preg_match('#;\\s*(secure\\b)#i', $cookie, $match) && (list(, $secure) = $match);
$expires_time = empty($expires) ? 0 : intval(@strtotime($expires));
$expires = $_flags['session_cookies'] && !empty($expires) && time() - $expires_time < 0 ? '' : $expires;
$path = empty($path) ? '/' : $path;
if (empty($domain)) {
$domain = $_url_parts['host'];
} else {
$domain = '.' . strtolower(str_replace('..', '.', trim($domain, '.')));
if (!preg_match('#\\Q' . $domain . '\\E$#i', $_url_parts['host']) && $domain != '.' . $_url_parts['host'] || substr_count($domain, '.') < 2 && $domain[0] == '.') {
continue;
}
}
if (count($_COOKIE) >= 15 && time() - $expires_time <= 0) {
$_set_cookie[] = add_cookie(current($_COOKIE), '', 1);
}
$_set_cookie[] = add_cookie("COOKIE;{$name};{$path};{$domain}", "{$value};{$secure}", $expires_time);
}
}
if (isset($_response_headers['set-cookie'])) {
unset($_response_headers['set-cookie'], $_response_keys['set-cookie']);
}
if (!empty($_set_cookie)) {
$_response_keys['set-cookie'] = 'Set-Cookie';
$_response_headers['set-cookie'] = $_set_cookie;
}
if (isset($_response_headers['p3p']) && preg_match('#policyref\\s*=\\s*[\'"]?([^\'"\\s]*)[\'"]?#i', $_response_headers['p3p'][0], $matches)) {
$_response_headers['p3p'][0] = str_replace($matches[0], 'policyref="' . complete_url($matches[1]) . '"', $_response_headers['p3p'][0]);
}
if (isset($_response_headers['refresh']) && preg_match('#([0-9\\s]*;\\s*URL\\s*=)\\s*(\\S*)#i', $_response_headers['refresh'][0], $matches)) {
$_response_headers['refresh'][0] = $matches[1] . complete_url($matches[2]);
}
function create_user_cookie($user_id)
{
global $conn;
$cookie_password = bin2hex(openssl_random_pseudo_bytes(32));
$cookie_hash = password_hash($cookie_password, PASSWORD_BCRYPT);
$conn->query("INSERT INTO ids(table_name) VALUES('cookies')");
$cookie_id = $conn->insert_id;
$time = round(microtime(true) * 1000);
// in milliseconds
$conn->query("INSERT INTO cookies(id, hash, user, creation_time, last_update) " . "VALUES ({$cookie_id}, '{$cookie_hash}', {$user_id}, {$time}, {$time})");
add_cookie('user', "{$cookie_id}:{$cookie_password}", $time);
// We can kill the anonymous cookie now
// We want to do this regardless of get_anonymous_cookie since that function can
// return null when there is a cookie on the client
delete_cookie('anonymous');
list($anonymous_cookie_id, $_) = get_anonymous_cookie();
if (!$anonymous_cookie_id) {
return;
}
// Now we will move the anonymous cookie's memberships to the logged in user
// MySQL can't handle constraint violations on UPDATE, so need to pull all the
// membership rows to PHP, delete them, and then recreate them :(
$result = $conn->query("SELECT calendar, creation_time, last_view, role, subscribed FROM roles " . "WHERE user = {$anonymous_cookie_id}");
$new_rows = array();
while ($row = $result->fetch_assoc()) {
$new_rows[] = "(" . implode(", ", array($row['calendar'], $user_id, $row['creation_time'], $row['last_view'], $row['role'], $row['subscribed'])) . ")";
}
if ($new_rows) {
$conn->query("INSERT INTO roles(calendar, user, " . "creation_time, last_view, role, subscribed) " . "VALUES " . implode(', ', $new_rows) . " " . "ON DUPLICATE KEY UPDATE " . "creation_time = LEAST(VALUES(creation_time), creation_time), " . "last_view = GREATEST(VALUES(last_view), last_view), " . "role = GREATEST(VALUES(role), role), " . "subscribed = GREATEST(VALUES(subscribed), subscribed)");
$conn->query("DELETE FROM roles WHERE user = {$anonymous_cookie_id}");
}
$conn->query("DELETE c, i FROM cookies c LEFT JOIN ids i ON i.id = c.id " . "WHERE c.id = {$anonymous_cookie_id}");
}
