Advanced Search

PHP Session class with encrypted cookies

/ Published in: PHP
Save to your folder(s)
I’ve made this class that can use normal session variables, or cookies. This class can use cookies in two ways: store a single variable in each cookie, or pack many variables, encrypt, and store them into cookies.

Now I always use this class when I have to use session/cookies and when I know that I have not to put too many bytes in cookies (since cookie size is limited).

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. <?php
  2. /////////////////////////////////////////////////////
  3. // this class was build
  4. // to handle session with cookie or not
  5. // if you choose "zipcook" value the cookies
  6. // are crypted and packed to hide data to malicious 
  7. // users.
  8. //
  9. // $use_cookie parameter values:
  10. // no --------> use session
  11. // yes -------> use cookie, one cookie for each variable
  12. // zipcook ---> encrypted cookies
  13. //
  14. // by Giulio Pons, http://www.barattalo.it
  15. //
  16. /////////////////////////////////////////////////////
  17.  
  18. class Session
  19. {
  20. 	private $use_cookie;
  21. 	private $preStr;
  22. 	private $maxCookie;
  23. 	private $cookieLenght;
  24. 	private $stringone;
  25. 	private $duratacookie;
  26. 	private $secret;
  27.  
  28. 	public function __construct ($cook = "zipcook") {
  29.  
  30. 		$this->use_cookie = $cook;	//choose mode
  31. 		$this->preStr= "_KK_";		//prefix for cookies
  32. 		$this->maxCookie=20;		//since cookie lenght is limited, I've limited the number of cookies
  33. 		$this->cookieLenght=3096;	//max cookie length (it depends on browser)
  34. 		$this->duratacookie=3600*24;//cookie life time
  35. 		$this->secred="secret";		//secret keyword to crypt/decrypt, change this to customize encryption
  36. 		if ($this->use_cookie=="yes") {
  37. 		} elseif ($this->use_cookie=="zipcook") {
  38. 			$this->stringone = $this->prelevaStringaTotale();
  39. 		} else {
  40. 			ini_set("session.gc_maxlifetime","432000");
  41. 			ini_set("url_rewriter.tags","");
  42. 			ini_set("session.use_trans_sid", false);
  43. 			session_start();
  44. 		}
  45. 	}
  46.  
  47. 	/* ------------------------------------------- */
  48. 	/* pack variables for parse_str                */
  49. 	/* ------------------------------------------- */
  50. 	private function build_str($ar) {
  51. 		$qs = array();
  52. 		foreach ($ar as $k => $v) { $qs[] = $k.'='.$v; }
  53. 		return join('&', $qs);
  54. 	}
  55.  
  56. 	/* ------------------------------------------- */
  57. 	/* get the list of variables from the crypted  */
  58. 	/* cookies                                     */
  59. 	/* ------------------------------------------- */
  60. 	private function prelevaStringaTotale() {
  61. 		$cookiesSet = array_keys($_COOKIE);
  62. 		$out = "";
  63. 		for ($x=0;$x<count($cookiesSet);$x++) {
  64. 			if (strpos(" ".$cookiesSet[$x],$this->preStr)==1)
  65. 				$out.=$_COOKIE[$cookiesSet[$x]];
  66. 		}
  67. 		return $this->decrypta($out);
  68. 	}
  69.  
  70. 	public function debug() {
  71. 		// for debug
  72. 		return $this->prelevaStringaTotale();
  73. 	}
  74.  
  75. 	/* ------------------------------------------- */
  76. 	/* determine available cookies                 */
  77. 	/* ------------------------------------------- */
  78. 	private function calcolaCookieLiberi() {
  79. 		$cookiesSet = array_keys($_COOKIE);
  80. 		$c=0;
  81. 		for ($x=0;$x<count($cookiesSet);$x++) {
  82. 			if (strpos(" ".$cookiesSet[$x],$this->preStr)==1)
  83. 				$c+=1;
  84. 		}
  85. 		return $this->maxCookie - count($cookiesSet) + $c;
  86. 	}
  87.  
  88. 	/* ------------------------------------------- */
  89. 	/* split the string in blocks to store cookies */
  90. 	/* ------------------------------------------- */
  91. 	private function my_str_split($s,$len) {
  92. 		$output = array();
  93. 		if (strlen($s)<=$len) {
  94. 			$output[0] = $s;
  95. 			return $output;
  96. 		}
  97. 		$i = 0;
  98. 		while (strlen($s)>0) {
  99. 			$s = substr($s,0,$len);
  100. 			$output[$i]=$s;
  101. 			$s = substr($s,$len);
  102. 			$i++;
  103. 		}
  104. 		return $output;
  105. 	}
  106.  
  107. 	/* ------------------------------------------- */
  108. 	/* save vars in cookies or session             */
  109. 	/* ------------------------------------------- */
  110. 	public function register($var,$value) {
  111. 		$this->set($var,$value);
  112. 	}
  113. 	public function set($var,$value) {
  114. 		if ($this->use_cookie=="yes") {
  115. 			setcookie($var,$this->crypta($value),time()+$this->duratacookie,"/", $_SERVER['HTTP_HOST'] );
  116. 		} elseif ($this->use_cookie=="zipcook") {
  117. 			if ($this->stringone!="") {
  118. 				parse_str($this->stringone, $vars);
  119. 			} else {
  120. 				$vars=array();
  121. 			}
  122. 			$vars[$var] = $value;	//aggiungo-modifico valore
  123. 			$str = $this->crypta($this->build_str($vars));
  124. 			$arr = $this->my_str_split($str,$this->cookieLenght);
  125. 			$cLiberi = $this->calcolaCookieLiberi();
  126. 			if (count($arr) < $cLiberi) {
  127. 				// c'ho spazio, posso registrare
  128. 				$this->stringone = $this->build_str($vars);
  129. 				for ($i=0;$i<count($arr);$i++) {
  130. 					setcookie($this->preStr.$i,$arr[$i],time()+$this->duratacookie,"/", $_SERVER['HTTP_HOST'] );
  131. 				}
  132. 			} else {
  133. 				//cookie overflow
  134. 				return "errore cookie overflow";
  135. 			}
  136. 		} else {
  137. 			session_register($var);
  138. 		}
  139. 	}
  140.  
  141. 	/* ------------------------------------------- */
  142. 	/* get variables back from cookies crypted or  */
  143. 	/* not, or directly from session               */
  144. 	/* ------------------------------------------- */
  145. 	public function get($var) {
  146. 		if ($this->use_cookie=="yes") {
  147. 			global $_COOKIE;
  148. 			return $this->decrypta($_COOKIE[$var]);
  149. 		} elseif ($this->use_cookie=="zipcook") {
  150. 			if ($this->stringone!="") {
  151. 				parse_str($this->stringone, $vars);
  152. 			} else {
  153. 				return "";
  154. 			}
  155. 			if(!isset($vars[$var])) {
  156. 				return "";
  157. 			}
  158. 			return $vars[$var];
  159. 		} else {
  160. 			if ($this->is_registered($var)) {
  161. 				$this->$var=$GLOBALS[$var];
  162. 			}
  163. 			else
  164. 				if(isset($GLOBALS[$var]))
  165. 					$this->$var = $GLOBALS[$var];
  166. 				else
  167. 						$this->$var="";
  168. 			return($this->$var);
  169. 		}
  170. 	}
  171.  
  172. 	/* ------------------------------------------- */
  173. 	/* empty session or cookis                     */
  174. 	/* ------------------------------------------- */
  175. 	public function finish() {
  176. 		if ($this->use_cookie=="yes") {
  177. 			$cookiesSet = array_keys($_COOKIE);
  178. 			for ($x=0;$x<count($cookiesSet);$x++) {
  179. 				//echo $cookiesSet[$x]."<br/>";
  180. 				setcookie($cookiesSet[$x],"",time()-3600*24,"/", $_SERVER['HTTP_HOST'] );	//faccio scadere il cookie
  181. 			}
  182.  
  183. 		} elseif ($this->use_cookie=="zipcook") {
  184. 			$cookiesSet = array_keys($_COOKIE);
  185. 			for ($x=0;$x<count($cookiesSet);$x++) {
  186. 				if (strpos(" ".$cookiesSet[$x],$this->preStr)==1)
  187. 					setcookie($cookiesSet[$x],"",time()-3600*24,"/",$_SERVER['HTTP_HOST']);
  188. 				$this->stringone="";
  189. 			}
  190. 		} else {
  191. 			session_destroy();
  192. 			$_SESSION = array();
  193. 		}
  194. 	}
  195.  
  196. 	/* crypt */
  197. 	private function crypta($t){
  198. 		if ($t=="") return $t;
  199. 		$r = md5(10); $c=0; $v="";
  200. 		for ($i=0;$i<strlen($t);$i++){
  201. 			if ($c==strlen($r)) $c=0;
  202. 			$v.= substr($r,$c,1) . (substr($t,$i,1) ^ substr($r,$c,1));
  203. 			$c++;
  204. 		}
  205. 		return (base64_encode($this->ed($v)));
  206. 	}
  207. 	/* decrypt */
  208. 	private function decrypta($t) {
  209. 		if ($t=="") return $t;
  210. 		$t = $this->ed(base64_decode(($t)));
  211. 		$v = "";
  212. 		for ($i=0;$i<strlen($t);$i++){
  213. 			$md5 = substr($t,$i,1);
  214. 			$i++;
  215. 			$v.= (substr($t,$i,1) ^ $md5);
  216. 		}
  217. 		return $v;
  218. 	}
  219.  
  220. 	/* used to crypt/decrypt */
  221. 	private function ed($t) {
  222. 		$r = md5($this->secret); $c=0; $v="";
  223. 		for ($i=0;$i<strlen($t);$i++) {
  224. 			if ($c==strlen($r)) $c=0;
  225. 			$v.= substr($t,$i,1) ^ substr($r,$c,1);
  226. 			$c++;
  227. 		}
  228. 		return $v;
  229. 	}
  230.  
  231.  
  232. }
  233. ?>

URL: http://www.barattalo.it/2009/12/21/php-session-class-with-crypted-cookies/

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.