PHP Classes

File: class_SafeCookie.php

Recommend this page to a friend!
  Classes of Ray Paseur   PHP Secure Cookie   class_SafeCookie.php   Download  
File: class_SafeCookie.php
Role: Class source
Content type: text/plain
Description: Class Source
Class: PHP Secure Cookie
Store cookies allowing to detect unwanted changes
Author: By
Last change: Added a setter method for the salt string
Date: 5 years ago
Size: 2,514 bytes
 

Contents

Class file image Download
<?php // classes/class_SafeCookie.php
/**
 * The Class file for the anti-tamper cookie
 */

class SafeCookie
{
    protected
$cookie_name, $expiry, $path;

    public function
set_salt(string $salt='NaCl') {
       
$this->salt = $salt;
    }

    public function
__construct(string $cookie_name='anonymous', bool $all_subdomains=TRUE) {
       
$this->cookie_name = $cookie_name;
       
$host = $_SERVER['HTTP_HOST'];

       
// Remove subdomain restrictions
       
if ($all_subdomains) {
            if (
substr_count($host, '.') > 1) {
               
$host = explode('.', $host);
                unset(
$host[0]);
               
$host = implode('.', $host);
            }
        }
       
$this->host = $host;

       
// A month into the future
       
$expiry = time() + 60*60*24*30;
       
$this->set_expiry($expiry);
       
$this->set_path();
    }

    public function
set_expiry(int $expiry) {
       
$this->expiry = $expiry;
    }

    public function
set_path(string $path=DIRECTORY_SEPARATOR) {
       
$this->path = $path;
    }

    protected function
nullify() {
       
setcookie($this->cookie_name, NULL, -100000);
    }

    public function
get() {
       
// If no cookie
       
if (!isset($_COOKIE[$this->cookie_name])) return FALSE;

       
// Break cookie value apart, check anti-tamper, nullify if tampered
       
$arr = explode('|', $_COOKIE[$this->cookie_name]);
        if (empty(
$arr[1]))
        {
           
$this->nullify();
            return
FALSE;
        }

       
// Check the salted md5() digest of the cookie
       
$new = md5($this->salt . $arr[0]);
        if (
$new != $arr[1])
        {
           
$this->nullify();
            return
FALSE;
        }

       
// If we get here, we have a "good" cookie
       
return $arr[0];
    }

    public function
set($val) {
       
// Salt the value and append the md5() string to the value
       
$salted_md5 = md5($this->salt . $val);
       
$cookie_value = $val . '|' . $salted_md5;

       
// http://php.net/manual/en/function.setcookie.php
       
setcookie
       
( $this->cookie_name // Cookie Name
       
, $cookie_value // Cookie Value
       
, $this->expiry // A time() in the future
       
, $this->path // Allow or restrict sub-directories
       
, $this->host // Host name, maybe with subdomain
       
, FALSE // OK to set on HTTP (not just HTTPS)
       
, TRUE // Restricted from Javascript
       
)
        ;
    }
}