<?php // classes/class_SafeCookie.php
/**
* The Class file for the anti-tamper cookie
*/
class SafeCookie
{
protected $cookie_name, $expiry, $path;
public function set_salt(string $salt='NaCl') {
$this->salt = $salt;
}
public function __construct(string $cookie_name='anonymous', bool $all_subdomains=TRUE) {
$this->cookie_name = $cookie_name;
$host = $_SERVER['HTTP_HOST'];
// Remove subdomain restrictions
if ($all_subdomains) {
if (substr_count($host, '.') > 1) {
$host = explode('.', $host);
unset($host[0]);
$host = implode('.', $host);
}
}
$this->host = $host;
// A month into the future
$expiry = time() + 60*60*24*30;
$this->set_expiry($expiry);
$this->set_path();
}
public function set_expiry(int $expiry) {
$this->expiry = $expiry;
}
public function set_path(string $path=DIRECTORY_SEPARATOR) {
$this->path = $path;
}
protected function nullify() {
setcookie($this->cookie_name, NULL, -100000);
}
public function get() {
// If no cookie
if (!isset($_COOKIE[$this->cookie_name])) return FALSE;
// Break cookie value apart, check anti-tamper, nullify if tampered
$arr = explode('|', $_COOKIE[$this->cookie_name]);
if (empty($arr[1]))
{
$this->nullify();
return FALSE;
}
// Check the salted md5() digest of the cookie
$new = md5($this->salt . $arr[0]);
if ($new != $arr[1])
{
$this->nullify();
return FALSE;
}
// If we get here, we have a "good" cookie
return $arr[0];
}
public function set($val) {
// Salt the value and append the md5() string to the value
$salted_md5 = md5($this->salt . $val);
$cookie_value = $val . '|' . $salted_md5;
// http://php.net/manual/en/function.setcookie.php
setcookie
( $this->cookie_name // Cookie Name
, $cookie_value // Cookie Value
, $this->expiry // A time() in the future
, $this->path // Allow or restrict sub-directories
, $this->host // Host name, maybe with subdomain
, FALSE // OK to set on HTTP (not just HTTPS)
, TRUE // Restricted from Javascript
)
;
}
}
|