...

View Full Version : Unserailizing cookies values?



karlosio
10-22-2009, 04:05 AM
Hi, I am trying to learn a bit about cookies and sessions and at the moment how to store array values into a cookie using serialize. I have a simple form (nothing fancy) where im serializing the $_POST values and putting them into the setcookie value. This works ok, the cookie gets written, however when I try to retrieve the cookie information by unserializing it on the next page. I get the following message:



Notice: unserialize() [function.unserialize]: Error at offset 9 of 60 bytes in C:\Program Files\xampp\htdocs\sites\testsite\checksession.php on line 24
string(60) "a:3:{i:0;s:8:\"karlosio\";i:1;s:6:\"123456\";i:2;s:1:\"1\";}"


Here is my code:

Page 1 (with form):



<?php
session_start();
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$remember = $_POST['rem'];

if($remember == 1)
{
$arr[] = $username;
$arr[] = $password;
$arr[] = $remember;
$s = serialize($arr);
setcookie("Mysite", $s, time() + 86400);
}

$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("Location: checksession.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
if(isset($_GET['do']) && $_GET['do'] == "loggedout")
{
echo "<p>You have logged out.</p>";
}
?>
<form action="" method="post">
Username:<input type="text" name="username" /><br />
Password:<input type="password" name="password" /><br />
Remember Me:<input type="checkbox" name="rem" value="1" />
<input type="submit" name="submit" value="Login" />
</form>
</body>
</html>


Page 2:



<?php
session_start();
if(isset($_GET['do']) && $_GET['do'] == "logout")
{
setcookie("Mysite", '', time() - 86400);
$_SESSION = array();
session_destroy();
header("Location: cookies_sessions.php?do=loggedout");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
if(isset($_SESSION['username']) && isset($_COOKIE['Mysite']))
{
echo "<p>Welcome " . $_SESSION['username'] . " Your password is " . $_SESSION['password'] . "</p>";
unserialize($_COOKIE['Mysite']);
var_dump($_COOKIE['Mysite']);
?>
<a href="checksession.php?do=logout">Logout</a>
<?php
} else {
?>
Welcome Guest
<?php
}
?>
</body>
</html>

CFMaBiSmAd
10-22-2009, 04:19 AM
magic_quotes_gpc appears to be on and is escaping the special characters in the incoming cookie data. If magic_quotes_gpc is on, use stripslashes() on the data first.

karlosio
10-22-2009, 04:27 AM
I've tried stripslashes on it but to no effect, I still get the same message.



if(get_magic_quotes_gpc())
{
stripslashes($_COOKIE['Mysite']);
}
unserialize($_COOKIE['Mysite']);
var_dump($_COOKIE['Mysite']);

CFMaBiSmAd
10-22-2009, 04:55 AM
Both stripslashes and unserialize return the result of their operation -


if(get_magic_quotes_gpc())
{
$_COOKIE['Mysite'] = stripslashes($_COOKIE['Mysite']);
}
$your_array = unserialize($_COOKIE['Mysite']);
var_dump($your_array);

karlosio
10-22-2009, 05:00 AM
Both stripslashes and unserialize return the result of their operation -


if(get_magic_quotes_gpc())
{
$_COOKIE['Mysite'] = stripslashes($_COOKIE['Mysite']);
}
$your_array = unserialize($_COOKIE['Mysite']);
var_dump($your_array);

I see, never thought of that (something so simple). Thanks a lot :)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum