Author Topic: [PHP] Cookies..  (Read 13993 times)

0 Members and 6 Guests are viewing this topic.

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
[PHP] Cookies..
« on: June 07, 2006, 04:25:52 am »
Here's my three-hour's worth of work on cookies. I never really figured out how to delete a cookie so ?logout won't work. You have to redirect yourself to ?info manually, and for some reason the cookie explode function won't work. Anyhow, here it is (test).
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: [PHP] Cookies..
« Reply #1 on: June 07, 2006, 07:02:53 am »
You use set_cookie(blah, "", time);
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [PHP] Cookies..
« Reply #2 on: June 07, 2006, 08:14:30 am »
You use set_cookie(blah, "", time);
Isn't that what he's doing?


Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: [PHP] Cookies..
« Reply #3 on: June 07, 2006, 08:21:44 am »
No, he does nothing:
Code: [Select]
        case "logout":        // logging out, duh
            break;

Secondly, md5 blows.  Change them to SHA1.
You should also call error_reporting(E_ALL) and do an isset() check on your get variables.  You should also set a cookie expiration date.  Setting cookies good until the browser closes is a stupid thing to do, and can be replaced by the $_SESSION superglobal (that's what it was made for).

Nextly, you should return all of your strings, and never print from functions, unless you're doing OOP (which you're not).

Furthermore, hange the password box to a password type.  Also, "Translate"?  WTF?

You have a problem:
Quote
Cookie: a722c63db8ec8625af6cf71cb8c2d939 test1
Logged in as test1
Account doesn't exist.
I can't be logged in with a non-existant account.  It doesn't make sense.  You could be tracing these problems out with error_reporting(E_ALL);

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [PHP] Cookies..
« Reply #4 on: June 07, 2006, 09:48:43 am »
You're being overly picky for no reason. 

No, he does nothing:
Code: [Select]
        case "logout":        // logging out, duh
            break;
I thought he meant in general, I didn't realize he was talking about the logging out.

Secondly, md5 blows.  Change them to SHA1.
In this context, md5 vs sha1 makes absolutely no difference.

You should also call error_reporting(E_ALL) and do an isset() check on your get variables.
Useful advice for developing, in general, but he's releasing the software so setting it to E_ALL would be annoying for others.

  You should also set a cookie expiration date.  Setting cookies good until the browser closes is a stupid thing to do, and can be replaced by the $_SESSION superglobal (that's what it was made for).
That's true, but then this wouldn't be a demonstration of cookies, would it?  There's nothing wrong with a login cookie expiring at close, even if session is better.  It's definitly not "stupid". 

Nextly, you should return all of your strings, and never print from functions, unless you're doing OOP (which you're not).
Both ways are fine. 

Furthermore, hange the password box to a password type.
Again: demonstration. 

You have a problem:
Quote
Cookie: a722c63db8ec8625af6cf71cb8c2d939 test1
Logged in as test1
Account doesn't exist.
I can't be logged in with a non-existant account.  It doesn't make sense.  You could be tracing these problems out with error_reporting(E_ALL);
You don't have to be an asshole when you report a bug. 

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: [PHP] Cookies..
« Reply #5 on: June 07, 2006, 09:57:23 am »
As for E_ALL, I was expecting the programmer who implements a changed version of this to add their own error checking, etc. Also, printing from functions was just the quick-and-sloppy approach I took to this, trying to get the concept to work even if it required breaking coding style (which can always be fixed later).

Also, you can very well be logged in from a nonexistant account. Hack your cookies file and put in "ffffffffffffffffffffffffffffffff acct_that_doesnt_exist".
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: [PHP] Cookies..
« Reply #6 on: June 07, 2006, 10:13:45 am »
You're mutilating PHP..stop it.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: [PHP] Cookies..
« Reply #7 on: June 07, 2006, 01:17:51 pm »
You're being overly picky for no reason. 
I'm criticizing his code and trying to help him learn how to better implement his ideas in PHP.  I'm not trying to be mean or anything.

Secondly, md5 blows.  Change them to SHA1.
In this context, md5 vs sha1 makes absolutely no difference.
md5 is infitely easier to collide than sha1, and if someone hijacked an admin cookie, they could easily log in as the superuser.

You should also call error_reporting(E_ALL) and do an isset() check on your get variables.
Useful advice for developing, in general, but he's releasing the software so setting it to E_ALL would be annoying for others.
I keep E_ALL on on all of my projects, and trap the errors, though it is just personal preference.

  You should also set a cookie expiration date.  Setting cookies good until the browser closes is a stupid thing to do, and can be replaced by the $_SESSION superglobal (that's what it was made for).
That's true, but then this wouldn't be a demonstration of cookies, would it?  There's nothing wrong with a login cookie expiring at close, even if session is better.  It's definitly not "stupid". 
I'm just saying it would be a more effective demonstration of cookies if he did something that only cookies could do, like carrying a login over multiple sessions.

Nextly, you should return all of your strings, and never print from functions, unless you're doing OOP (which you're not).
Both ways are fine. 
Gah..I supposed, but it bugs me.

Furthermore, hange the password box to a password type.
Again: demonstration. 
It's what the "password" type is for.

You have a problem:
Quote
Cookie: a722c63db8ec8625af6cf71cb8c2d939 test1
Logged in as test1
Account doesn't exist.
I can't be logged in with a non-existant account.  It doesn't make sense.  You could be tracing these problems out with error_reporting(E_ALL);
You don't have to be an asshole when you report a bug. 

Wasn't trying to be.  I was just pointing out that something went wrong and conflicting messages were printed.  Anyway, that "could" is should*, my bad.

Offline Sidoh

  • Moderator
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [PHP] Cookies..
« Reply #8 on: June 07, 2006, 02:16:20 pm »
Tip: use <?php.  I think I've told you that before.

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: [PHP] Cookies..
« Reply #9 on: June 07, 2006, 02:25:44 pm »
Yeah, I completely overlooked that.

<? is used by XML as well, so you should always do <?php and <?xml, instead of just plain old <?.  Also, though it's not *required*, php?> works just as well, but isn't all that helpful unless you're mixing XML and PHP

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: [PHP] Cookies..
« Reply #10 on: June 07, 2006, 03:50:38 pm »
Nextly, you should return all of your strings, and never print from functions, unless you're doing OOP (which you're not).
Both ways are fine. 

I strongly suggest learning to seperate core code from display code. It applies in almost every programming language and is a plus for organization. It's a bitch to upgrade code which is riddled with a bunch of HTML. Please, do yourself a favor. Both ways are not fine. I'm warning you.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: [PHP] Cookies..
« Reply #11 on: June 07, 2006, 05:49:13 pm »
This was a demonstration of how cookies can be used, not how to write PHP.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: [PHP] Cookies..
« Reply #12 on: June 07, 2006, 07:07:05 pm »
You should always write good PHP. That's a bad demonstration at most.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Sidoh

  • Moderator
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [PHP] Cookies..
« Reply #13 on: June 07, 2006, 08:02:46 pm »
That's like writing an English paper on how to use semicolens, but failing to use other aspects of the language correctly.  It's just stupid.

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: [PHP] Cookies..
« Reply #14 on: June 07, 2006, 08:04:17 pm »
<insert generic comment about poor programming habits here>

actually, I'm sure I would be saying more than that if it was in a language that I knew better :)

Offline Sidoh

  • Moderator
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [PHP] Cookies..
« Reply #15 on: June 07, 2006, 08:09:53 pm »
<insert generic comment about poor programming habits here>

actually, I'm sure I would be saying more than that if it was in a language that I knew better :)

*grin*

Oh, I missed the entire discussion about seperating display output from other portions of a script.. yeah, I absolutely agree with warrior.  One way may work, but it's a huge fucking pain in the ass to upgrade code when you're stuck with static display output.  I don't necessarily agree that this sort of thing warrants such coding techniques, but it wouldn't hurt to practice these sorts of things, even on such a simple project.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [PHP] Cookies..
« Reply #16 on: June 07, 2006, 09:00:08 pm »
Of everything, there are only a couple points that I want to pursue:

I'm criticizing his code and trying to help him learn how to better implement his ideas in PHP.  I'm not trying to be mean or anything.
There's a way to criticize code to help, and a way to criticize to be mean.  I suspect that your original post reflected the latter, but I could be mistaken. 

md5 is infitely easier to collide than sha1, and if someone hijacked an admin cookie, they could easily log in as the superuser.
The only way to find a collision is to control two different plaintext messages and force them to hash to the same.  Both SHA1 and MD5 are vulnerable to that, but that only affects very rare cases.  In general, to store password or other sensitive data in a non-reversable form, MD5 and SHA1 are still fairly strong. 

Yes, there is a slightly higher chance that "Lovecraft" and "Cthulhu" will collide on MD5 than on SHA1, but it's such a miniscule difference that it's not worth considering. 

You really shouldn't store the password in a cookie in any form, technically.  I tend to use a disposable token, like the session variable, that expires when the cookie expires. 
« Last Edit: June 08, 2006, 01:19:35 pm by iago »

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: [PHP] Cookies..
« Reply #17 on: June 08, 2006, 10:06:22 am »
I'm sorry that I have to do this, a little part of me just died on the inside:

criticize*

There are only two commonly mispelled words that bug me, now you know one ;)

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [PHP] Cookies..
« Reply #18 on: June 08, 2006, 01:18:39 pm »
I'm sorry that I have to do this, a little part of me just died on the inside:

criticize*

There are only two commonly mispelled words that bug me, now you know one ;)

Yeah, I knew it looked wrong, so I switched the s and z.  It still looked wrong, so I just gave up.  I hate the word. 

Offline Sidoh

  • Moderator
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [PHP] Cookies..
« Reply #19 on: June 08, 2006, 02:32:09 pm »
I'm sorry that I have to do this, a little part of me just died on the inside:

criticize*

There are only two commonly mispelled words that bug me, now you know one ;)

Wut iz teh other won?

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: [PHP] Cookies..
« Reply #20 on: June 08, 2006, 02:50:22 pm »
If I told you I'd have to kill you

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [PHP] Cookies..
« Reply #21 on: June 08, 2006, 07:28:17 pm »
In other words, start intentionally misspelling difficult-to-spell words until he speaks up. :)

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: [PHP] Cookies..
« Reply #22 on: June 08, 2006, 07:39:03 pm »
Haha, that would work if there were more than the two that bothered me.  It doesn't help your cause to spam words that don't bother me.

I'll give it up for a really good cookie or a fresh beer.

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: [PHP] Cookies..
« Reply #23 on: June 08, 2006, 08:22:08 pm »
How about a pwncookie, or maybe even a whole batch of pwncookies?

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [PHP] Cookies..
« Reply #24 on: June 08, 2006, 08:34:28 pm »
Haha, that would work if there were more than the two that bothered me.  It doesn't help your cause to spam words that don't bother me.

I'll give it up for a really good cookie or a fresh beer.
No, but evenchally we're bound to find the word. :P

Offline Sidoh

  • Moderator
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [PHP] Cookies..
« Reply #25 on: June 08, 2006, 11:50:37 pm »
I agree iago, we must manetane our efferts.

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: [PHP] Cookies..
« Reply #26 on: June 09, 2006, 09:45:21 am »
lol@ manetane

rabbit, those cookies don't have nearly enough chocolate chips.  Who do you take me for? A non cookie-afficianado? Honestly.

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: [PHP] Cookies..
« Reply #27 on: June 09, 2006, 10:43:50 am »
They have enough, trust me (or did, before I ate them a few months ago).  The chips consolidate towards the bottoms due to the way the dough spreads in the oven.

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: [PHP] Cookies..
« Reply #28 on: June 09, 2006, 10:53:56 am »
Damn't.  Now I'm hungry

Offline d&q

  • Hero Member
  • *****
  • Posts: 1427
  • I'm here.
    • View Profile
    • Site
Re: [PHP] Cookies..
« Reply #29 on: June 09, 2006, 01:45:42 pm »
lol@ manetane

rabbit, those cookies don't have nearly enough chocolate chips.  Who do you take me for? A non cookie-afficianado? Honestly.

Warez the fudge? Its speled aficionado! Dunt b a hippo-crit!
The writ of the founders must endure.

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: [PHP] Cookies..
« Reply #30 on: June 09, 2006, 02:12:12 pm »
I'm sorry that I have to do this, a little part of me just died on the inside:

criticize*

There are only two commonly mispelled words that bug me, now you know one ;)

I know its hypocritical! I only care when its those two words :(

Offline deadly7

  • 42
  • Moderator
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: [PHP] Cookies..
« Reply #31 on: June 11, 2006, 10:45:08 pm »
I hate to do this:
it's*

Now you one of the words that wen mispelled pisses me of.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: [PHP] Cookies..
« Reply #32 on: June 11, 2006, 11:52:14 pm »
deadly is a hypocrite. He has horrible spelling, and I was not able to figure out what that "you" is doing in his sentence.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Sidoh

  • Moderator
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [PHP] Cookies..
« Reply #33 on: June 12, 2006, 12:27:58 am »
Now you one of the words that wen mispelled pisses me of.

Oh the irony... grammatical errors and a spelling error?

* misspelled.

I would much rather have someone misplace, misuse or forget an apostrophe than use a sentence which is totally grammatically incorrect. :P

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: [PHP] Cookies..
« Reply #34 on: June 12, 2006, 06:56:42 am »
I think it was intentional.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Sidoh

  • Moderator
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [PHP] Cookies..
« Reply #35 on: June 12, 2006, 03:10:27 pm »
I think it was intentional.

I don't.  Even if he confirms it, I'll still have doubt. :P

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: [PHP] Cookies..
« Reply #36 on: June 12, 2006, 11:13:37 pm »
Quote
Now you one of the words that wen mispelled pisses me of.
Know you one of the words that, when misspelled, pisses me off.

Shakesperian English.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: [PHP] Cookies..
« Reply #37 on: June 13, 2006, 08:19:00 am »
Not even close to Shakespearean.  First, he would reference sex and mock someone's mother at least once.  Second, it would rhyme.  And third it would be grammatically correct.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [PHP] Cookies..
« Reply #38 on: June 13, 2006, 09:34:22 am »
Not even close to Shakespearean.  First, he would reference sex and mock someone's mother at least once.  Second, it would rhyme.  And third it would be grammatically correct.
Your first point sucks.

Not everything Shakespeare wrote rhymes, only small areas. 

Shakespearean grammar is quite different from modern grammar, so your third point is debateable, at best. 

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: [PHP] Cookies..
« Reply #39 on: June 13, 2006, 04:24:02 pm »
Then add point four: it would be a good insult.

Offline deadly7

  • 42
  • Moderator
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: [PHP] Cookies..
« Reply #40 on: June 13, 2006, 06:02:34 pm »
Now you one of the words that wen mispelled pisses me of.

Oh the irony... grammatical errors and a spelling error?

* misspelled.

I would much rather have someone misplace, misuse or forget an apostrophe than use a sentence which is totally grammatically incorrect. :P
That was the whole point of my sentence.  I added random words.  I don't even remember what the hell I was trying to say.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine