Page 1 of 2

Cookies.....Oatmeal Or Peanut Butter?

Posted: Thu Jul 07, 2005 2:29 pm
by Majoraslayer
I thought the topic name would get people's attention. Does anyone know anything about how to use cookies? I need to know how to make my page outside of phpBB share the same cookie as my phpBB board. Does anyone know anything about it?

Posted: Thu Jul 07, 2005 3:16 pm
by theda
You use the $_GET() to open a cookie.

Posted: Thu Jul 07, 2005 3:18 pm
by hawleyjr
Actually use the $_COOKIE

:)

Posted: Thu Jul 07, 2005 3:19 pm
by Majoraslayer
Can I get an example, using it with a sample phpBB cookie?

Posted: Thu Jul 07, 2005 3:22 pm
by Burrito
to what cookie are you referring? the log in cookie? If so, it's called "phpbb2mysql_data" and all it is is a serialzed md5 of the password and user id array.

phpBB doesn't use other cookies than that (to my knowledge anyway)...

Posted: Thu Jul 07, 2005 3:24 pm
by Majoraslayer
I mean, how would I check the phpBB cookie and use it the same as phpBB uses it? Like I said before, I'm a PHP noob.

Posted: Thu Jul 07, 2005 3:33 pm
by Burrito
unserialize() the array and check the md5()'d password against the database with the ID in the array...

Posted: Thu Jul 07, 2005 3:39 pm
by Majoraslayer
*is dumbfounded*

...um...

Posted: Thu Jul 07, 2005 3:42 pm
by Burrito
what part don't you understand and I'll explain it in more detail?

Posted: Thu Jul 07, 2005 3:43 pm
by Majoraslayer
md5
unserialize
which array you're referring to, and what it has to do with an ID

Posted: Thu Jul 07, 2005 3:48 pm
by Chris Corbyn
Heh.... I think you just wanna know how to even read the cookie in the first place right?

Code: Select all

$data = $_COOKIES['phpbb2mysql_data'];
$data = unserialize($data);

print_r($data);

Posted: Thu Jul 07, 2005 3:50 pm
by Majoraslayer
THANK YOU!! Thats exactly what I needed to know. I may need more help after I play with that for a second, but thats what I needed. Thanks a lot!

Posted: Thu Jul 07, 2005 3:52 pm
by Burrito
md5() go here: viewtopic.php?t=25624 <-- outstanding tutorial

unserialize() the manual does it pretty good justice. It's just the process of converting a serialized variable back into a php variable: from the manual.
unserialize() takes a single serialized variable (see serialize()) and converts it back into a PHP value. The converted value is returned, and can be an integer, float, string, array or object. In case the passed string is not unserializeable, FALSE is returned.
because the phpBB cookie, is a serialized array with two keys/values, you need to unserialize it, and grab the values from the array (the md5'd password and the id of the user). With those bits of information, you can query your database (assuming the ids and passes match the phpBBs) to check authentication of the user. Your best bet might be to just use the phpBB table to ensure you don't have any crossed user paths.

that clear it up?

Posted: Thu Jul 07, 2005 3:57 pm
by Majoraslayer
That cleared up quite a bit. But to keep things simple, where would I find the code that phpBB uses to check the cookie, so that I can make sure to make it work right? I just need to know the code to put in the page for the user to be logged in as long as they have the cookie to be logged into the board. I appreciate your explanation though, cause I really did learn some new stuff. It kinda lost me at what a serialized variable is, but guessing by the name, I guessing that the data stored in the variable is encrypted and thats where it gets the name?

Also, with

Code: Select all

$data = $_COOKIES['phpbb2mysql_data'];
$data = unserialize($data);

print_r($data);
[/quote]

nothing is being displayed when I print or echo $data. I know I have that cookie because I'm logged into my forum. Any reason why that is?

Posted: Thu Jul 07, 2005 4:02 pm
by Burrito
not encrypted, just converted to a string so it can be stored in other mediums (db's, cookies etc).

it's been a very long time since I played around with phpBB so I honestly cant' remember where the code is that checks against the cookie for validation.

you might try searching all of the phpBB files for "cookie" or "unserialize".

no matter, you can do what you're trying to do w/o finding their code...just do what I told you to do and you'll be good as gold :P