1

我的 Cookie 设置有问题,这是代码行:

if(!empty($userdata)) {

    $qry = mysql_query("SELECT * FROM st_user WHERE oid = '$uid'");
    $get_array = mysql_fetch_array($qry);

    $set_id_session = md5($username);
    //And then set cookies
    setcookie('FBSESSID', '$set_id_session', time()+86400, '/', '.setujuh.com'); //Cookie set at this line

    $do_sess = $_COOKIE['FBSESSID'];

    echo $_COOKIE['FBSESSID'];
    print_r($_COOKIE);

    $date = date('Y-m-d h:i:s');

    mysql_query ("UPDATE st_user SET fb_sess_id = '$do_sess', lastvisitDate = '$date' WHERE oid = '$uid'");

}

我的问题是为什么当我尝试调用它时我的 Cookie 没有设置?

4

3 回答 3

0

不久前,我选择了一个安全的随机生成器,它应该非常适合您的 cookie 验证令牌(会话 ID);

    function TokenGenerator($Length)
    {
        $CharPool = '0123456789';
        $CharPool .= 'abcdefghijklmnopqrstuvwxyz';
        $CharPool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';

        $RandomNumber = function($Minimum, $Maximum) 
        {           
            # Find the range of the maximum and minimum allowed output
            $Range = $Maximum - $Minimum;

            # If the range is less than 0 forget the rest and return the minimum allowed number as  a 'random' bit
            if($Range < 0) 
            {
                return $Minimum; 
            }

            # Calculate the logarithm for $Range variable
            $Logarithm = (int) log($Range, 2)+1;

            $ByteLength = (int) ($Logarithm-1/8)+1;

            $BitF = (int) (1 << $Logarithm)-1; 

            do 
            {   
                # Get some random binary bytes
                $RndBinBytes = openssl_random_pseudo_bytes($ByteLength);

                # Converts the binary to hexadecimal
                $HexBytes = bin2hex($RndBinBytes);

                # Convert the hexadecimal bytes to decimal
                $Random = hexdec($HexBytes);

                # Use the AND operator to discard the unneeded bits
                $Random = $Random & $BitF; 
            } 
            while($Random >= $Range);

            # Return the random number found by the sub function to the main function
            return $Minimum + $Random;
        };

        # Initialise the RandChars variable
        $RandChars = '';

        $LengthOfPool = strlen($CharPool);

        for ($Counter = 0; $Counter < $Length; $Counter +=1) 
        {
            $RandNum = $RandomNumber(0, $LengthOfPool);

            # Pick from the pool of chars
            $RandChar = $CharPool[$RandNum];

            # Append the random char to the token to be returned at the end
            $RandChars .= $RandChar;
        }
        return $RandChars;
    }

要为您的 cookie 计划添加另一层安全性,您可以加密 cookie 的内容以确保 cookie 首先不被篡改,当我设置 cookie 时,我使用此类;

    class CookieMonster
    {
        private $CookieKey = 'SecurePassword';

        public function SetCookie($Name, $Data, $Expire=31536000)
        {
            if($Data == '')
            {
                return FALSE;
            }

            if($Name == '')
            {
                return FALSE;
            }

            if($Key == '')
            {
                return FALSE;
            }

            return setcookie($Name, $this->Encrypt($Data, $this->CookieKey), $Expire);
        }

        public function DeleteCookie($Name)
        {   
            if(isset($_COOKIE[$Name]))
            {
                return setcookie($Name, '', 1);
            }
        }

        public function ReadCookie($Name)
        {
            if(isset($_COOKIE[$Name]))
            {
                return $this->Decrypt($_COOKIE[$Name], $this->CookieKey);
            }else{
                return FALSE;   
            }
        }

        public function Encrypt($Data, $Key)
        {
            return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, sha1($Key), $Data, MCRYPT_MODE_CBC, md5(sha1($Key))));
        }

        public function Decrypt($Data, $Key)
        {
            return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, sha1($Key), base64_decode($Data), MCRYPT_MODE_CBC, md5(sha1($Key))), "\0");
        }   
    }
于 2013-09-08T22:05:38.737 回答
0

您需要定义用户名包含的内容。否则它将为 NULL

 $username = $get_array['username']

假设 $userdata 不为空,因为否则永远不会执行 sql 查询

更新

调用 md5($username) 作为会话 id 是一个非常糟糕的主意,因为每次登录时这个 id 都是一样的,如果你知道用户名,你可以冒充另一个帐户

于 2013-09-05T10:11:12.633 回答
0

删除 . 周围的单引号$set_id_session。对于初学者来说,这是不必要的,因为它已经是一个字符串,但更重要的是,只有在使用双引号时才会对变量进行插值。

于 2013-09-05T10:11:17.583 回答