Page 2 of 2

Re: Cookie property/values to variable/values with var var?

Posted: Sat May 24, 2008 8:28 am
by VladSun
:)
... and finally you will create your own implementation of (un)serialize() pair of functions. But why ;) ?

You will have a pair of functions which do eventually the same thing as the PHP native ones...

Re: Cookie property/values to variable/values with var var?

Posted: Sat May 24, 2008 8:38 am
by JAB Creations
Ok ok ok...

I've got another one that wouldn't be as suceptable to possible $_GET/$_POST/$_COOKIE attacks...

Code: Select all

$cookie2 = 'audio.0/backgroundimages./browserpatch.1/chatroom.0/connection.0/css3.0/cursors.0/dhtmleffects./dtd.1/ieccss.1/initialfocus.content/keyboardlayout.designer/mediatype./personality.0/powerkeys.0/sounds.0/theme.classic';
list($audio, $backgroundimages, $browserpatch, $chatroom, $connection, $css3, $cursors, $dhtmleffects, $dtd, $ieccss, $keyboardlayout, $mediatype, $personality, $powerkeys, $sounds, $theme) = split('[/.-]', $cookie2);
Using split on a list seems to work in the second example on the split page however I'm not sure how to choose the second part to be the value instead of the first?

With the above code if I echo $audio it will echo out 'audio'....so how do I change the pattern so that it would echo out '0'?

Soooooooooooooooooooooooooooo close! :mrgreen:

Re: Cookie property/values to variable/values with var var?

Posted: Sat May 24, 2008 8:56 am
by VladSun
You may know I hate to give copy/paste examples but I'll do an exception for you ;)

Code: Select all

class SecureCookieStorage
{
    function SecureCookieStorage($namespace, $salt)
    {
        $this->salt = $salt;
        $this->namespace = $namespace;
        $this->expire = 29000;
        $this->encrypt_algorithm = 'sha1';
    }
    
    function write($data)
    {
        if (!setcookie($this->namespace, ($data = gzdeflate(serialize($data))), time() + $this->expire, '/'))
            return false;
        if (!setcookie($this->namespace.'_hmac', $this->_hmac($data), time() + $this->expire, '/'))
            return false;
        return true;
    }
    
    function read()
    {
        if ($this->_hmac($_COOKIE[$this->namespace]) != $_COOKIE[$this->namespace.'_hmac'])
            return false;
        if (!($data = gzinflate($_COOKIE[$this->namespace])))
            return false;
        if (!($data = unserialize($data)))
            return false;
        return $data;
    }
    
    function _hmac($data)
    {
        /* md5 and sha1 only */
        $this->encrypt_algorithm = strtolower($this->encrypt_algorithm);
        $map = array('md5'=>'H32','sha1'=>'H40');
        
        if (strlen($this->salt) > 64) 
            $this->salt = pack($map[$this->encrypt_algorithm], $this->encrypt_algorithm($this->salt));
        if (strlen($this->salt) < 64) 
            $this->salt = str_pad($this->salt, 64, chr(0));
        
        $ipad = substr($this->salt, 0, 64) ^ str_repeat(chr(0x36), 64);
        $opad = substr($this->salt, 0, 64) ^ str_repeat(chr(0x5C), 64);
        
        return($this->encrypt_algorithm($opad.pack($map[$this->encrypt_algorithm], $this->encrypt_algorithm($ipad.$data))));
    }
    
}
 
PS: I'm not going to follow your implementation though :)

EDIT: Some bugs fixed :)

Re: Cookie property/values to variable/values with var var?

Posted: Sat May 24, 2008 9:58 am
by JAB Creations
Whoa...that is just insane code. I don't want to be rude or disappoint you in any way but while that may look like gold to you right now at my level it looks like a big hairy bug that says, 'Go ahead, just put your hand near my mouth!' 8O

I don't want to humor you and end up making you angry, we're just both going in two different directions (I think?) so I think we should cut it off now because the amount of progress I've made is good enough at the moment with using things like foreach versus my PHP class file which had very repetitive procedural programming. Once I do finish the first half of this week's code it will in effect be like my personal third generation sort of understanding of PHP (local procedural, universal classes with repetitive procedural programming, third being foreach functions in my PHP class file) . I think your understanding is somewhere around 23 or 24 or something! :mrgreen: LoL...I have a brain that I'm stuck learning things at baby steps...eventually if things stair in that direction I do hope to be able to comprehend what you've posted but even given the entire answer (I presume) I'm just clueless staring at it. Thanks for trying to help me with it though, I sincerely bow to your godly understanding of my favorite web programming language. :bow:

Re: Cookie property/values to variable/values with var var?

Posted: Sat May 24, 2008 10:02 am
by VladSun
JAB Creations wrote:Whoa...that is just insane code. I don't want to be rude or disappoint you in any way but while that may look like gold to you right now at my level it looks like a big hairy bug that says, 'Go ahead, just put your hand near my mouth!' 8O

:lol: :lol: :lol:

Wish you all the best :)

Re: Cookie property/values to variable/values with var var?

Posted: Sat May 24, 2008 10:08 am
by JAB Creations
Thanks! I'm going to go with the list method I mentioned above and just need a regex so if you want to follow that thread it's at...
viewtopic.php?f=38&t=83126

...and feel free to message me if you need help with CSS and JavaScript. :drunk: