我的Cookie设置有问题这是代码行:
if(!empty($userdata)) {
$qry = mysql_query("SELECT * FROM st_user WHERE oid = '$uid'");
$get_array = mysql_fetch_array($qry);
$set_id_session = md5($username);
//And then set cookies
setcookie('FBSESSID', '$set_id_session', time()+86400, '/', '.setujuh.com'); //Cookie set at this line
$do_sess = $_COOKIE['FBSESSID'];
echo $_COOKIE['FBSESSID'];
print_r($_COOKIE);
$date = date('Y-m-d h:i:s');
mysql_query ("UPDATE st_user SET fb_sess_id = '$do_sess', lastvisitDate = '$date' WHERE oid = '$uid'");
}
我的问题是为什么我尝试调用时没有设置Cookie?
答案 0 :(得分:0)
您需要定义用户名包含的内容。否则它将为NULL
$username = $get_array['username']
假设$ userdata不为空,否则将永远不会执行sql查询
<强>更新强>
将md5($ username)作为会话ID调用是一个非常糟糕的主意,因为每次登录时此ID都是相同的,如果您知道用户名,则可以冒充其他帐户
答案 1 :(得分:0)
删除$set_id_session
周围的单引号。对于初学者来说这是不必要的,因为它已经是一个字符串,但更重要的是,如果你使用双引号,变量只会被插值。
答案 2 :(得分:0)
前段时间我选择了一个安全的随机生成器,它应该是您的cookie验证令牌(会话ID)的完美选择;
function TokenGenerator($Length)
{
$CharPool = '0123456789';
$CharPool .= 'abcdefghijklmnopqrstuvwxyz';
$CharPool .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$RandomNumber = function($Minimum, $Maximum)
{
# Find the range of the maximum and minimum allowed output
$Range = $Maximum - $Minimum;
# If the range is less than 0 forget the rest and return the minimum allowed number as a 'random' bit
if($Range < 0)
{
return $Minimum;
}
# Calculate the logarithm for $Range variable
$Logarithm = (int) log($Range, 2)+1;
$ByteLength = (int) ($Logarithm-1/8)+1;
$BitF = (int) (1 << $Logarithm)-1;
do
{
# Get some random binary bytes
$RndBinBytes = openssl_random_pseudo_bytes($ByteLength);
# Converts the binary to hexadecimal
$HexBytes = bin2hex($RndBinBytes);
# Convert the hexadecimal bytes to decimal
$Random = hexdec($HexBytes);
# Use the AND operator to discard the unneeded bits
$Random = $Random & $BitF;
}
while($Random >= $Range);
# Return the random number found by the sub function to the main function
return $Minimum + $Random;
};
# Initialise the RandChars variable
$RandChars = '';
$LengthOfPool = strlen($CharPool);
for ($Counter = 0; $Counter < $Length; $Counter +=1)
{
$RandNum = $RandomNumber(0, $LengthOfPool);
# Pick from the pool of chars
$RandChar = $CharPool[$RandNum];
# Append the random char to the token to be returned at the end
$RandChars .= $RandChar;
}
return $RandChars;
}
要为您的Cookie计划添加另一层安全性,您可以加密Cookie的内容,以确保cookie首先不被篡改,当我设置Cookie时,我使用此类;
class CookieMonster
{
private $CookieKey = 'SecurePassword';
public function SetCookie($Name, $Data, $Expire=31536000)
{
if($Data == '')
{
return FALSE;
}
if($Name == '')
{
return FALSE;
}
if($Key == '')
{
return FALSE;
}
return setcookie($Name, $this->Encrypt($Data, $this->CookieKey), $Expire);
}
public function DeleteCookie($Name)
{
if(isset($_COOKIE[$Name]))
{
return setcookie($Name, '', 1);
}
}
public function ReadCookie($Name)
{
if(isset($_COOKIE[$Name]))
{
return $this->Decrypt($_COOKIE[$Name], $this->CookieKey);
}else{
return FALSE;
}
}
public function Encrypt($Data, $Key)
{
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, sha1($Key), $Data, MCRYPT_MODE_CBC, md5(sha1($Key))));
}
public function Decrypt($Data, $Key)
{
return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, sha1($Key), base64_decode($Data), MCRYPT_MODE_CBC, md5(sha1($Key))), "\0");
}
}