Unserailizing cookies values?

[karlosio]

Hi, I am trying to learn a bit about cookies and sessions and at the moment how to store array values into a cookie using serialize. I have a simple form (nothing fancy) where im serializing the $_POST values and putting them into the setcookie value. This works ok, the cookie gets written, however when I try to retrieve the cookie information by unserializing it on the next page. I get the following message:

Code:

Notice: unserialize() [function.unserialize]: Error at offset 9 of 60 bytes in C:\Program Files\xampp\htdocs\sites\testsite\checksession.php on line 24
string(60) "a:3:{i:0;s:8:\"karlosio\";i:1;s:6:\"123456\";i:2;s:1:\"1\";}"

Here is my code:

Page 1 (with form):

PHP Code:

<?php
session_start();
if(isset($_POST['submit']))
{
    $username = $_POST['username'];
    $password = $_POST['password'];
    $remember = $_POST['rem'];
    
    if($remember == 1)
    {
        $arr[] = $username;
        $arr[] = $password;
        $arr[] = $remember;
        $s = serialize($arr);
        setcookie("Mysite", $s, time() + 86400);
    }
    
    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;
    header("Location: checksession.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
if(isset($_GET['do']) && $_GET['do'] == "loggedout")
{
    echo "<p>You have logged out.</p>";
}
?>
<form action="" method="post">
Username:<input type="text" name="username" /><br />
Password:<input type="password" name="password" /><br />
Remember Me:<input type="checkbox" name="rem" value="1" />
<input type="submit" name="submit" value="Login" />
</form>
</body>
</html>

Page 2:

PHP Code:

<?php
session_start();
if(isset($_GET['do']) && $_GET['do'] == "logout")
{
    setcookie("Mysite", '', time() - 86400);
    $_SESSION = array();
    session_destroy();
    header("Location: cookies_sessions.php?do=loggedout");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
if(isset($_SESSION['username']) && isset($_COOKIE['Mysite']))
{
    echo "<p>Welcome " . $_SESSION['username'] . " Your password is " . $_SESSION['password'] . "</p>";
    unserialize($_COOKIE['Mysite']);
    var_dump($_COOKIE['Mysite']);
?>
<a href="checksession.php?do=logout">Logout</a>
<?php
} else {
?>
Welcome Guest
<?php
}
?>
</body>
</html>

[CFMaBiSmAd]

magic_quotes_gpc appears to be on and is escaping the special characters in the incoming cookie data. If magic_quotes_gpc is on, use stripslashes() on the data first.

[karlosio]

I've tried stripslashes on it but to no effect, I still get the same message.

PHP Code:

if(get_magic_quotes_gpc())
    {
        stripslashes($_COOKIE['Mysite']);
    }
    unserialize($_COOKIE['Mysite']);
    var_dump($_COOKIE['Mysite']); 


[CFMaBiSmAd]

Both stripslashes and unserialize return the result of their operation -

PHP Code:

if(get_magic_quotes_gpc())
    {
        $_COOKIE['Mysite'] = stripslashes($_COOKIE['Mysite']);
    }
    $your_array = unserialize($_COOKIE['Mysite']);
    var_dump($your_array); 


[karlosio]

Quote:

Originally Posted by CFMaBiSmAd

Both stripslashes and unserialize return the result of their operation -

PHP Code:

if(get_magic_quotes_gpc())
    {
        $_COOKIE['Mysite'] = stripslashes($_COOKIE['Mysite']);
    }
    $your_array = unserialize($_COOKIE['Mysite']);
    var_dump($your_array); 


I see, never thought of that (something so simple). Thanks a lot