Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    Regular Coder sonny's Avatar
    Join Date
    Apr 2008
    Location
    United States
    Posts
    567
    Thanks
    88
    Thanked 0 Times in 0 Posts

    Cookie code causing errors

    Hi

    This code is very old about 2005, its a php module for a perl script tracking script, that I have been using for years. The problem I discovered lately
    is that its causing error messages when used inside a forum page, when I visit with a cookie set, it works fine does not log me etc, but when a bot visits or i have no cookie It creates a error in the forum error log

    ( I see 2 types of errors in my forum error log )

    1 Undefined index: HTTP_REFERER
    and
    2 Undefined index: stats_no_log // the cookie name

    PHP Code:
    <?php

    if ($_COOKIE['stats_no_log'] != "1") {
    $STATSLogFile '/home/content/cgi-bin/stats/log/log.txt';
    $STATSTimeOffsetInHours = +3;

    $STATSdomain 'http://www.MyDomain.com';
    $STATSuri $_SERVER['REQUEST_URI'];
    $STATSrad $_SERVER['REMOTE_ADDR'];
    $STATSREMOTE_HOST = @getHostByAddr($STATSrad);

    $STATSFrom $_SERVER['HTTP_REFERER'];

    $STATSTo $STATSdomain.$STATSuri;
    $STATSHTTP_USER_AGENT $_SERVER['HTTP_USER_AGENT'];

    $STATSunixtime time() + (3600*$STATSTimeOffsetInHours);
    $STATSsecond date("s", ($STATSunixtime))+0;
    $STATSminute date("i", ($STATSunixtime))+0;
    $STATShour date("G", ($STATSunixtime))+0;
    $STATSday date("j", ($STATSunixtime))+0;
    $STATSmonth date("n", ($STATSunixtime))-1;
    $STATSyear date("y", ($STATSunixtime))+100;
    $STATSwday date("w", ($STATSunixtime))+0;
    $STATSyday date("z", ($STATSunixtime))+0;

    $STATSlogline =
    "|$STATSREMOTE_HOST|$STATSrad|$STATSFrom|$STATSTo|$STATSHTTP_USER_AGENT|$STATSsecond|$STATSminute|$STATShour|$STATSday|$STATSmonth|$STATSyear|$STATSwday|$STATSyday|\n";

    $STATSfile fopen("$STATSLogFile""a");
    flock($STATSfile2);
    fwrite($STATSfile"$STATSlogline");
    flock($STATSfile3);
    fclose($STATSfile);
    }

    ?>
    I do not think it properly deals with a cookie, anyone see what might be
    doing that

    Thanks
    Sonny
    Last edited by sonny; 06-24-2009 at 07:11 AM.

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    First of all... "very old" code is COBOL shiz written in 1975, not a PHP script written in 2005

    Second, those two errors are really just notices, not errors, but nonetheless, they indicate you are attempting to refer to an array index that doesn't exist. In the case of the cookie variable $_COOKIE['stats_no_log'], if you check first to see if it exists before you refer to it, that notice will go away:

    PHP Code:
    if (isset($_COOKIE['stats_no_log']) && $_COOKIE['stats_no_log'] != "1") { 
    The other one, $_SERVER['HTTP_REFERER'], shouldn't really be counted on at all, since it may or may not ever be set by the user agent. From the PHP manual:

    The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
    You can do the same thing here to stop the notice from happening:

    PHP Code:
    if (isset($_SERVER['HTTP_REFERER'])) {
        
    $STATSFrom $_SERVER['HTTP_REFERER']; 
    } else {
       
    $STATSFrom "User Agent did not provide this value";


  • Users who have thanked Fumigator for this post:

    sonny (06-24-2009)

  • #3
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    I highly recommend re-writing to sessions rather then cookies.
    Rowsdower! has accused me of having mental problems, and the administrator allowed it. What a great forum huh?

  • #4
    Regular Coder sonny's Avatar
    Join Date
    Apr 2008
    Location
    United States
    Posts
    567
    Thanks
    88
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by masterofollies View Post
    I highly recommend re-writing to sessions rather then cookies.
    Why? what is the advantages of that

    Note the perl module version of this script uses my hostname to not log me
    that is the best way I think, but do not know how to implement that in
    the above PHP code.

    Sonny

  • #5
    Regular Coder sonny's Avatar
    Join Date
    Apr 2008
    Location
    United States
    Posts
    567
    Thanks
    88
    Thanked 0 Times in 0 Posts
    Worked no more errors Thank you!

    Replaced this line
    PHP Code:
    if ($_COOKIE['stats_no_log'] != "1") { 
    With this line
    PHP Code:
    if (isset($_COOKIE['stats_no_log']) && $_COOKIE['stats_no_log'] != "1") { 

    Replaced this line
    PHP Code:
    $STATSFrom $_SERVER['HTTP_REFERER']; 
    With
    PHP Code:
    if (isset($_SERVER['HTTP_REFERER'])) {
        
    $STATSFrom $_SERVER['HTTP_REFERER']; 
    } else {
       
    $STATSFrom "User Agent did not provide this value";

    Thanks again
    Sonny

  • #6
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    To answer your question. Cookies are security risks, since information is actually stored in a file on your computer.

    SESSIONS are encrypted and are online only, no files. Nothing is completely safe from risks, but the security is far greater, and in my opinion easier to code.

    Cookies are from the old days, and sessions are what they are being replaced with.
    Rowsdower! has accused me of having mental problems, and the administrator allowed it. What a great forum huh?

  • #7
    Regular Coder sonny's Avatar
    Join Date
    Apr 2008
    Location
    United States
    Posts
    567
    Thanks
    88
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by masterofollies View Post
    To answer your question. Cookies are security risks, since information is actually stored in a file on your computer.

    SESSIONS are encrypted and are online only, no files. Nothing is completely safe from risks, but the security is far greater, and in my opinion easier to code.

    Cookies are from the old days, and sessions are what they are being replaced with.
    That cookie is only for the purpose of not logging my visits on my php pages,
    on standard htm pages I use SSI includes that call the perl script, and that
    excludes me from logging via my hostname

    In that code above I posted is it very difficult to add a ignore hostname string array. like setting?

    Thanks for weighing in
    Sonny

  • #8
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    Just trying to be helpful. I don't know anything about Perl
    Rowsdower! has accused me of having mental problems, and the administrator allowed it. What a great forum huh?

  • #9
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    Quote Originally Posted by masterofollies View Post
    Cookies are security risks, since information is actually stored in a file on your computer.

    SESSIONS are encrypted and are online only, no files. Nothing is completely safe from risks, but the security is far greater, and in my opinion easier to code.
    This is incorrect, I think. Sessions are not encrypted unless handled over SSL connection (https).

    Also, if I'm not mistaken, PHP sessions attempt to store the session id in a cookie by default. The SID can also be passed as a URL parameter, but that exposes information just like a cookie would.
    Are you a Help Vampire?

  • #10
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    Sessions can be used with MD5 and SHA1 encryption. Yes if used with SSL they are encrypted. There is many different types of sessions. I use them on almost every website I build.

    Sessions grew up from cookies as a way of storing data on the server side, because the inherent problem of storing anything sensitive on clients' machines is that they are able to tamper with it if they wish. In order to set up a unique identifier on the client, sessions still use a small cookie - this cookie simply holds a value that uniquely identifies the client to the server, and corresponds to a data file on the server.

    Sessions are a step up from cookies.
    Rowsdower! has accused me of having mental problems, and the administrator allowed it. What a great forum huh?

  • #11
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    Quote Originally Posted by masterofollies View Post
    Sessions can be used with MD5 and SHA1 encryption. Yes if used with SSL they are encrypted. There is many different types of sessions. I use them on almost every website I build.
    I'd be interested in reading more about this. Got links? php.net and Google are proving unhelpful with my search terms ("php sessions encryption").
    Are you a Help Vampire?

  • #12
    Regular Coder sonny's Avatar
    Join Date
    Apr 2008
    Location
    United States
    Posts
    567
    Thanks
    88
    Thanked 0 Times in 0 Posts

    Second, those two errors are really just notices, not errors, but nonetheless, they indicate you are attempting to refer to an array index that doesn't exist. In the case of the cookie variable $_COOKIE['stats_no_log'], if you check first to see if it exists before you refer to it, that notice will go away:

    PHP Code:
    if (isset($_COOKIE['stats_no_log']) && $_COOKIE['stats_no_log'] != "1") { 
    I just noticed Bots and anyone with cookies turned off, do not get logged with that line above, the logic does not seem right

    Shouldn't the code log everyone first by default then have an else statement if the cookie
    is present and set to stats_no_log=1, "then DO NOT log that hit"

    Can you give me an example on how to do that at the top of the code I posted
    and I think that will work.

    Thank you so much for taking the time to help me
    Sonny


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •