[Resolved] Problems with serialize and unserialize

[Albino]

problems with serialize and unserialize

hey,

ok, I am saving 2 values in my cookie, like so:

$cookie = @serialize(array($u, $c));
setcookie("siteLogin", $cookie, time() + 36000, "/");

$u is username, $c is a cookie value (this is part of a remember script for logins).

now, when I come to extract it, I have this:

if (isset($_COOKIE['siteLogin'])){

    echo $_COOKIE['siteLogin']."<br />";
    echo unserialize($cookie)."<br />";
    list($u, $c) = @unserialize($cookie);
    echo "username: ".$u."  cookie: ".$c;

}

the echo is just for debugging, ive checked if the cookie contains a value, it does (and looks serialized). I can;t echo it unserialized or listed, am I doing something wrong?

here is a test url:

http://munkydesigns.co.uk/ScriptsNew/login.php

u: username
p: password

make sure you check remember me lol

thanks in advance

 

[jido]

First thing, look at unserialize error messages:

    list($u, $c) = [b]unserialize[/b]($cookie);

 

[Albino]

there are no error messages

 

[jido]

Can you paste the serialized cookie here?

 

[neroux]

You are referring to a variable $cookie which doesnt seem to be set unserialize($_COOKIE['siteLogin']); should do it.

 

[Albino]

Jido, here is the serialized cookie: a:2:{i:0;s:8:\"username\";i:1;s:32:\"29ef5859fbfe34e0918bdec7ec00a988\";}

Neroux, good spot haha. thats because I copied and pasted the snippet from the actual function, with $cookie as a parameter. However, even as :

echo $_COOKIE['siteLogin']."<br />";
echo unserialize($_COOKIE['siteLogin'])."<br />";
list($u, $c) = @unserialize($_COOKIE['siteLogin']);
echo "username: ".$u."  cookie: ".$c;

I get no outcome

 

[neroux]

I know you said the cookie contains the value, but can you check it once again? The reason is, in your example I am not even getting the cookie but only the session cookie.

 

[Daniel]

Try this, it's ugly and someone will probably yell at me. But it seems to work.

$u = "hello";
$c = "world";

$cookie = urlencode(serialize(array($u, $c)));

if(!setcookie("siteLogin", $cookie, time() + 20000)) die("Hmm");

if(isset($_COOKIE['siteLogin'])) {
		
	$line = urldecode($_COOKIE['siteLogin']);
	
	if (get_magic_quotes_gpc()) $line = stripslashes($line);
	
	list($a, $u) = unserialize($line);
	echo "username: " . $a . "<br />pass: " . $u;
}

Remember: Cookie names can not contain any of the following '=,; \t\r\n\013\014

 

[Albino]

cheers Danltn, worked a treat