1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
<?php defined('SYSPATH') OR die('No direct access allowed.');
/**
* Cookie helper class.
*
* @package Kohana
* @author Kohana Team
* @copyright (c) 2007-2009 Kohana Team
* @license http://kohanaphp.com/license
*/
class cookie_Core {
/**
* Sets a cookie with the given parameters.
*
* @param string cookie name or array of config options
* @param string cookie value
* @param integer number of seconds before the cookie expires
* @param string URL path to allow
* @param string URL domain to allow
* @param boolean HTTPS only
* @param boolean HTTP only (requires PHP 5.2 or higher)
* @return boolean
*/
public static function set($name, $value = NULL, $expire = NULL, $path = NULL, $domain = NULL, $secure = NULL, $httponly = NULL)
{
if (headers_sent())
return FALSE;
// If the name param is an array, we import it
is_array($name) and extract($name, EXTR_OVERWRITE);
// Fetch default options
$config = Kohana::config('cookie');
foreach (array('value', 'expire', 'domain', 'path', 'secure', 'httponly') as $item)
{
if ($$item === NULL AND isset($config[$item]))
{
$$item = $config[$item];
}
}
if ($expire !== 0)
{
// The expiration is expected to be a UNIX timestamp
$expire += time();
}
$value = cookie::salt($name, $value).'~'.$value;
return setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
}
/**
* Fetch a cookie value, using the Input library.
*
* @param string cookie name
* @param mixed default value
* @param boolean use XSS cleaning on the value
* @return string
*/
public static function get($name = NULL, $default = NULL, $xss_clean = FALSE)
{
// Return an array of all the cookies if we don't have a name
if ($name === NULL)
{
$cookies = array();
foreach($_COOKIE AS $key => $value)
{
$cookies[$key] = cookie::get($key, $default, $xss_clean);
}
return $cookies;
}
if ( ! isset($_COOKIE[$name]))
{
return $default;
}
// Get the cookie value
$cookie = $_COOKIE[$name];
// Find the position of the split between salt and contents
$split = strlen(cookie::salt($name, NULL));
if (isset($cookie[$split]) AND $cookie[$split] === '~')
{
// Separate the salt and the value
list ($hash, $value) = explode('~', $cookie, 2);
if (cookie::salt($name, $value) === $hash)
{
if ($xss_clean === TRUE AND Kohana::config('core.global_xss_filtering') === FALSE)
{
return Input::instance()->xss_clean($value);
}
// Cookie signature is valid
return $value;
}
// The cookie signature is invalid, delete it
cookie::delete($name);
}
return $default;
}
/**
* Nullify and unset a cookie.
*
* @param string cookie name
* @param string URL path
* @param string URL domain
* @return boolean
*/
public static function delete($name, $path = NULL, $domain = NULL)
{
// Delete the cookie from globals
unset($_COOKIE[$name]);
// Sets the cookie value to an empty string, and the expiration to 24 hours ago
return cookie::set($name, '', -86400, $path, $domain, FALSE, FALSE);
}
/**
* Generates a salt string for a cookie based on the name and value.
*
* @param string $name name of cookie
* @param string $value value of cookie
* @return string sha1 hash
*/
public static function salt($name, $value)
{
// Determine the user agent
$agent = isset($_SERVER['HTTP_USER_AGENT']) ? strtolower($_SERVER['HTTP_USER_AGENT']) : 'unknown';
// Cookie salt.
$salt = Kohana::config('cookie.salt');
return sha1($agent.$name.$value.$salt);
}
final private function __construct()
{
// Static class.
}
} // End cookie
|
