preg_match('#;\\s*(secure\\b)#i', $cookie, $match) && (list(, $secure) = $match); $expires_time = empty($expires) ? 0 : intval(@strtotime($expires)); $expires = $_flags['session_cookies'] && !empty($expires) && time() - $expires_time < 0 ? '' : $expires; $path = empty($path) ? '/' : $path; if (empty($domain)) { $domain = $_url_parts['host']; } else { $domain = '.' . strtolower(str_replace('..', '.', trim($domain, '.'))); if (!preg_match('#\\Q' . $domain . '\\E$#i', $_url_parts['host']) && $domain != '.' . $_url_parts['host'] || substr_count($domain, '.') < 2 && $domain[0] == '.') { continue; } } if (count($_COOKIE) >= 15 && time() - $expires_time <= 0) { $_set_cookie[] = add_cookie(current($_COOKIE), '', 1); } $_set_cookie[] = add_cookie("COOKIE;{$name};{$path};{$domain}", "{$value};{$secure}", $expires_time); } } if (isset($_response_headers['set-cookie'])) { unset($_response_headers['set-cookie'], $_response_keys['set-cookie']); } if (!empty($_set_cookie)) { $_response_keys['set-cookie'] = 'Set-Cookie'; $_response_headers['set-cookie'] = $_set_cookie; } if (isset($_response_headers['p3p']) && preg_match('#policyref\\s*=\\s*[\'"]?([^\'"\\s]*)[\'"]?#i', $_response_headers['p3p'][0], $matches)) { $_response_headers['p3p'][0] = str_replace($matches[0], 'policyref="' . complete_url($matches[1]) . '"', $_response_headers['p3p'][0]); } if (isset($_response_headers['refresh']) && preg_match('#([0-9\\s]*;\\s*URL\\s*=)\\s*(\\S*)#i', $_response_headers['refresh'][0], $matches)) { $_response_headers['refresh'][0] = $matches[1] . complete_url($matches[2]); }
function create_user_cookie($user_id) { global $conn; $cookie_password = bin2hex(openssl_random_pseudo_bytes(32)); $cookie_hash = password_hash($cookie_password, PASSWORD_BCRYPT); $conn->query("INSERT INTO ids(table_name) VALUES('cookies')"); $cookie_id = $conn->insert_id; $time = round(microtime(true) * 1000); // in milliseconds $conn->query("INSERT INTO cookies(id, hash, user, creation_time, last_update) " . "VALUES ({$cookie_id}, '{$cookie_hash}', {$user_id}, {$time}, {$time})"); add_cookie('user', "{$cookie_id}:{$cookie_password}", $time); // We can kill the anonymous cookie now // We want to do this regardless of get_anonymous_cookie since that function can // return null when there is a cookie on the client delete_cookie('anonymous'); list($anonymous_cookie_id, $_) = get_anonymous_cookie(); if (!$anonymous_cookie_id) { return; } // Now we will move the anonymous cookie's memberships to the logged in user // MySQL can't handle constraint violations on UPDATE, so need to pull all the // membership rows to PHP, delete them, and then recreate them :( $result = $conn->query("SELECT calendar, creation_time, last_view, role, subscribed FROM roles " . "WHERE user = {$anonymous_cookie_id}"); $new_rows = array(); while ($row = $result->fetch_assoc()) { $new_rows[] = "(" . implode(", ", array($row['calendar'], $user_id, $row['creation_time'], $row['last_view'], $row['role'], $row['subscribed'])) . ")"; } if ($new_rows) { $conn->query("INSERT INTO roles(calendar, user, " . "creation_time, last_view, role, subscribed) " . "VALUES " . implode(', ', $new_rows) . " " . "ON DUPLICATE KEY UPDATE " . "creation_time = LEAST(VALUES(creation_time), creation_time), " . "last_view = GREATEST(VALUES(last_view), last_view), " . "role = GREATEST(VALUES(role), role), " . "subscribed = GREATEST(VALUES(subscribed), subscribed)"); $conn->query("DELETE FROM roles WHERE user = {$anonymous_cookie_id}"); } $conn->query("DELETE c, i FROM cookies c LEFT JOIN ids i ON i.id = c.id " . "WHERE c.id = {$anonymous_cookie_id}"); }