/** * Get value of HTTP cookie from the current HTTP request * * Return the value of a cookie from the current HTTP request, * or return NULL if cookie does not exist. Cookies created during * the current request will not be available until the next request. * * @param string $name * @return string|null */ public function getCookie($name, $deleteIfInvalid = true) { // Get cookie value $value = $this->request->cookies->get($name); // Decode if encrypted if ($this->config('cookies.encrypt')) { $value = \Slim\Http\Util::decodeSecureCookie($value, $this->config('cookies.secret_key'), $this->config('cookies.cipher'), $this->config('cookies.cipher_mode')); if ($value === false && $deleteIfInvalid) { $this->deleteCookie($name); } } return $value; }
/** * Test serializeCookies and decrypt with string expires * * In this test a cookie with a string typed value for 'expires' is set, * which should be parsed by `strtotime` to a timestamp when it's added to * the headers; this timestamp should then be correctly parsed, and the * value correctly decrypted, by `decodeSecureCookie`. */ public function testSerializeCookiesAndDecryptWithStringExpires() { $value = 'bar'; $headers = new \Slim\Http\Headers(); $settings = array('cookies.encrypt' => true, 'cookies.secret_key' => 'secret', 'cookies.cipher' => MCRYPT_RIJNDAEL_256, 'cookies.cipher_mode' => MCRYPT_MODE_CBC); $cookies = new \Slim\Http\Cookies(); $cookies->set('foo', array('value' => $value, 'expires' => '1 hour')); \Slim\Http\Util::serializeCookies($headers, $cookies, $settings); $encrypted = $headers->get('Set-Cookie'); $encrypted = strstr($encrypted, ';', true); $encrypted = urldecode(substr(strstr($encrypted, '='), 1)); $decrypted = \Slim\Http\Util::decodeSecureCookie($encrypted, $settings['cookies.secret_key'], $settings['cookies.cipher'], $settings['cookies.cipher_mode']); $this->assertEquals($value, $decrypted); $this->assertTrue($value !== $encrypted); }
/** * Get value of HTTP cookie from the current HTTP request * * Return the value of a cookie from the current HTTP request, * or return NULL if cookie does not exist. Cookies created during * the current request will not be available until the next request. * * @param string $name * @param bool $deleteIfInvalid * @return string|null */ public function getCookie($name, $deleteIfInvalid = true) { // Get cookie value $value = $this->request->cookies->get($name); // Decode if encrypted if ($this->config('cookies.encrypt')) { $value = \Slim\Http\Util::decodeSecureCookie($value, $this->config('cookies.secret_key'), $this->config('cookies.cipher'), $this->config('cookies.cipher_mode')); if ($value === false && $deleteIfInvalid) { $this->deleteCookie($name); } } /* * transform $value to @return doc requirement. * \Slim\Http\Util::decodeSecureCookie - is able * to return false and we have to cast it to null. */ return $value === false ? null : $value; }
/** * Get value of encrypted HTTP cookie * * Return the value of an encrypted cookie from the current HTTP request, * or return NULL if cookie does not exist. Encrypted cookies created during * the current request will not be available until the next request. * * @param string $name * @return string|false */ public function getEncryptedCookie($name, $deleteIfInvalid = true) { $value = \Slim\Http\Util::decodeSecureCookie($this->request->cookies($name), $this->config('cookies.secret_key'), $this->config('cookies.cipher'), $this->config('cookies.cipher_mode')); if ($value === false && $deleteIfInvalid) { $this->deleteCookie($name); } return $value; }
/** * Test encode/decode secure cookie with tampered data * * In this test, the encoded data is purposefully changed to simulate someone * tampering with the client-side cookie data. When decoding the encoded cookie value, * FALSE is returned since the verification key will not match. */ public function testEncodeAndDecodeSecureCookieWithTamperedData() { $value = 'foo'; $expires = time() + 86400; $secret = 'password'; $algorithm = MCRYPT_RIJNDAEL_256; $mode = MCRYPT_MODE_CBC; $encodedValue = \Slim\Http\Util::encodeSecureCookie($value, $expires, $secret, $algorithm, $mode); $encodedValueParts = explode('|', $encodedValue); $encodedValueParts[1] = $encodedValueParts[1] . 'changed'; $encodedValue = implode('|', $encodedValueParts); $decodedValue = \Slim\Http\Util::decodeSecureCookie($encodedValue, $secret, $algorithm, $mode); $this->assertFalse($decodedValue); }
/** * Load session */ protected function loadSession() { if (session_id() === '') { session_start(); } $value = \Slim\Http\Util::decodeSecureCookie($this->app->request()->cookies($this->settings['name']), $this->settings['secret'], $this->settings['cipher'], $this->settings['cipher_mode']); if ($value) { $_SESSION = unserialize($value); } else { $_SESSION = array(); } }