•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 397,771 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,535 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 7870 | Replies: 1
 |
•
•
Join Date: Oct 2004
Posts: 13
Reputation: 
Rep Power: 4
Solved Threads: 0
Newbie Poster
Inserting array into cookie Hi!
I'm building a login system for my application, but I'm having a little problem... It really needs top security, so I'm using both MySQL backend and cookies.
Example:
LOGIN FORM > VALIDATION > INSERT SECURE SESSION ID INTO DATABASE > STORE COOKIE WITH INFORMATION
That's for the login. For the authentication, I demand more than the "s" (for session) variable in the URL - that will only be any good combined with the cookie. So here's the authentication scheme, when the user enters a page:
CHECK FOR "S" VARIABLE if it exists > CHECK FOR A RECORD OF THE "S" ID IN DATABASE (with some extra security, but that one works and it's a secret
) if it exists > CHECK FOR "S" IN COOKIE > FETCH USERNAME FROM COOKIE; MATCH WITH SESSION > FETCH USER INFORMATION FROM COOKIE
However, I need to store several variables into the user's cookie. I have them in an array, and I'd like to store them like phpBB does. I think they use the PHP serialize() function. However, when I decode the cookie with some regular decoder, here's what I get:
Here's the code:
[PHP]
function verifylogin() {
cnt();
echo("<!-- Connected to database -->\n");
$user = $_POST['userName'];
echo("<!-- Obtained username: '".$user."' -->\n");
$pass = $_REQUEST['password'];
echo("<!-- Obtained password: 'big secret
' -->\n");
$pass = [it gets encrypted here];
echo("<!-- Password has been encrypted! -->\n<!-- Starting queries... -->\n");
$q = "SELECT * FROM ".DBPREF."members WHERE membername = '".$user."'";
$q = mysql_query($q);
echo(mysql_error());
if(mysql_num_rows($q) == 0) { /*There's no such user*/
echo("<!-- Não digas a ninguém, mas o problema é a falta do username -->\n");
dologin("<b>Erro de login</b><br>As informações introduzidas não estão correctas.<br>");
} else { /*OK... username exists, check password*/
$row = mysql_fetch_array($q);
if([security routine, based on !=]) { /*we have a wrong pass*/
echo("<!-- Não digas a ninguém, mas o problema é a palavra-passe errada -->\n");
dologin("<b>Erro de login</b><br>As informações introduzidas não estão correctas.<br>");
} else { /*damnit... no error screens will b displayed, cos the info is right */
echo("<!-- OK, temos informações válidas
Não deu para chatear desta vez -->\n");
$sess = [generating secure session id];
mysql_query("DELETE FROM ".DBPREF."sessions WHERE member = '".$user."'"); /*delete old sessions*/
$q = "INSERT INTO ".DBPREF."sessions (member, shash, started, ip_address, browser) VALUES ('".$user."', '".$sess."', '".time()."', '".$HTTP_SERVER_VARS["REMOTE_ADDR"]."', '".$HTTP_SERVER_VARS['HTTP_USER_AGENT']."')"; /*both ip and browser agent don't work, but nevermind that for now*/
$q = mysql_query($q);
if($q == false) { /*wot?! we couldn't insert the session! it doesn't ever happen, but i'm preventing
*/
echo("<!-- ALERTA! NÃO PODE SER INSERIDA A SESSÃO NA BASE DE DADOS. -->\n<!-- ".mysql_error()." -->\n");
globalerror("<b>Falha do sistema.</b><br>Por favor <a href='mailto:suporte@gsantos.webvila.com?subject=DevNET - Erro&body=".mysql_error()."'>contacte-nos</a>.");
} else { /*session row inserted into db*/
echo("<!-- Sessão inserida na base de dados: ".substr($sess,0,16)."XXXXXXXXXXXXXXXX -->\n");
echo("<!-- Iniciando obtenção de informações -->\n");
/*fetch member info*/$member = getinfo($user);
echo("<!-- Colocando informações em cookie... Username: '".$member['name']."' -->\n");
$member['session'] = $sess;
/*THIS IS WHERE IT DOESN'T WORK!!!*/setcookie("devnet", addslashes(serialize($member)), time()+1800);
echo("<!-- Teste de cookie:\nUsername: '".$HTTP_COOKIE_VARS[$member['name']]."'\n-->\n");
doredirect("Por favor aguarde...", "Você encontra-se agora identificado", DEVNET_URL."/?s=".$sess);
}
}
}
}
function getinfo($member) {
$q = mysql_query("SELECT membername,associated_website FROM ".DBPREF."members WHERE membername = '".$member."'");
$m = mysql_fetch_array($q);
$member['id'] = $m['id'];
$member['name'] = $m['membername'];
$q = mysql_query("SELECT * FROM ".DBPREF."websites WHERE id = ".$m['associated_website']."");
$w = mysql_fetch_array($q);
$member['website'] = $w['title'];
$member['website_url'] = $w['url'];
if($w['owner'] != $member['id']) {
$t = mysql_query("SELECT membername FROM ".DBPREF."members WHERE id = ".$w['owner']."");
$r = mysql_fetch_array($t);
$member['boss'] = $r['membername'];
}
return $member;
unset($q,$m,$w,$t,$r);
}[/PHP]
Can you help me please? Thanks
I'm building a login system for my application, but I'm having a little problem... It really needs top security, so I'm using both MySQL backend and cookies.
Example:
LOGIN FORM > VALIDATION > INSERT SECURE SESSION ID INTO DATABASE > STORE COOKIE WITH INFORMATION
That's for the login. For the authentication, I demand more than the "s" (for session) variable in the URL - that will only be any good combined with the cookie. So here's the authentication scheme, when the user enters a page:
CHECK FOR "S" VARIABLE if it exists > CHECK FOR A RECORD OF THE "S" ID IN DATABASE (with some extra security, but that one works and it's a secret
) if it exists > CHECK FOR "S" IN COOKIE > FETCH USERNAME FROM COOKIE; MATCH WITH SESSION > FETCH USER INFORMATION FROM COOKIEHowever, I need to store several variables into the user's cookie. I have them in an array, and I'd like to store them like phpBB does. I think they use the PHP serialize() function. However, when I decode the cookie with some regular decoder, here's what I get:
****** (cookie name) s:12:\"1r. Benedict\"; *******.*******.***/******/ (address) 1536 1389618816 29709504 748388000 29709500 *
Here's the code:
[PHP]
function verifylogin() {
cnt();
echo("<!-- Connected to database -->\n");
$user = $_POST['userName'];
echo("<!-- Obtained username: '".$user."' -->\n");
$pass = $_REQUEST['password'];
echo("<!-- Obtained password: 'big secret
' -->\n");$pass = [it gets encrypted here];
echo("<!-- Password has been encrypted! -->\n<!-- Starting queries... -->\n");
$q = "SELECT * FROM ".DBPREF."members WHERE membername = '".$user."'";
$q = mysql_query($q);
echo(mysql_error());
if(mysql_num_rows($q) == 0) { /*There's no such user*/
echo("<!-- Não digas a ninguém, mas o problema é a falta do username
-->\n");dologin("<b>Erro de login</b><br>As informações introduzidas não estão correctas.<br>");
} else { /*OK... username exists, check password*/
$row = mysql_fetch_array($q);
if([security routine, based on !=]) { /*we have a wrong pass*/
echo("<!-- Não digas a ninguém, mas o problema é a palavra-passe errada
-->\n");dologin("<b>Erro de login</b><br>As informações introduzidas não estão correctas.<br>");
} else { /*damnit... no error screens will b displayed, cos the info is right
*/echo("<!-- OK, temos informações válidas
Não deu para chatear desta vez -->\n");$sess = [generating secure session id];
mysql_query("DELETE FROM ".DBPREF."sessions WHERE member = '".$user."'"); /*delete old sessions*/
$q = "INSERT INTO ".DBPREF."sessions (member, shash, started, ip_address, browser) VALUES ('".$user."', '".$sess."', '".time()."', '".$HTTP_SERVER_VARS["REMOTE_ADDR"]."', '".$HTTP_SERVER_VARS['HTTP_USER_AGENT']."')"; /*both ip and browser agent don't work, but nevermind that for now*/
$q = mysql_query($q);
if($q == false) { /*wot?! we couldn't insert the session! it doesn't ever happen, but i'm preventing
*/echo("<!-- ALERTA! NÃO PODE SER INSERIDA A SESSÃO NA BASE DE DADOS. -->\n<!-- ".mysql_error()." -->\n");
globalerror("<b>Falha do sistema.</b><br>Por favor <a href='mailto:suporte@gsantos.webvila.com?subject=DevNET - Erro&body=".mysql_error()."'>contacte-nos</a>.");
} else { /*session row inserted into db*/
echo("<!-- Sessão inserida na base de dados: ".substr($sess,0,16)."XXXXXXXXXXXXXXXX -->\n");
echo("<!-- Iniciando obtenção de informações -->\n");
/*fetch member info*/$member = getinfo($user);
echo("<!-- Colocando informações em cookie... Username: '".$member['name']."' -->\n");
$member['session'] = $sess;
/*THIS IS WHERE IT DOESN'T WORK!!!*/setcookie("devnet", addslashes(serialize($member)), time()+1800);
echo("<!-- Teste de cookie:\nUsername: '".$HTTP_COOKIE_VARS[$member['name']]."'\n-->\n");
doredirect("Por favor aguarde...", "Você encontra-se agora identificado", DEVNET_URL."/?s=".$sess);
}
}
}
}
function getinfo($member) {
$q = mysql_query("SELECT membername,associated_website FROM ".DBPREF."members WHERE membername = '".$member."'");
$m = mysql_fetch_array($q);
$member['id'] = $m['id'];
$member['name'] = $m['membername'];
$q = mysql_query("SELECT * FROM ".DBPREF."websites WHERE id = ".$m['associated_website']."");
$w = mysql_fetch_array($q);
$member['website'] = $w['title'];
$member['website_url'] = $w['url'];
if($w['owner'] != $member['id']) {
$t = mysql_query("SELECT membername FROM ".DBPREF."members WHERE id = ".$w['owner']."");
$r = mysql_fetch_array($t);
$member['boss'] = $r['membername'];
}
return $member;
unset($q,$m,$w,$t,$r);
}[/PHP]
Can you help me please? Thanks
•
•
Join Date: Oct 2004
Location: San Francisco, CA
Posts: 338
Reputation:
Rep Power: 4
Solved Threads: 1
Posting Whiz
can you explain a little more of how you want your cookie to come back
$cookie[0] = 1536;
$cookie[1] = 1389618816;
$cookie[2] = 29709504;
is that what you mean?
if so look at the explode function
http://php.he.net/manual/en/function.explode.php
this will split into array where all the items are seperated by a space
whis will use the end of line character, or even use \r\n for linux computers
if you want to break it up into a named array use the list function
http://php.he.net/manual/en/function.list.php
$cookie[0] = 1536;
$cookie[1] = 1389618816;
$cookie[2] = 29709504;
is that what you mean?
if so look at the explode function
http://php.he.net/manual/en/function.explode.php
$cookie = explode(" ", $_COOKIE[someCookie']);$cookie = explode("\n", $_COOKIE[someCookie']);if you want to break it up into a named array use the list function
http://php.he.net/manual/en/function.list.php
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
Linear Mode
Similar Threads
- help with inserting a number into an array (C++)
- inserting an element into an array in c language (C)
- inserting an element into an array in c language (C)
- Array without twice the same number? (C)
Other Threads in the PHP Forum
- Previous Thread: PHP Downloads:Which one should I choose? *Newbie*
- Next Thread: Does anyone know where to find......
