Cookies In A Nutshell

ziggs

Ok got a great shopping cart thing happening. Now got some great questions. 1. How do you retain information with sessions? I have read about 3 books on it and well...still confused. 🙂 I am a little slow. Does anyone have a way that they can log what prod_id's the user wants and have it match up to the db to get the price info? Or even keep the price info on the cookie or session file? 2. Cookies. I love to bake but cannot get the oven to work quite right. I have some code of::: <?php
$hello = "I am really starting to hate cookies";
$big = base64_encode($hello);
setcookie("$big",$hello1);
?>
So how do I set the cookie? I tried without the $ before hello1... did no good. Cookies are enabled on the machine so its all good there and cookies are able to be given out according to the host. So hmm...any ideas? Any help would be well appricated. Thanks to everyone! OPEN SOURCE FOR LIFE!
Ziggs

Anon

There is nothing wrong with your oven, just that you need to know how to bake the cookie.

The syntax for setting cookie for your code should be:

<?php
$hello = "I am really starting to hate cookies";
$big = base64_encode($hello);
setcookie("cookie",$big, time()+3600);
?>

The word "cookie" is the name for your cookie which value can be accessed by using either $cookie or $HTTP_COOKIE_VARS["cookie"] if register_globals is turned off.

$big and time()+3600 are self explanatory. =)

Hope this could help you!

scoppc

"May All Beings Live In Happiness"

ziggs

Oh so I had the flour and the sugar in the wrong places? Thanks! What about the other problem of the cart?
Ziggs

Anon

never, never, never put information in a cookie that you don't want your users to be able to modify. i have seen sites where a cookie is used to store a users user id number.... anyone can change the id in their cookie and take over another person's account! so do not store valuable data like prices in cookies.

everything you do store in a cookie should also have a check against it. i do it like so:

$secret_passwd = "open source 4 life";
$cookie_data = "flour and sugar";
$check_hash = md5($cookie_data . $secret_passwd);
setcookie("name", "$cookie_data::$check_hash", time()+1000);

now the data in the cookie looks like this:

"open source 4 life::tt45rc7rkx23d435$sd33rfkw89sred"

when you retreive the data later, you can check to see if it has been tampered with by re-hashing the stuff before the :: and seeing if it matches the stuff after the ::

list($message, $hash) = explode($cookie, "::");
if(md5($message . $secret_passwd) != $hash)
echo "don't mess with your cookies";

simple.

ziggs

yea thats what I will do. I am going to md5 it then check the md5 against the db. That is the password. It also has to go through a base64_encode process for the username. If anything doesn't match up then it will be thrown out. I also added blank variables and values. When the user signs up and inserts the password they want to use it will create a md5 and put in the db. Then it will take the username they want and place in a base64 scheme and place in db. Then in plaintext put in password and username. When they log in it will put what they put in as a md5 and base64 and match them up to the db. If they don't work out then its not going to work for them. The server will decrypt their username and password to make sure they are who they say they are. I am trying to get an example of how to use pack() to put as all binary. I think that would be pimped as hell. Have a bunch of 101's all over the cookie and completely confuse them. But I cannot find a real life example of how to use pack() and unpack() I looked at the manual. But their definition just confused me. SO if you really wanna help me out frymaster let me know how to use pack() and unpack() thanks!
Ziggs