index
<?php
/* COOKIES - a cookie API that is simply to reduce some redundancy
The following functions are defined:
cookie_set($name, $value)
cookie_get($name)
cookie_unset($name)
cookie_encode($data)
cookie_decode($edata, $data)
cookie_serialize($data)
cookie_unserialize($data)
These are optional arguments to some of those functions. See file SECURITY for
more information.
There are two defines here, a (hopefully) unique prefix for the cookies, and a
salt for encrypting a data cookie.
*/
define('COOKIE_BASE',"this_");
if (defined('SALT3')) // not defined = not set-up
define('COOKIE_SALT',SALT3);
else
define('COOKIE_SALT','randomchars');
define('COOKIE_EXP',60*60*24*30); // 30 days
define('COOKIE_ROOT','/');
/* cookie_serialize - serialize some data for a cookie */
function cookie_serialize($data) {
$data = serialize($data);
$data = rtrim(base64_encode($data),'=');
return $data;
}
/* cookie_unserialize - get data back from cookie */
function cookie_unserialize($data) {
$data .= '==';
$data = base64_decode($data);
return unserialize($data);
}
/* cookie_encode - this is for creating an encrypted "data" cookie */
// similar to a message authenticity check (MAC) (we think)
//
// usage:
//
// $c = cookie_encode($userid,$_SERVER['REMOTE_ADDR']);
// cookie_set('userdat',$c);
function cookie_encode($data, $pad = '') {
$key = COOKIE_SALT;
$c = md5($data.$pad.$key,TRUE);
$c = rtrim(base64_encode($c),'='); // slight obscurity
return $c;
}
/* cookie_decode - check the encrypted "data" cookie */
// usage:
//
// $c = cookie_get('userdat');
// $c = cookie_decode($c,$userid,$_SERVER['REMOTE_ADDR']);
// if ($c != $userid)
// error();
function cookie_decode($edata, $data, $pad = '') {
$key = COOKIE_SALT;
$edata .= '==';
$edata = base64_decode($edata);
if ($edata != md5($data.$pad.$key,TRUE))
return '';
return $data;
}
/*
The rest of these are basic cookie functionality simply to reduce what
would be redundant code if we did not have these.
*/
function cookie_set($name, $value, $expire = COOKIE_EXP, $root = COOKIE_ROOT) {
if (defined('COOKIE_BASE')) $name = COOKIE_BASE . $name;
if (!setcookie($name,$value,time()+$expire,$root))
debug('unable to set cookie');
$_COOKIE[$name] = $value;
// NOTE Not sure what to do if cookie cannot be set -- should be harmless
// as a UA might not accept them. But one of the bugs we had was output sent
// before trying to setcookie(), which then fails, when we were debugging the
// Admin login code! Somewhow that condition should be trapped...
// This is one problem of "debugging by print statements" debug code. *sigh*
}
function cookie_get($name = '') {
if ($name === '') return $_COOKIE;
if (defined('COOKIE_BASE')) $name = COOKIE_BASE . $name;
if (isset($_COOKIE[$name]))
return $_COOKIE[$name];
return '';
}
function cookie_unset($name, $time = 3600, $root = COOKIE_ROOT) {
if (defined('COOKIE_BASE')) $name = COOKIE_BASE . $name;
setcookie($name,'',time()-$time,$root);
unset($_COOKIE[$name]);
}
function cookie_str($base = '') {
if (defined('COOKIE_BASE') && $base == '')
$base = COOKIE_BASE;
$cookie_str = "";
$cookies = cookie_get(); // gets all cookies
foreach ($cookies as $name => $value) { // some not be ours
if ($base && !preg_match("/^$base/",$name)) // so we check
continue;
$cookie_str .= "$name=$value ";
}
return $cookie_str;
}
?>