/** * Set a 30-day cookie * * @param string $remember checkbox with value "checked" or empty * @return bool */ public static function setCookie($h, $rememberMe) { if (!$rememberMe) { return false; } if (!$h->currentUser->name) { $h->messages['main_userbase_cookie_error'] = 'green'; return false; } else { // just need random token here. no real reason to pass name in. just easy to use password_hash to create it $cookieToken = password_hash($h->currentUser->name, PASSWORD_DEFAULT); \Hotaru\Models2\UserLogin::addLogin($h, $h->currentUser->id, $cookieToken); $strCookie = base64_encode(join(':', array($h->currentUser->name, $cookieToken))); // 2592000 = 60 seconds * 60 mins * 24 hours * 30 days $month = 2592000 + time(); if (strpos(SITEURL, "localhost") !== false) { setcookie("hotaru_key", $strCookie, $month, "/"); } else { /* * http://no2.php.net/setcookie * bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] ) * * The domain that the cookie is available to. * Setting the domain to 'www.example.com' will make the cookie available in the www subdomain and higher subdomains. * Cookies available to a lower domain, such as 'example.com' will be available to higher subdomains, such as 'www.example.com'. * Older browsers still implementing the deprecated » RFC 2109 may require a leading . to match all subdomains. * Since we dont want the cookie set on one subdomain to pass to another, we call setcookie without the domain paramater :'get a cookie with "subdomain.example.net" (and not ".subdomain.example.net")' */ setcookie("hotaru_key", $strCookie, $month, "/"); } return true; } }