ll rewrite my code.
    The serialize thing is working. When i check out the cookies i
    see the values, but i am not able to retrieve the data
    from the cokies

    Code:
    var_dump($cookieset[0]);
    This prints NULL

    Thanks in Advance

  • #4
    New Coder
    Join Date
    Jun 2006
    Location
    USA
    Posts
    66
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I rewrote, and played around, slightly, w/ your code, and it seems to be working (running on PHP 5).
    PHP Code:
    <?php
    if (!isset($_COOKIE['EMITES'])) {
       
    ## Cookie options
       // Just leave out expiry if you want session cookie; i.e.
       // to terminate when browser closes
       
    $expiry time()+600;
       
    $path '/';

       
    $cookieset['sid'] = sha1(uniqid(rand(), true));
       
    $cookieset['user'] = 'Guest';
       
    $cookieset['logintime'] = time();
       
    $cookieset['ip'] = $_SERVER['REMOTE_ADDR'];
       
    $cookieset['useragent'] = $_SERVER['HTTP_USER_AGENT'];
       
    $serialize addslashes(serialize($cookieset));
       
    // Set the cookie
       
    setcookie('EMITES'$serialize$expiry$path);

       echo 
    "<p>Cookie placed: $serialize</p>";
    } else {
       
    $cookie unserialize(stripslashes($_COOKIE['EMITES']));
       echo 
    '<p>Unserialized cookie:</p><pre>';
       
    print_r($cookie);
       echo 
    '</pre>';
       echo 
    "\n\n<p>Session ID: {$cookie['sid']}</p>";
    }
    ?>
    I made some minor changes here and there, so you may want to look it over.

    It looks like you are trying to re-create how PHP internally handles sessions. Are you familiar with sessions in PHP? PHP will handle all of this for you internally. For example
    PHP Code:
    <?php
    session_start
    (); // Begin a stateful session
    header('Cache-Control: private'); // IE cache issue fix

    // These should only be set after they log in successfully
    $_SESSION['sid'] = session_id();
    $_SESSION['user'] = 'Guest';
    $_SESSION['login_time'] = time();
    ?>
    Every page where session_start is at the top of the script will be able to have access to those values set in $_SESSION superglobal. This allows you to track data across your site. PHP can be set to automatically fall back to rewriting some of your URIs so that sessions will be maintained through the querystring, when session cookies fail.
    "Some people, when confronted with a problem, think, 'I know, I'll use regular expressions.' Now they have two problems."
    --Jamie Zawinski

  • #5
    New Coder
    Join Date
    Jun 2006
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Unhappy

    Hi
    Did you say it worked?

    My bad luck, it is not working for me...

    The first part of the IF is working perfect.
    It outputs the contents pucca:

    Cookie placed: a:5:{s:3:\"sid\";s:40:\"edbd28d2271e90b485c6dcc186b926eea40a0ecb\";s:4:\"user\";s:5:\"Guest\";s:9:\" logintime\";i:1150531198;s:2:\"ip\";s:9:\"127.0.0.1\";s:9:\"useragent\";s:105:\"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4\";}

    then when i refresh, this is what i get


    Unserialized cookie:

    Session ID:


    NULL values...

    I am using PHP Version 5.1.2

    Is there any bugs with unserialize in this version?

    Thanks

  • #6
    New Coder
    Join Date
    Jun 2006
    Location
    USA
    Posts
    66
    Thanks
    0
    Thanked 0 Times in 0 Posts
    None that I am aware of. I am using the same PHP version as you (on Win32).

    I'm not sure what other code is in your script, as it should be working. Did you use the code I posted, or did you just change your own a little?
    "Some people, when confronted with a problem, think, 'I know, I'll use regular expressions.' Now they have two problems."
    --Jamie Zawinski

  • #7
    New Coder
    Join Date
    Jun 2006
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I just copied the exact code and executed it...

  • #8
    New Coder
    Join Date
    Jun 2006
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi
    I tried to print what $cookie contains...

    Code:
    $cookie = unserialize(stripslashes($_COOKIE['EMITES']));
    var_dump($cookie);
    Prints:
    bool(false)

    Maybe im not able to access my cookie..

    edit: oh, right! ELSE condition will not be evaluating to true in the first place if i an not able to access the cookie.
    Thanks

  • #9
    New Coder
    Join Date
    Jun 2006
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Thumbs up

    HI there,

    I got it working somehow.
    The problem was with stripslashes!!!
    I was looking thru serialize manual in php.net when i read
    this post

    caveat: stripslashes!!!

    if using
    setcookie('hubba',serialize($data));
    to set a cookie, you might want to check
    $data(unserialize(stripslashes($_COOKIE['hubba']));
    to retrieve them back!!!

    this is, if unserialize fails. you can also print_r($_COOKIE) to look into what you've got back.

    beats me how the slashes got there in the first place....
    Here is the full working code...

    Code:
    <?php
    if (!isset($_COOKIE['EMITES'])) {
    
       $expiry = time()+600; $path = '/';
    
       $cookieset['sid'] = sha1(uniqid(rand(), true));
       $cookieset['user'] = 'Guest';
       $cookieset['logintime'] = time();
       $cookieset['ip'] = $_SERVER['REMOTE_ADDR'];
       $cookieset['useragent'] = $_SERVER['HTTP_USER_AGENT'];
       $serialize = (serialize($cookieset));
       // Set the cookie
       setcookie('EMITES', $serialize, $expiry, $path);
       echo "<p>Cookie placed: $serialize</p>";
    } else {
       $cookie = unserialize(stripslashes($_COOKIE['EMITES']));
    
       echo '<p>Unserialized cookie:</p><pre>';
       print_r($cookie);
       echo '</pre>';
       echo "\n\n<p>Session ID: {$cookie['sid']}</p>";
    }
    ?>
    Thanks a lot

  • #10
    New Coder
    Join Date
    Jun 2006
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question

    Hi onceagain,

    I was thinking of encrypting the cookie...
    I wrote an encryption class code with help of people from this forum

    Code:
    <?php
    class securedata
    {
        private
            $key,
             $iv;
        
        public function __construct()
        {
            $this->key = 'Four score and twenty years ago';
            $this->iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
        }
        
        public function encrypt($STR)
        {
            return mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->key, $STR, MCRYPT_MODE_CBC, $this->iv);
        }
    
        public function decrypt($STR)
        {
            return mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->key, $STR, MCRYPT_MODE_CBC, $this->iv);
        }
    }
    
    $secure = new securedata;
    ?>
    I thought of encrypting the cookie this way....

    Code:
    <?php
    require_once "securedata_inc.php";
    
    if (!isset($_COOKIE['EMITES'])) {
    
       $expiry = time()+600; $path = '/';
    
       $cookieset['sid'] = md5(uniqid(rand(), true));
       $cookieset['user'] = 'Guest';
       $cookieset['logintime'] = time();
       $cookieset['ip'] = $_SERVER['REMOTE_ADDR'];
       $cookieset['useragent'] = $_SERVER['HTTP_USER_AGENT'];
    
       // Set the cookie
       setcookie('EMITES', $secure->encrypt(serialize($cookieset)), $expiry, $path);
       echo "<p>Cookie placed: ";
    } else {
       $cookie = unserialize(stripslashes($secure->decrypt($_COOKIE['EMITES'])));     
       echo '<p>Unserialized cookie:</p><pre>';
       print_r($cookie);
       echo '</pre>';
       echo "<p>Session ID: {$cookie['sid']}</p>";
       echo "<p>Login Time: {$cookie['logintime']}</p>";
    }
    ?>
    When i run the script, an encrypted cookie is placed
    but im not able to decrypt and get the values back.
    There is no error printed but it just dosent return any cookie
    values

    Thanks onceagain

  • #11
    Regular Coder DELOCH's Avatar
    Join Date
    Apr 2006
    Location
    Canada
    Posts
    537
    Thanks
    4
    Thanked 2 Times in 2 Posts
    this is probably another problem of difference between php5 and php4

    php 4: ($name)
    php 5: ($_GET['name']);


    something like this? hope it helps :\

  • #12
    New Coder
    Join Date
    Jun 2006
    Posts
    19
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I dont get it...
    I am kinda dumb..
    Please explain me whatever u wanted to say

    thanks

    edit: hehe, i saw your post "xampp", now i understand wht u were saying... actually im a beginner in php and i started with php5
    so i really dont have to care too much about php4
    Last edited by werty37; 06-17-2006 at 10:29 PM.

  • #13
    New Coder
    Join Date
    Jun 2006
    Location
    USA
    Posts
    66
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I haven't had need of the mcrypt lib myself, so you may want to consult with an expert!
    "Some people, when confronted with a problem, think, 'I know, I'll use regular expressions.' Now they have two problems."
    --Jamie Zawinski


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •