setcookie - HTML Forums

hammerstein_04 · 04-08-2008, 12:12 PM

Ok,
I'm using setcookie when a user logs in, storing the serialized data as per a tutorial I followed a while back now (can't find the tutorial), on my test machine the cookie is stored, no issue and everything works. However, when I upload to my host, when I login nothing happens.

So, I look at what "nothing" happens means and find that the cookie is being set, I'm able to output information, the login is being processed, cookie is written and set to expire in 5 days, but when I go to read it again, it's now set to; b%3A0%3B. It's as if it isn't reading back my serialised data after it's been set and then writing it back as nothing.

I've checked that the headers aren't being sent, and that I'm not getting any strange errors there, but then, it wouldn't work on my test machine if the headers were being sent.

Any ideas?

hammerstein_04 · 04-08-2008, 12:26 PM

Change that, I've changed the script a little..here it is;

PHP Code:


			
<?php
    class User
    {                
        private $_sessionExpiry;
        private $_userConfiguration;
        
        function User( )
        {        
            $this->_userConfiguration = array( );
            $this->_userConfiguration[ "isLoggedIn"] = false;
            
            $this->_sessionExpiry = 5;
        }
        
        function LoggedIn( )
        {
            return isset( $this->_userConfiguration[ "isLoggedIn"]) ? $this->_userConfiguration[ "isLoggedIn"] : false;
        }
        
        function Login( $username, $password )
        {
            $result = false;
            $database = Database::GetInstance();
                
            $query = "SELECT members.* , roles.*
                        FROM members
                        LEFT JOIN roles ON ( roles.id = members.role )
                        WHERE username = '{$username}'
                        AND members.password = PASSWORD( '{$password}')";
            
            $checkLogin = $database->Query( $query);
            
            if( $checkLogin && $database->RowCount( ) > 0)
            {
                $user = $checkLogin[ 0];
                
                $this->_userConfiguration[ "username"] = $user[ 'username'];
                $this->_userConfiguration[ "email"] = $user[ "emailaddress"];
                $this->_userConfiguration[ "name"] = $user[ 'title'] . " " . $user[ "initials"] . " " . $user[ "surname"];
                $this->_userConfiguration[ "isLoggedIn"] = true;
                $this->_userConfiguration[ "role"] = $user[ 'role'];
                $this->_userConfiguration[ "allowInsert"] = $user[ "allowInsert"];
                $this->_userConfiguration[ "allowDelete"] = $user[ "allowDelete"];
                $this->_userConfiguration[ "allowView"] = $user[ "allowView"];

                $this->WriteCookie();
                
                $result = true;
            } 
            
            return $result;
        }
        
        function Logout( )
        {
            setcookie( "currentInfo",
                    addslashes(serialize(array())),
                    (time( ) - 31500000),
                    "/");
        }
        
        function Create( )
        {
            if( !$this->ReadCookie( ))
            {
                $sessionId = "";                
                
                while( strlen( $sessionId) < 32)
                    $sessionId .= mt_rand( 0, mt_getrandmax( ));
                    
                $this->AddData( "sessionId", md5(uniqid( $sessionId)));        
            }
        }
        
        function WriteCookie( )
        {
            $sessionData = serialize( $this->_userConfiguration);

            if(!setcookie( "currentInfo", 
                                $sessionData,
                                time() + 60 * 60 * 24 * $this->_sessionExpiry,
                                "/"))
            {
                echo " Failed to set cookie ";
                exit( );
            }
        }
        
        function ReadCookie( )
        {
            if( isset( $_COOKIE[ "currentInfo"])){
                $this->_userConfiguration = array( );
                $this->_userConfiguration  = unserialize( $_COOKIE[ "currentInfo"]);
                
                return true;
            }
            
            return false;
        }
        
        function AddData( $key, $value)
        {
            if( !array_key_exists( $key, $this->_userConfiguration))            
                $this->_userConfiguration[ $key] = $value;            
                
            $this->WriteCookie( );
        }
        
        function GetValue( $key)
        {
            if( is_array( $this->_userConfiguration))
            {
                if( array_key_exists( $key, $this->_userConfiguration))
                    return $this->_userConfiguration[ $key];
            } else
                echo " INVALID ARRAY ";                        
                
            return null;
        }
        
        function CheckPermissions( $request )
        {
            $result = false;
            $database = Database::GetInstance( );
            
            if( substr( $request, strlen( $request) - 1, 1) == "/")
                $request = substr( $request, 0, strlen( $request) - 1);
            
            if( isset( $this->_userConfiguration[ "role"]))
            {
                $query = "SELECT * FROM permissions WHERE feature = '{$request}'";

                $permissions = $database->Query( $query);
                
                if( $permissions && $database->RowCount( ) > 0)
                {
                    $permission = $permissions[ 0];                    
                    
                    if( $permission[ 'permissions'] & $this->_userConfiguration[ "role"])
                        $result = true;                    
                } 
            } 
            
            return $result;
        }
    }

This is the user login. It appears to be setting the cookie now (using developer toolbar to examine contents of cookie) , but it's not reading it back loading the array $this->_userConfiguration

hammerstein_04 · 04-08-2008, 12:56 PM

Ok... fixed it.

My problem was on the line;

$this->_userConfiguration = unserialize( $_COOKIE[ 'currentInfo'])

this had to become;

$this->_userConfiguration = unserialize( stripslashes( $_COOKIE[ 'currentInfo']))

I'm going to leave this up incase anybody else gets a similar problem.

Vege · 04-09-2008, 05:26 PM

Quote:

magic_quotes_gpc Affects HTTP Request data (GET, POST, and COOKIE). Cannot be set at runtime, and defaults to on in PHP. See also get_magic_quotes_gpc().

I think your seeing the side effect of magic_quotes and your inserting the data into cookie wrong:

Quote:

Never stripslashes!
That's the golden rule. You should never have to use stripslashes. Ever.

hammerstein_04 · 04-09-2008, 07:49 PM

Ok.. well I was following another tutorial, they used serialize (I'm taking what they did in theirs). What's the recommended way of achieving this?

Vege · 04-10-2008, 01:33 PM

your data had unwanted slashed added to it as magic_quotes (if on) will automatically add \ before these characters : ' (single-quote), " (double quote), \ (backslash) and NULL
Thats why you think you need to stripslash the data, but in reality you should check that if magic_quotes are on as the data you insert into the cookie is twisted.
http://www.htmlforums.com/serverside...on-100193.html