1

Topic: Cookie values

Am I correct in the assumption that when logged in, the cookie stores the uid and password, but when browsing as guest it just stores the uid of guest, or am I way off the mark again? big_smile I'm now getting onto the point of the actual question. big_smile Is there any way to store the group_id in the cookie and keep it intact whether the user is browsing as guest or logged in?


Cheers,

Matt

2 (edited by MattF 2007-11-17 11:16)

Re: Cookie values

Think I may have figured this one. smile Just wanting to check on a couple of points, however. Firstly, will calling this each time from header.php lead to performance/load problems at all? Is there a better way to do it? The cookie settings don't appear to be available from within header.php by default, or have I missed something?

if ($pun_user['is_guest'] && isset($_COOKIE[$cookie_name]))
{
     list(, , $header['group_id']) = @unserialize($_COOKIE[$cookie_name]);
}

Also could I just check that I haven't cocked anything up with these changes. smile These are all the instances I've changed with regards to the cookie settings:

include/functions.php:  $cookie = array('user_id' => 1, 'password_hash' => 'Guest', 'group_id' => '3');
include/functions.php:          list($cookie['user_id'], $cookie['password_hash'], $cookie['group_id']) = @unserialize($_COOKIE[$cookie_name]);
include/functions.php:                  pun_setcookie(0, random_pass(8), 3, $expire);
include/functions.php:function pun_setcookie($user_id, $password_hash, $group_id, $expire)
include/functions.php:          setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash), $group_id)), $expire, $cookie_path, $cookie_domain, $cookie_secure, true);
include/functions.php:          setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash), $group_id)), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure);

login.php:      pun_setcookie($user_id, $form_password_hash, $group_id, $expire);
login.php:      pun_setcookie(1, random_pass(8), $pun_user['g_id'], time() + 31536000);

profile.php:    pun_setcookie($pun_user['id'], $new_password_hash, $pun_user['g_id'], $expire);
profile.php:    pun_setcookie($id, $db->result($result), $pun_user['g_id'], ($form['save_pass'] == '1') ? time() + 31536000 : 0);

register.php:   pun_setcookie($new_uid, $password_hash, $initial_group_id, ($save_pass != '0') ? $now + 31536000 : 0);

Btw, just on a slight sidetrack, is there any reason other than a propogated mis-spell that $initial_group_id is actually set as $intial_group_id, originally? big_smile


Thanks again,

Matt

Re: Cookie values

Why not just use $pun_user['g_id']?

4

Re: Cookie values

That var isn't available unless they're logged in, is it?

Re: Cookie values

No, it's always available.

6

Re: Cookie values

But is not the group_id that of the guest group, (3), once they log out? I initially tried it using $pun_user['g_id'] and once logged out, they never triggered the scripts gid check.

7

Re: Cookie values

Smartys wrote:

No, it's always available.

You had me worried there for awhile. I thought I'd overlooked something blindingly obvious, (again), big_smile and done all that alteration for nowt.

Had a look at my first post and realised it was a tad scant on description. The reason for this is so that I can track the users actual group rather than just pulling the guest gid if they're not logged in, so that a script can do it's work regardless of their online status. big_smile Double checked the pun_user gid just to be certain. big_smile Is the cookie, therefore, the best way to achieve that end? It seems to be working fine on test, but obviously, if there's a better method I've overlooked. smile Btw, none of those cookie alterations will have a detrimental effect on anything will they, if that is the only method?


Thanks once again. smile

Matt

Re: Cookie values

I'm confused, if someone logs out how can you track them? The cookie is set back to the guest cookie.
And why would you want to? Since anyone could put any ID there and you would have no way to authenticate it, what would you use it for?

9

Re: Cookie values

Smartys wrote:

I'm confused, if someone logs out how can you track them? The cookie is set back to the guest cookie.
And why would you want to? Since anyone could put any ID there and you would have no way to authenticate it, what would you use it for?

It's not for tracking per se, more for annoying. big_smile I've altered the set_cookie function to add the users group when the cookie is created, as in that modified code I posted above. It's to work in conjunction with a script which literally screws up their forum browsing, (for wont of a better description), in a random'ish fashion. Which is why I wanted the consistency whether they are logged in or not. I would prefer for the penny not to drop, if possible.

And why, might you ask? big_smile It's an alternative to outright banning. It's intended to keep their account active so they can still log in and do everything else, but to just annoy the hell out of them through induced time lags, redirections, blank pages and error pages. It's for those special cases where the user would merely create another account if they were banned, so rather than doing a daily/weekly/fortnightly banning session on them when they see fit to have another trolling session, it's to try and deter them from coming online by more subtle means. Sad, I know, but what can I say? big_smile

Re: Cookie values

Annoy the hell out of unwanted visitors? I like it smile

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: Cookie values

Oh, like the Miserable Users mod?
http://www.vbulletin.org/forum/showthread.php?t=121886
Good idea tongue

12

Re: Cookie values

Glad to see I'm not the only one with a warped sense of humour. big_smile

It was that miserable users mod for VB which set me off on the idea. big_smile

13

Re: Cookie values

Here's the code, (kept as basic as humanly possible), big_smile for it.

The first file, include/annoy_arrays.php

<?php

// Get a random number to decide what we are going to do

$randnum = rand(1, 30);


// Get delay time for page loads/redirects

$delay = rand(1, 30);


// Redirect to another page/site settings

$rdirtrue = array(8, 13, 15);

$rdirnum = rand(1, 3);

$rdir_array = array();
$rdir_array[1] = 'help.php';
$rdir_array[2] = 'index.php';
$rdir_array[3] = 'forums.php';


// Error settings

$errortrue = array(1, 6, 23);


// Blank page settings

$blanktrue = array(2, 11, 19, 26);


// Generic load delay setting

$delaytrue = array(9, 16, 27);

?>

The second file, annoy.php

<?php

define('PUN_ROOT', './');
include PUN_ROOT.'include/annoy_arrays.php';

if (in_array($randnum, $rdirtrue))
{
        sleep($delay);
        header("Location: $rdir_array[$rdirnum]");
}
else if (in_array($randnum, $errortrue))
{
        sleep($delay);
?>
<style type="text/css">
.middle {
    text-align: center;
}
</style>
</head>
<body>
<div class="block">
        <h2><span>Error</span></h2>
        <div class="box">
                <div class="inbox">
                <p class="middle"><b>Page not found</b></p>
                </div>
        </div>
</div>
</body>
</html>
<?php
    exit;
}
else if (in_array($randnum, $blanktrue))
{
?>
</head>
<body>
<div class="clearer"></div>
</body>
</html>
<?php
    exit;
}
else if (in_array($randnum, $delaytrue))
{
        sleep($delay);
}

?>

The code to be inserted in header.php if the cookie alterations above are used:

// Which group id's will have the annoy script called

$annoy_array = array(6);

if ($pun_user['is_guest'] && isset($_COOKIE[$cookie_name]))
{
        list(, , $header['group_id']) = @unserialize($_COOKIE[$cookie_name]);
}

if (isset($annoy_array) && (in_array($pun_user['g_id'], $annoy_array) || in_array(intval($header['group_id']), $annoy_array)))
{
        require_once PUN_ROOT.'annoy.php';
}

The code to be inserted in header.php without the cookie alterations above:

// Which group id's will have the annoy script called

$annoy_array = array(6);

if (isset($annoy_array) && in_array($pun_user['g_id'], $annoy_array))
{
    require_once PUN_ROOT.'annoy.php';
}