 |  |  |  |  |  |  |  |
Inserting array into cookie
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
Hi!
I'm building a login system for my application, but I'm having a little problem... It really needs top security, so I'm using both MySQL backend and cookies.
Example:
LOGIN FORM > VALIDATION > INSERT SECURE SESSION ID INTO DATABASE > STORE COOKIE WITH INFORMATION
That's for the login. For the authentication, I demand more than the "s" (for session) variable in the URL - that will only be any good combined with the cookie. So here's the authentication scheme, when the user enters a page:
CHECK FOR "S" VARIABLE if it exists > CHECK FOR A RECORD OF THE "S" ID IN DATABASE (with some extra security, but that one works and it's a secret
) if it exists > CHECK FOR "S" IN COOKIE > FETCH USERNAME FROM COOKIE; MATCH WITH SESSION > FETCH USER INFORMATION FROM COOKIE
However, I need to store several variables into the user's cookie. I have them in an array, and I'd like to store them like phpBB does. I think they use the PHP serialize() function. However, when I decode the cookie with some regular decoder, here's what I get:
Here's the code:
[PHP]
function verifylogin() {
cnt();
echo("<!-- Connected to database -->\n");
$user = $_POST['userName'];
echo("<!-- Obtained username: '".$user."' -->\n");
$pass = $_REQUEST['password'];
echo("<!-- Obtained password: 'big secret
' -->\n");
$pass = [it gets encrypted here];
echo("<!-- Password has been encrypted! -->\n<!-- Starting queries... -->\n");
$q = "SELECT * FROM ".DBPREF."members WHERE membername = '".$user."'";
$q = mysql_query($q);
echo(mysql_error());
if(mysql_num_rows($q) == 0) { /*There's no such user*/
echo("<!-- Não digas a ninguém, mas o problema é a falta do username -->\n");
dologin("<b>Erro de login</b><br>As informações introduzidas não estão correctas.<br>");
} else { /*OK... username exists, check password*/
$row = mysql_fetch_array($q);
if([security routine, based on !=]) { /*we have a wrong pass*/
echo("<!-- Não digas a ninguém, mas o problema é a palavra-passe errada -->\n");
dologin("<b>Erro de login</b><br>As informações introduzidas não estão correctas.<br>");
} else { /*damnit... no error screens will b displayed, cos the info is right */
echo("<!-- OK, temos informações válidas
Não deu para chatear desta vez -->\n");
$sess = [generating secure session id];
mysql_query("DELETE FROM ".DBPREF."sessions WHERE member = '".$user."'"); /*delete old sessions*/
$q = "INSERT INTO ".DBPREF."sessions (member, shash, started, ip_address, browser) VALUES ('".$user."', '".$sess."', '".time()."', '".$HTTP_SERVER_VARS["REMOTE_ADDR"]."', '".$HTTP_SERVER_VARS['HTTP_USER_AGENT']."')"; /*both ip and browser agent don't work, but nevermind that for now*/
$q = mysql_query($q);
if($q == false) { /*wot?! we couldn't insert the session! it doesn't ever happen, but i'm preventing
*/
echo("<!-- ALERTA! NÃO PODE SER INSERIDA A SESSÃO NA BASE DE DADOS. -->\n<!-- ".mysql_error()." -->\n");
globalerror("<b>Falha do sistema.</b><br>Por favor <a href='mailto:suporte@gsantos.webvila.com?subject=DevNET - Erro&body=".mysql_error()."'>contacte-nos</a>.");
} else { /*session row inserted into db*/
echo("<!-- Sessão inserida na base de dados: ".substr($sess,0,16)."XXXXXXXXXXXXXXXX -->\n");
echo("<!-- Iniciando obtenção de informações -->\n");
/*fetch member info*/$member = getinfo($user);
echo("<!-- Colocando informações em cookie... Username: '".$member['name']."' -->\n");
$member['session'] = $sess;
/*THIS IS WHERE IT DOESN'T WORK!!!*/setcookie("devnet", addslashes(serialize($member)), time()+1800);
echo("<!-- Teste de cookie:\nUsername: '".$HTTP_COOKIE_VARS[$member['name']]."'\n-->\n");
doredirect("Por favor aguarde...", "Você encontra-se agora identificado", DEVNET_URL."/?s=".$sess);
}
}
}
}
function getinfo($member) {
$q = mysql_query("SELECT membername,associated_website FROM ".DBPREF."members WHERE membername = '".$member."'");
$m = mysql_fetch_array($q);
$member['id'] = $m['id'];
$member['name'] = $m['membername'];
$q = mysql_query("SELECT * FROM ".DBPREF."websites WHERE id = ".$m['associated_website']."");
$w = mysql_fetch_array($q);
$member['website'] = $w['title'];
$member['website_url'] = $w['url'];
if($w['owner'] != $member['id']) {
$t = mysql_query("SELECT membername FROM ".DBPREF."members WHERE id = ".$w['owner']."");
$r = mysql_fetch_array($t);
$member['boss'] = $r['membername'];
}
return $member;
unset($q,$m,$w,$t,$r);
}[/PHP]
Can you help me please? Thanks
I'm building a login system for my application, but I'm having a little problem... It really needs top security, so I'm using both MySQL backend and cookies.
Example:
LOGIN FORM > VALIDATION > INSERT SECURE SESSION ID INTO DATABASE > STORE COOKIE WITH INFORMATION
That's for the login. For the authentication, I demand more than the "s" (for session) variable in the URL - that will only be any good combined with the cookie. So here's the authentication scheme, when the user enters a page:
CHECK FOR "S" VARIABLE if it exists > CHECK FOR A RECORD OF THE "S" ID IN DATABASE (with some extra security, but that one works and it's a secret
) if it exists > CHECK FOR "S" IN COOKIE > FETCH USERNAME FROM COOKIE; MATCH WITH SESSION > FETCH USER INFORMATION FROM COOKIEHowever, I need to store several variables into the user's cookie. I have them in an array, and I'd like to store them like phpBB does. I think they use the PHP serialize() function. However, when I decode the cookie with some regular decoder, here's what I get:
****** (cookie name) s:12:\"1r. Benedict\"; *******.*******.***/******/ (address) 1536 1389618816 29709504 748388000 29709500 *
Here's the code:
[PHP]
function verifylogin() {
cnt();
echo("<!-- Connected to database -->\n");
$user = $_POST['userName'];
echo("<!-- Obtained username: '".$user."' -->\n");
$pass = $_REQUEST['password'];
echo("<!-- Obtained password: 'big secret
' -->\n");$pass = [it gets encrypted here];
echo("<!-- Password has been encrypted! -->\n<!-- Starting queries... -->\n");
$q = "SELECT * FROM ".DBPREF."members WHERE membername = '".$user."'";
$q = mysql_query($q);
echo(mysql_error());
if(mysql_num_rows($q) == 0) { /*There's no such user*/
echo("<!-- Não digas a ninguém, mas o problema é a falta do username
-->\n");dologin("<b>Erro de login</b><br>As informações introduzidas não estão correctas.<br>");
} else { /*OK... username exists, check password*/
$row = mysql_fetch_array($q);
if([security routine, based on !=]) { /*we have a wrong pass*/
echo("<!-- Não digas a ninguém, mas o problema é a palavra-passe errada
-->\n");dologin("<b>Erro de login</b><br>As informações introduzidas não estão correctas.<br>");
} else { /*damnit... no error screens will b displayed, cos the info is right
*/echo("<!-- OK, temos informações válidas
Não deu para chatear desta vez -->\n");$sess = [generating secure session id];
mysql_query("DELETE FROM ".DBPREF."sessions WHERE member = '".$user."'"); /*delete old sessions*/
$q = "INSERT INTO ".DBPREF."sessions (member, shash, started, ip_address, browser) VALUES ('".$user."', '".$sess."', '".time()."', '".$HTTP_SERVER_VARS["REMOTE_ADDR"]."', '".$HTTP_SERVER_VARS['HTTP_USER_AGENT']."')"; /*both ip and browser agent don't work, but nevermind that for now*/
$q = mysql_query($q);
if($q == false) { /*wot?! we couldn't insert the session! it doesn't ever happen, but i'm preventing
*/echo("<!-- ALERTA! NÃO PODE SER INSERIDA A SESSÃO NA BASE DE DADOS. -->\n<!-- ".mysql_error()." -->\n");
globalerror("<b>Falha do sistema.</b><br>Por favor <a href='mailto:suporte@gsantos.webvila.com?subject=DevNET - Erro&body=".mysql_error()."'>contacte-nos</a>.");
} else { /*session row inserted into db*/
echo("<!-- Sessão inserida na base de dados: ".substr($sess,0,16)."XXXXXXXXXXXXXXXX -->\n");
echo("<!-- Iniciando obtenção de informações -->\n");
/*fetch member info*/$member = getinfo($user);
echo("<!-- Colocando informações em cookie... Username: '".$member['name']."' -->\n");
$member['session'] = $sess;
/*THIS IS WHERE IT DOESN'T WORK!!!*/setcookie("devnet", addslashes(serialize($member)), time()+1800);
echo("<!-- Teste de cookie:\nUsername: '".$HTTP_COOKIE_VARS[$member['name']]."'\n-->\n");
doredirect("Por favor aguarde...", "Você encontra-se agora identificado", DEVNET_URL."/?s=".$sess);
}
}
}
}
function getinfo($member) {
$q = mysql_query("SELECT membername,associated_website FROM ".DBPREF."members WHERE membername = '".$member."'");
$m = mysql_fetch_array($q);
$member['id'] = $m['id'];
$member['name'] = $m['membername'];
$q = mysql_query("SELECT * FROM ".DBPREF."websites WHERE id = ".$m['associated_website']."");
$w = mysql_fetch_array($q);
$member['website'] = $w['title'];
$member['website_url'] = $w['url'];
if($w['owner'] != $member['id']) {
$t = mysql_query("SELECT membername FROM ".DBPREF."members WHERE id = ".$w['owner']."");
$r = mysql_fetch_array($t);
$member['boss'] = $r['membername'];
}
return $member;
unset($q,$m,$w,$t,$r);
}[/PHP]
Can you help me please? Thanks
can you explain a little more of how you want your cookie to come back
$cookie[0] = 1536;
$cookie[1] = 1389618816;
$cookie[2] = 29709504;
is that what you mean?
if so look at the explode function
http://php.he.net/manual/en/function.explode.php
this will split into array where all the items are seperated by a space
whis will use the end of line character, or even use \r\n for linux computers
if you want to break it up into a named array use the list function
http://php.he.net/manual/en/function.list.php
$cookie[0] = 1536;
$cookie[1] = 1389618816;
$cookie[2] = 29709504;
is that what you mean?
if so look at the explode function
http://php.he.net/manual/en/function.explode.php
PHP Syntax (Toggle Plain Text)
PHP Syntax (Toggle Plain Text)
if you want to break it up into a named array use the list function
http://php.he.net/manual/en/function.list.php
|
Similar Threads
- help with inserting a number into an array (C++)
- inserting an element into an array in c language (C)
- inserting an element into an array in c language (C)
- Array without twice the same number? (C)
Other Threads in the PHP Forum
- Previous Thread: PHP Downloads:Which one should I choose? *Newbie*
- Next Thread: Does anyone know where to find......
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest PHP Posts
- Today's Posts
- Unanswered Threads
301 apache api array autosuggest beginner binary broken cakephp checkbox class cms code compression cron curl data database date display dropdownlist dynamic echo email eregi error execution file files folder form forms function functions google href htaccess html httppost if...loop image include insert ip javascript joomla jquery key library limit link links login mail md5 menu mlm multiple mysql mysql_real_escape_string oop paypal pdf pdfdownload php phpvotingscript problem query radio random recursion remote screen script search searchbox server session sessions sms sorting source space sql syntax system table tutorial update upload url validator variable video volume votedown web website youtube zend
