Jump to content
rootKID

Cookies oranized with arrays Oo?

Recommended Posts

Hi all, been a while, as always.

So, new project. I am trying to (finally) make a cookie login for my portfolio website, which is not online yet, but will soon.

I am using sessions so far, which are great to organize when it comes to using them. Look at picture attached for sample.

So, for cookies, i am trying to achieve the same thing here but with not luck so far. I am using functions (not oop or anything like this, just normal psedual php...) to create the cookies... however i do know that cookies are also arrays (am i wrong? Oo?) So my questions is, when setting a cookie, how do i do as shown in the picture and how to i fetch them? The reason i do this is because i use LOGS to see the difference for each user and arrays and... well just about anything really, also for stats purposes, which will make my life much more easier (my own opinion, not sure if there are another way?)

Anyways, hope you guys can give me a hint as to how to make the cookie go down a level or 2 in an/the array?

Also, i did look on google and found serializing and unserializing? But i read on PHP.NET that it was a bad idea since attackers could use this for their advantage? Is this also correct understood?

Thanks a lot in advance! Been struggling with this one for quite a while now :D

Picture can be seen here:

huihhihjknknjk.jpg

huihhihjknknjk.jpg

(note that i dont ave space for a new attachment at the moment and i dont know how to clear it out either, waiting for someone else to answer my  other topic :P)

Thanks a lot in advance! :D

Share this post


Link to post
Share on other sites
Quote

however i do know that cookies are also arrays (am i wrong? Oo?)

Yes, cookies are just regular key-value pairs.  Each cookie has a name, and a value.  Like a variable.

To set a cookie, you use the setcookie function.  To read cookies that were sent in the current request, they'll be in the $_COOKIE array similar to $_GET or $_POST.

 

Quote

Also, i did look on google and found serializing and unserializing? But i read on PHP.NET that it was a bad idea since attackers could use this for their advantage? Is this also correct understood?

 

More or less.  You could store a serialized array in a cookie (check the maximum value for cookies in various browsers to decide if that's a good idea), but you're storing those cookies on the user's computer.  They can easily change anything about it and send it back, so you probably don't want to unserialize random data that someone sends you.  Cookies are no more secure than $_GET or $_POST, so treat them like that.  If you wouldn't use eval to execute code sent via $_POST, then don't do it with a cookie either.  Cookies are not often used to store all of the data themselves, they are used like PHP's sessions instead.  Notice that you have a PHPSESSID cookie, that's PHP's session ID.  Only the ID of your session is saved in the cookie, the actual session data is saved on the server and PHP looks it up from the ID.  Attackers can't change the session data, only the ID and hope that the new ID still points to an active session and that the server isn't also doing other checks to try to prevent session hijacking.

The only data that goes in a cookie is non-private data where it doesn't matter if it gets deleted or changed.  Like a language preference.

Share this post


Link to post
Share on other sites

ohh ok, that makes more sence, i also knew that sessions were server based, just not the difference in security tho. Also i did knew that i needed to use the setcookie function, however, how to i use it so that is will be like the session in the array shown? Because i am using it this way to see the difference...

This is what i have tried to far...

to set function:

@setcookie(
"[USER_COOKIE_LOGIN][USER_DATA_FLOW]".$SETTINGS['cookie_prefix'].$name,
$value,
$expire_time,
$SETTINGS['cookie_path'],
$SETTINGS['cookie_domain'].'; HttpOnly'
);

and to read/get the cookie:

function LOGIN_COOKIE_get_cookie_v1( $name ){
	global $SETTINGS;
	if(
		isset(
			$_COOKIE[ '[USER_COOKIE_LOGIN][USER_DATA_FLOW]' . $SETTINGS['cookie_prefix'].$name ]
		)
		AND
		!empty(
			$_COOKIE[ '[USER_COOKIE_LOGIN][USER_DATA_FLOW]' . $SETTINGS['cookie_prefix'].$name ]
		)
	){
		return urldecode(
			$_COOKIE[ '[USER_COOKIE_LOGIN][USER_DATA_FLOW]' . $SETTINGS['cookie_prefix'].$name ]
		);
	} else {
		return FALSE;
	}
}

ideas on how to set them? If this helps a bit?

Thanks a lot in advance! :)

Share this post


Link to post
Share on other sites

Square brackets may or may not be supported in various browsers as a cookie name.  You can always see what the browser sends the server using print_r($_COOKIE).  I would recommend using only alpha-numeric characters plus underscores and hyphens for cookie names.

Share this post


Link to post
Share on other sites

but that is the thing, i have done so and it sends either nothing or just the name as normal. Any ideas on how to do this? Maybe add in a sample? Because im kinda in a square box of no ideas at the moment... 😕

Share this post


Link to post
Share on other sites

Just give the cookies names with the usual set of characters.  When the page loads then check which cookies are available and fill in your own array structure.

Share this post


Link to post
Share on other sites

Well i have gotten the normal naming to work now, but it still won't for some reason add in the array 😕

This is my current code...

## BETA STAGE OF FUNCTIONS - DO NOT USE YET PUBLIC! - V1

// Cookie Setup
$SETTINGS['cookie_prefix'] = ''; // This allows you to have multiple trackers, eg for demos, testing etc.
$SETTINGS['cookie_path'] = ''; // ATTENTION: You should never need this unless the above applies eg: /projectname
$SETTINGS['cookie_domain'] = ''; // set to eg: .somedomain.com or is subdomain set to: .sub.somedomain.com

//==========================================================================================================
// (COOKIE LOGIN)
// -> User Data Flow (FUNCTION NAME: "LOGIN_COOKIE_user_data_flow_v1")
// makes & creates $CURUSER! and created db flow with user information!
//////////////////////////////////////////////////////////////////////////////////////////////////////////
// Also Known As: (COOKIE_BASED_LOGIN_)
// Also Known As: (LOGIN_COOKIE_)
//==========================================================================================================

function LOGIN_COOKIE_user_data_flow_v1(){
	global $dblink, $SETTINGS;
	unset($GLOBALS["CURUSER"]);
	if(
		!LOGIN_COOKIE_get_cookie_v1('id')
		&&
		!LOGIN_COOKIE_get_cookie_v1('username')
		&&
		!LOGIN_COOKIE_get_cookie_v1('email')
		&&
		!LOGIN_COOKIE_get_cookie_v1('password')
	){
		return FALSE;
	}
	$id = 0 + LOGIN_COOKIE_get_cookie_v1('id');
	$sql_1 = "
	SELECT
		user.id,
		user.username,
		user.email,
		user.password,
		user.FK_user_details_id
    FROM
        user
	WHERE
		user.id = '$id'
	";
	$result_1 = $dblink->query($sql_1) or die($dblink->error);
	$row_1 = $result_1->fetch_assoc();
	if(!$row_1){
		return FALSE;
	}
	$GLOBALS["CURUSER"] = $row_1;
	return TRUE;
}

//==========================================================================================================
// (COOKIE LOGIN)
// -> Set Cookie (FUNCTION NAME: "LOGIN_COOKIE_set_cookie_v1")
//////////////////////////////////////////////////////////////////////////////////////////////////////////
// Also Known As: (COOKIE_BASED_LOGIN_)
// Also Known As: (LOGIN_COOKIE_)
//==========================================================================================================

function LOGIN_COOKIE_set_cookie_v1( $name, $value, $expires = 0, $sticky = 1 ){
	global $SETTINGS;
    if($sticky == 1){
        $expire_time = time() + 60*60*24*365;
    } else if($expires){
        $expire_time = time() + ($expires*86400);
    } else {
        $expire_time = FALSE;
    }
    $SETTINGS['cookie_domain'] = $SETTINGS['cookie_domain'] == "" ? "" : $SETTINGS['cookie_domain'];
	$SETTINGS['cookie_path'] = $SETTINGS['cookie_path'] == "" ? "/" : $SETTINGS['cookie_path'];
    if(PHP_VERSION < 5.2){
        if ($SETTINGS['cookie_domain']){
            @setcookie(
				// ['USER_COOKIE_LOGIN']['USER_DATA_FLOW'][$SETTINGS['cookie_prefix'].$name],
				// '[USER_COOKIE_LOGIN][USER_DATA_FLOW]'.$SETTINGS['cookie_prefix'].$name,
				//"[USER_COOKIE_LOGIN][USER_DATA_FLOW]".$SETTINGS['cookie_prefix'].$name,
				$SETTINGS['cookie_prefix'].$name,
                $value,
                $expire_time,
                $SETTINGS['cookie_path'],
                $SETTINGS['cookie_domain'].'; HttpOnly'
            );
		} else {
            @setcookie(
				// ['USER_COOKIE_LOGIN']['USER_DATA_FLOW'][$SETTINGS['cookie_prefix'].$name],
				// '[USER_COOKIE_LOGIN][USER_DATA_FLOW]'.$SETTINGS['cookie_prefix'].$name,
				//"[USER_COOKIE_LOGIN][USER_DATA_FLOW]".$SETTINGS['cookie_prefix'].$name,
				$SETTINGS['cookie_prefix'].$name,
                $value,
                $expire_time,
                $SETTINGS['cookie_path']
            );
		}
    } else {
        @setcookie(
			// ['USER_COOKIE_LOGIN']['USER_DATA_FLOW'][$SETTINGS['cookie_prefix'].$name],
			// '[USER_COOKIE_LOGIN][USER_DATA_FLOW]'.$SETTINGS['cookie_prefix'].$name,
			//"[USER_COOKIE_LOGIN][USER_DATA_FLOW]".$SETTINGS['cookie_prefix'].$name,
			$SETTINGS['cookie_prefix'].$name,
            $value,
            $expire_time,
            $SETTINGS['cookie_path'],
            $SETTINGS['cookie_domain'],
            NULL,
            TRUE
        );
	}
}

//==========================================================================================================
// (COOKIE LOGIN)
// -> Get Cookie (FUNCTION NAME: "LOGIN_COOKIE_get_cookie_v1")
//////////////////////////////////////////////////////////////////////////////////////////////////////////
// Also Known As: (COOKIE_BASED_LOGIN_)
// Also Known As: (LOGIN_COOKIE_)
//==========================================================================================================

function LOGIN_COOKIE_get_cookie_v1( $name ){
	global $SETTINGS;
	// $SETTINGS['cookie_prefix'].$name
	// $_COOKIE[]
	// $_COOKIE[ "[USER_COOKIE_LOGIN][USER_DATA_FLOW]" . $SETTINGS['cookie_prefix'].$name ]
	// $_COOKIE[ '[USER_COOKIE_LOGIN][USER_DATA_FLOW]' . $SETTINGS['cookie_prefix'].$name ]
	if(
		isset(
			$_COOKIE[ $SETTINGS['cookie_prefix'].$name ]
			//$_COOKIE[ '[USER_COOKIE_LOGIN][USER_DATA_FLOW]' . $SETTINGS['cookie_prefix'].$name ]
		)
		AND
		!empty(
			$_COOKIE[ $SETTINGS['cookie_prefix'].$name ]
			//$_COOKIE[ '[USER_COOKIE_LOGIN][USER_DATA_FLOW]' . $SETTINGS['cookie_prefix'].$name ]
		)
	){
		return urldecode(
			$_COOKIE[ $SETTINGS['cookie_prefix'].$name ]
			//$_COOKIE[ '[USER_COOKIE_LOGIN][USER_DATA_FLOW]' . $SETTINGS['cookie_prefix'].$name ]
		);
	} else {
		return FALSE;
	}
}

//==========================================================================================================
// (COOKIE LOGIN)
// -> Logout Cookie (FUNCTION NAME: "LOGIN_COOKIE_logout_cookie_v1")
//////////////////////////////////////////////////////////////////////////////////////////////////////////
// Also Known As: (COOKIE_BASED_LOGIN_)
// Also Known As: (LOGIN_COOKIE_)
//==========================================================================================================

function LOGIN_COOKIE_logout_cookie_v1( $name ){
	LOGIN_COOKIE_set_cookie_v1($name, '-1');
}

Any ideas on what i can do to change this?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...