private function setCookie($cookieString)
{
# The script can handle cookies following the Netscape specification
# (or close enough!) and supports "Max-Age" from RFC2109
# Split parts by ;
$cookieParts = explode(';', $cookieString);
# Process each line
foreach ($cookieParts as $part) {
# Split attribute/value pairs by =
$pair = explode('=', $part, 2);
# Ensure we have a second part
$pair[1] = isset($pair[1]) ? $pair[1] : '';
# First pair must be name/cookie value
if (!isset($cookieName)) {
# Name is first pair item, value is second
$cookieName = $pair[0];
$cookieValue = $pair[1];
# Skip rest of loop and start processing attributes
continue;
}
# If still here, must be an attribute (case-insensitive so lower it)
$pair[0] = strtolower($pair[0]);
# And save in array
if ($pair[1]) {
# We have a attribute/value pair so save as associative
$attr[ltrim($pair[0])] = $pair[1];
} else {
# Not a pair, just a value
$attr[] = $pair[0];
}
}
# All cookies need to be sent to this script (and then we choose
# the correct cookies to forward to the client) so the extra attributes
# (path, domain, etc.) must be stored in the cookie itself
# Cookies stored as c[domain.com][path][cookie_name] with values of
# cookie_value;secure;
# If encoded, cookie name becomes c[base64_encode(domain.com path cookie_name)]
# Find the EXPIRES date
if (isset($attr['expires'])) {
# From the "Expires" attribute (original Netscape spec)
$expires = strtotime($attr['expires']);
} else {
if (isset($attr['max-age'])) {
# From the "Max-Age" attribute (RFC2109)
$expires = $_SERVER['REQUEST_TIME'] + $attr['max-age'];
} else {
# Default to temp cookies
$expires = 0;
}
}
# If temp cookies, override expiry date to end of session unless time
# is in the past since that means the cookie should be deleted
if ($this->browsingOptions['tempCookies'] && $expires > $_SERVER['REQUEST_TIME']) {
$expires = 0;
}
# Find the PATH. The spec says if none found, default to the current path.
# Certain browsers default to the the root path so we'll do the same.
if (!isset($attr['path'])) {
$attr['path'] = '/';
}
# Were we sent a DOMAIN?
if (isset($attr['domain'])) {
# Ensure it's valid and we can accept this cookie
if (stripos($attr['domain'], $this->URL['domain']) === false) {
# Our current domain does not match the specified domain
# so we reject the cookie
return;
}
# Some cookies will be sent with the domain starting with . as per RFC2109
# The . then has to be stripped off by us when doing the tail match to determine
# which cookies to send since ".glype.com" should match "glype.com". It's more
# efficient to do any manipulations while forwarding cookies than on every request
if ($attr['domain'][0] == '.') {
$attr['domain'] = substr($attr['domain'], 1);
}
} else {
# No domain sent so use current domain
$attr['domain'] = $this->URL['domain'];
}
# Check for SECURE cookie
$sentSecure = in_array('secure', $attr);
# Append "[SEC]" to cookie value if we should only forward to secure connections
if ($sentSecure) {
$cookieValue .= '!SEC';
}
# If we're on HTTPS, we can also send this cookie back as secure
$secure = HTTPS && $sentSecure;
# If the PHP version is recent enough, we can also forward the httponly flag
$httponly = in_array('httponly', $attr) && version_compare(PHP_VERSION, '5.2.0', '>=') ? true : false;
# Prepare cookie name/value to save as
$name = COOKIE_PREFIX . '[' . $attr['domain'] . '][' . $attr['path'] . '][' . inputEncode($cookieName) . ']';
$value = $cookieValue;
# Add encodings
if ($this->forwardCookies == 'encode') {
$name = COOKIE_PREFIX . '[' . urlencode(base64_encode($attr['domain'] . ' ' . $attr['path'] . ' ' . urlencode($cookieName))) . ']';
$value = base64_encode($value);
}
# Send cookie ...
if ($httponly) {
# ... with httponly flag
setcookie($name, $value, $expires, '/', '', $secure, true);
} else {
# ... without httponly flag
setcookie($name, $value, $expires, '/', '', $secure);
}
# And log if in debug mode
if (DEBUG_MODE) {
$this->cookiesReceived[] = array('name' => $cookieName, 'value' => $cookieValue, 'attributes' => $attr);
}
}
function html_inputName($input)
{
return 'name=' . $input[1] . inputEncode($input[2]) . $input[1];
}
