Sunday, 8 June 2014

PHP Sessions and Cookie and Security

PHP Session
Session is Super global variable, that preserve certain data across multiple requests. A visitor accessing your web-site is assigned a unique id, the so-called session id. Its either stored in a cookie on the user side OR is propagated in the URL.

 Why its is used
1. Get the Number of unique visitor
2. For Login functionality we need this.
3. It tell us whether user is registered OR not.

Requirements 
No external libraries are needed to build this extension.

Installation 
Session is enabled in PHP by default. If you would not like to build your PHP with session support, you should specify the
--disable-session

Session configuration options
NameDefaultChangeableChangelog
session.save_path""PHP_INI_ALL
session.name"PHPSESSID"PHP_INI_ALL
session.save_handler"files"PHP_INI_ALL
session.auto_start"0"PHP_INI_PERDIR
session.gc_probability"1"PHP_INI_ALL
session.gc_divisor"100"PHP_INI_ALLAvailable since PHP 4.3.2.
session.gc_maxlifetime"1440"PHP_INI_ALL
session.serialize_handler"php"PHP_INI_ALL
session.cookie_lifetime"0"PHP_INI_ALL
session.cookie_path"/"PHP_INI_ALL
session.cookie_domain""PHP_INI_ALL
session.cookie_secure""PHP_INI_ALLAvailable since PHP 4.0.4.
session.cookie_httponly""PHP_INI_ALLAvailable since PHP 5.2.0.
session.use_strict_mode"0"PHP_INI_ALLAvailable since PHP 5.5.2.
session.use_cookies"1"PHP_INI_ALL
session.use_only_cookies"1"PHP_INI_ALLAvailable since PHP 4.3.0.
session.referer_check""PHP_INI_ALL
session.entropy_file""PHP_INI_ALL
session.entropy_length"0"PHP_INI_ALL
session.cache_limiter"nocache"PHP_INI_ALL
session.cache_expire"180"PHP_INI_ALL
session.use_trans_sid"0"PHP_INI_ALLPHP_INI_ALL in PHP <= 4.2.3. PHP_INI_PERDIR in PHP < 5. Available since PHP 4.0.3.
session.bug_compat_42"1"PHP_INI_ALLAvailable since PHP 4.3.0. Removed in PHP 5.4.0.
session.bug_compat_warn"1"PHP_INI_ALLAvailable since PHP 4.3.0. Removed in PHP 5.4.0.
session.hash_function"0"PHP_INI_ALLAvailable since PHP 5.0.0.
session.hash_bits_per_character"4"PHP_INI_ALLAvailable since PHP 5.0.0.
url_rewriter.tags"a=href,area=href,frame=src,form=,fieldset="PHP_INI_ALLAvailable since PHP 4.0.4.
session.upload_progress.enabled"1"PHP_INI_PERDIRAvailable since PHP 5.4.0.
session.upload_progress.cleanup"1"PHP_INI_PERDIRAvailable since PHP 5.4.0.
session.upload_progress.prefix"upload_progress_"PHP_INI_PERDIRAvailable since PHP 5.4.0.
session.upload_progress.name"PHP_SESSION_UPLOAD_PROGRESS"PHP_INI_PERDIRAvailable since PHP 5.4.0.
session.upload_progress.freq"1%"PHP_INI_PERDIRAvailable since PHP 5.4.0.
session.upload_progress.min_freq"1"PHP_INI_PERDIRAvailable since PHP 5.4.0.
How to set the Cookie?
bool setcookie ($name, $value);//set the cookie
bool setcookie ($name, $value,time()+3600); //set the cookie with expire 1 hour
bool setcookie ($name, $value, $expire = 0, $path, $domain, $secure = false, $httponly = false );//all parameter of set cookie
bool setrawcookie ($name, $value, $expire = 0, $path, $domain, $secure = false, $httponly = false );//Send a cookie without urlencoding the cookie value
Parameter of set_cookie function
name: The name of the cookie.
value: The value of the cookie. This value is stored on the clients computer; do not store sensitive information.
expire: The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoc. If set to 0, or omitted, the cookie will expire when the browser closes.
path: The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain.
domain: The domain that the cookie is available to.
secure: Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. 
httponly: When TRUE the cookie will be made accessible only through the HTTP protocol. 

 How to get cookie? 
echo $_COOKIE["cookieName"];

How to print all cookie? 
print_r($_COOKIE);

How to delete a cookie? 
setcookie ("cookieName", "", time() - 60);

How to set Array Cookie? 
setcookie("cookieName[one]", "c_1");
setcookie("cookieName[three]", "c_2");
setcookie("cookieName[two]", "c_3");

How to get Array cookie? 
print_r($_COOKIE["cookieName"]);

Best Related Posts are Following:

  1. XMLRPC Wordpress Attack.
  2. How can I read request-headers in PHP.
  3. How can I prevent SQL-injection in PHP?.
  4. Shared Server Security Risk open_basedir disable_functions disable_classes.
  5. What is Best method for sanitizing user input with PHP?.
  6. Difference between Notice and warning and fatal error.
  7. How can I prevent SQL-injection in PHP [SOLVED].
  8. PHP Register Globals.
  9. PHP Sessions and Cookie and Security.
  10. PHP Check Mime Type of File - Return Information About A File.
  11. Improve Ajax Performance.
  12. PHP Captcha Code Example Code Snippets.
  13. PHP - Secure Ajax Call from Hackers - Example.
  14. htaccess code snippets example.
  15. Manage Cron Job with PHP - SSH2 Connection.
  16. Spoofed Forms - Stop Spoofed Form Submissions.
  17. Session Fixation.
  18. Session Hijacking.
  19. openssl private encrypt.
  20. Cross Site Request Forgery.
  21. SQL Injection Attack - PHP & MySQL.
  22. Cross-Site Scripting - cross site scripting examples.
  23. PHP INI settings.
Labels: ,

Thursday, 5 June 2014

PHP DataStructures

Data structure is a way of storing and organizing data in a computer so that it can be used efficiently. It provide a efficient way to manage large amounts of data efficiently, such as large databases and Internet indexing services.


SPL provides a following set of standard datastructures.
SplDoublyLinkedList: The SplDoublyLinkedList class provides the main functionalities of a doubly linked list.

SplStack
The SplStack class provides the main functionalities of a stack implemented using a doubly linked list.

SplQueue
The SplQueue class provides the main functionalities of a queue implemented using a doubly linked list.
See Example
echo "Create Object of SplQueue:";
$obj = new SplQueue();

echo "
Check for Queue, is it Empty:";
if($obj->isEmpty())
{
    $obj->enqueue("Simple");
    $obj->enqueue("Example");
    $obj->enqueue("Of");
    $obj->enqueue("PHP");
}
echo "
View queue:";
print_r($obj);
if(! $obj->offsetExists(4))
{
    $obj->enqueue(10);
}
print_r($obj);
echo "

";
echo "
Get the value of the offset at 3 ";
if($obj->offsetGet(3))
{
    echo $obj->offsetGet(3);
   
    echo "
Resetting the value of a node:";
    $obj->offsetSet(4,6);
}
SplHeap The SplHeap class provides the main functionalities of a Heap. Heaps are crucial in several efficient graph algorithms such as Dijkstra's algorithm, and in the sorting algorithm heapsort.

SplMaxHeap The SplMaxHeap class provides the main functionalities of a heap, keeping the maximum on the top.

SplMinHeap The SplMinHeap class provides the main functionalities of a heap, keeping the minimum on the top.


SplPriorityQueue The SplPriorityQueue class provides the main functionalists of an functionalists of an prioritized queue, implemented using a max heap.

 SplFixedArray The SplFixedArray class provides the main functionalities of array. The main differences between a SplFixedArray and a normal PHP array is that the SplFixedArray is of fixed length and allows only integers within the range as indexes. The advantage is that it allows a faster array implementation. See Example Below 
$array = new SplFixedArray(5);
$array[1] = 2;
$array[4] = "foo";
var_dump($array[0]); // NULL
var_dump($array[1]); // int(2)

var_dump($array["5"]); // Fatal error: Uncaught exception 'RuntimeException' with message 'Index invalid or out of range'

SplObjectStorage The SplObjectStorage class provides a map from objects to data or, by ignoring data, an object set. This dual purpose can be useful in many cases involving the need to uniquely identify objects. 

Best Related Posts are Following:

  1. PHP 7 new features.
  2. What is session_set_cookie_params.
  3. imagecreatefrompng - Create a new image from file or URL - PHP.
  4. count_chars - Count Number of character of string with PHP.
  5. Check if string contains specific words - PHP.
  6. New features of PHP 5.5 with Examples.
  7. New features of PHP 5.4 with Examples.
  8. How To Track the Real IP Address Behind the Proxy - PHP - REMOTE_ADDR.
  9. date_sunrise - Returns time of sunrise for a given day and location.
  10. Convert image to Binary Data and vice versa in PHP.
  11. Difference between in_array and array_key_exists in php with Example.
  12. get_class_vars PHP Function.
  13. get_class_methods PHP Function.
  14. mysql_fetch_field - Get column information from a result.
  15. PHP mktime() Function - Get Unix timestamp for a date.
  16. Strtolower - Returns string with all alphabetic characters converted to lowercase.
  17. PHP file_get_contents Function - Reads entire file into a string.
  18. PHP utf8_encode Function - Encodes an ISO-8859-1 string to UTF-8.
  19. com_create_guid Generate a globally unique identifier.
  20. spl_autoload What is spl_autoload function in php.
  21. parse_ini_string - Parse a configuration string.
  22. stream_socket_client - Open Internet or Unix domain socket connection.
  23. imagecopyresampled-Copy and resize part of an image with resampling.
  24. What is proc_close.
  25. What is str_getcsv.
  26. Perform a regular expression search and replace.
  27. fputcsv - Write in CSV File with PHP.
  28. realpath - Get the Real path of File with PHP.
  29. ob_get_level -Return the nesting level of the output buffering mechanism.
  30. openssl decrypt - Decrypts data.
  31. Domain Name Server.
  32. iterator_apply - Call a function for every element in an iterator - PHP.
  33. openssl private encrypt.
  34. openssl_pkcs12_read.
  35. mb_check_encoding.
  36. imagegrabwindow.
  37. imagealphablending.
  38. Gets options from the command line argument list.
  39. spl autoload extensions in PHP.
  40. Parse a binary IPTC block into single tags.
  41. Embeds binary IPTC data into a JPEG image.
  42. session_set_save_handler.
  43. mcrypt_encrypt.
  44. imagegrabscreen.
  45. imagecreatefromjpeg.
  46. stat Gives information about a file - PHP.
  47. fsockopen Open Internet or Unix domain socket connection- PHP.
  48. intval - Get Integer value from string in PHP.
  49. register_shutdown_function.
  50. setcookie - Store Cookie in Browser with PHP.
  51. header_remove - Remove the Header.
  52. proc_open.
  53. ucwords - Uppercase the first character of each word in a string.
  54. getimagesize -Get the size of an image - PHP.
  55. phpinfo - Outputs information about PHP's configuration.
  56. spl_autoload_register.
  57. json_encode - Returns the JSON representation of a value.
  58. mcrypt_decrypt.
  59. PHP Magic Methods with Examples.
Labels:
Subscribe to: Posts ( Atom )