DaniWeb IT Discussion Community - Inserting array into cookie

Hi!

I'm building a login system for my application, but I'm having a little problem... It really needs top security, so I'm using both MySQL backend and cookies.

Example:
LOGIN FORM > VALIDATION > INSERT SECURE SESSION ID INTO DATABASE > STORE COOKIE WITH INFORMATION

That's for the login. For the authentication, I demand more than the "s" (for session) variable in the URL - that will only be any good combined with the cookie. So here's the authentication scheme, when the user enters a page:

CHECK FOR "S" VARIABLE if it exists > CHECK FOR A RECORD OF THE "S" ID IN DATABASE (with some extra security, but that one works and it's a secret :) ) if it exists > CHECK FOR "S" IN COOKIE > FETCH USERNAME FROM COOKIE; MATCH WITH SESSION > FETCH USER INFORMATION FROM COOKIE

However, I need to store several variables into the user's cookie. I have them in an array, and I'd like to store them like phpBB does. I think they use the PHP serialize() function. However, when I decode the cookie with some regular decoder, here's what I get:

****** (cookie name)

s:12:\"1r. Benedict\";

*******.*******.***/******/ (address)

1536

1389618816

29709504

748388000

29709500

*

Here's the code:
[PHP]
function verifylogin() {
cnt();
echo("\n");
$user = $_POST['userName'];
echo("\n");
$pass = $_REQUEST['password'];
echo("\n");
$pass = [it gets encrypted here];
echo("\n\n");
$q = "SELECT * FROM ".DBPREF."members WHERE membername = '".$user."'";
$q = mysql_query($q);
echo(mysql_error());
if(mysql_num_rows($q) == 0) { /*There's no such user*/
echo("\n");
dologin("Erro de login As informações introduzidas não estão correctas. ");
} else { /*OK... username exists, check password*/
$row = mysql_fetch_array($q);
if([security routine, based on !=]) { /*we have a wrong pass*/
echo("\n");
dologin("Erro de login As informações introduzidas não estão correctas. ");
} else { /*damnit... no error screens will b displayed, cos the info is right :P */
echo("\n");
$sess = [generating secure session id];
mysql_query("DELETE FROM ".DBPREF."sessions WHERE member = '".$user."'"); /*delete old sessions*/
$q = "INSERT INTO ".DBPREF."sessions (member, shash, started, ip_address, browser) VALUES ('".$user."', '".$sess."', '".time()."', '".$HTTP_SERVER_VARS["REMOTE_ADDR"]."', '".$HTTP_SERVER_VARS['HTTP_USER_AGENT']."')"; /*both ip and browser agent don't work, but nevermind that for now*/
$q = mysql_query($q);
if($q == false) { /*wot?! we couldn't insert the session! it doesn't ever happen, but i'm preventing :D*/
echo("\n\n");
globalerror("Falha do sistema. Por favor <a href='mailto:suporte@gsantos.webvila.com?subject=DevNET - Erro&body=".mysql_error()."'>contacte-nos</a>.");
} else { /*session row inserted into db*/
echo("\n");
echo("\n");
/*fetch member info*/$member = getinfo($user);
echo("\n");
$member['session'] = $sess;
/*THIS IS WHERE IT DOESN'T WORK!!!*/setcookie("devnet", addslashes(serialize($member)), time()+1800);
echo("\n");
doredirect("Por favor aguarde...", "Você encontra-se agora identificado", DEVNET_URL."/?s=".$sess);
}
}
}
}

function getinfo($member) {
$q = mysql_query("SELECT membername,associated_website FROM ".DBPREF."members WHERE membername = '".$member."'");
$m = mysql_fetch_array($q);
$member['id'] = $m['id'];
$member['name'] = $m['membername'];
$q = mysql_query("SELECT * FROM ".DBPREF."websites WHERE id = ".$m['associated_website']."");
$w = mysql_fetch_array($q);
$member['website'] = $w['title'];
$member['website_url'] = $w['url'];
if($w['owner'] != $member['id']) {
$t = mysql_query("SELECT membername FROM ".DBPREF."members WHERE id = ".$w['owner']."");
$r = mysql_fetch_array($t);
$member['boss'] = $r['membername'];
}
return $member;
unset($q,$m,$w,$t,$r);
}[/PHP]

Can you help me please? Thanks