How to get the ID value out of the smf cookie?

Started by nicor2k, January 13, 2007, 06:12:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

nicor2k

January 13, 2007, 06:12:31 PM
SMF Version: SMF 1.0.9
Hi!
How do I get the ID data out of the cookie?
I found this in SUB_AUTH, which sets the cookie:


global $cookiename;
   // Get the data and path to set it on.
   $data = serialize(empty($id) ? array(0, '', 0) : array($id, md5_hmac($password, 'ys'), time() + $cookie_length));
   $cookie_url = url_parts();


So, the ID is the first field in the $_COOKIE['cookiename'] Array - but how can I read it out, it just says "a" as a value instead of the real id...


thanks!

SleePy

#1
March 18, 2007, 07:19:06 PM
nicor2k,

Where you able to figure this out? You need to unserialize it and then some more decoding to use it.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

Karl Lauer

#2
March 22, 2007, 03:42:40 AM
Hi,

I've got the same problem with smf 1.1.2.

Can someone explain to me how the unserializing and "some more decoding" works?

Thanks

Karl Lauer

#3
March 22, 2007, 06:37:54 AM
I tried that in the root dir of my installation:

Code Select

<?php
require_once('Settings.php');
echo $cookiename."<br>";
echo $_COOKIE[$cookiename]."<br>";
$var=unserialize($_COOKIE[$cookiename]);
print_r($var);
?>


It showed my the cookiename und the serialized value of the cookie. But the print_r showed me nothing...

SleePy

#4
March 22, 2007, 07:29:02 PM
Did you check source for possible hidden output when you did that?
It may be more than just serialized. I haven't looked at how SMF does the hashing of its cookies in a while but I think its done in Subs-Auth.php or at least decrypted there don't remember. ;)

The function database may provide info on this though:
http://support.simplemachines.org/function_db/index.php
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

nicor2k

#5
March 19, 2008, 10:26:02 AM
Since no one seems to have a working solution ( :'(), I am posting my try so far - maybe someone has an idea of getting this working :)

in /Sources/Load.php is a function "loadUserSettings". Because I couldn't get the needed output, I used parts of it:

list ($ID_MEMBER, $password) = @unserialize($_COOKIE['username']);
$ID_MEMBER = !empty($ID_MEMBER) ? (int) $ID_MEMBER : 0;
echo $ID_MEMBER;

But instead of showing the ID, the output is still "0". Trying to print out the value of the cookie works fine (just serilaized, but it shows that the cookie has been set).

Sarge

#6
March 23, 2008, 08:18:39 AM Last Edit: March 23, 2008, 08:23:00 AM by Sarge
The code by Karl Lauer should work, but you need to include SSI.php instead of Settings.php.

Have a look at this (tested on SMF 1.1.4, I'm not sure about 1.0.9 -- look at the output of print_r($var) to find out what to use):
Code Select

<?php
require_once ('SSI.php');

echo $cookiename '<br />';
echo $_COOKIE[$cookiename] . '<br />';
$var unserialize($_COOKIE[$cookiename]);

echo '<pre>';
print_r($var);
echo '</pre>';

$member_id $var[0];
echo 'ID_MEMBER: '$member_id;
?>


$ID_MEMBER is used by SMF and SSI, so name the variable $member_id, or something else different from $ID_MEMBER.

    Please do not PM me with support requests unless I invite you to.

http://www.zeriyt.com/   ~   http://www.galeriashqiptare.net/

Quote
<H> I had zero posts when I started posting

nicor2k

#7
March 23, 2008, 01:44:40 PM
First of all a big thanks for the reply! :)

unfortunately, i cannot include SSI.php because some functions have the same names as wordpress etc. If I could use SSI.php, I'd just take the $context[user][id] value ;)

But because I can't, I am trying to get the ID out of the cookie - maybe not the best solution, but i was hoping it'll work :)


Thats why I changed the code a little and am not including SSI.php, but am using the cookiename which I defined in the settings file (so its not $_COOKIE[$cookiename] but $_COOKIE['my-name-of-cookie']. Or is there another thing I'd need out of SSI.php?

My changed code works (no errors, displays the cookie...) but still doesn't print out any unserialized value :(


echo $_COOKIE['my-name-of-cookie'] . '<br />'; //works!!!
$var = unserialize($_COOKIE['my-name-of-cookie']);

echo '<br>---<br><pre>'; // no output from here
print_r($var);
echo '</pre>';

$member_id = $var[0];
echo 'user: '.$member_id; // just says 'user:'...


Sarge

#8
March 26, 2008, 04:46:33 AM Last Edit: March 26, 2008, 04:55:30 AM by Sarge
Quote from: nicor2k on March 23, 2008, 01:44:40 PM
unfortunately, i cannot include SSI.php because some functions have the same names as wordpress etc.

Yes, that's a known issue. It's the nature of the beast :P It's not specific to SMF -- every two PHP applications that use the same variable (and function) names together in the same page are bound to have issues.


Quote from: nicor2k on March 23, 2008, 01:44:40 PM
echo $_COOKIE['my-name-of-cookie'] . '<br />'; //works!!!
$var = unserialize($_COOKIE['my-name-of-cookie']);

echo '<br>---<br><pre>'; // no output from here
print_r($var);
echo '</pre>';

$member_id = $var[0];
echo 'user: '.$member_id; // just says 'user:'...
[/tt]

What version of PHP are you running? Your code works for me in PHP 5.2.5. It prints the cookie data, the unserialized array and the user ID, as expected.

However, I got this message when I tested with PHP 4.4.7:
Code Select
Notice: unserialize() [function.unserialize]: Error at offset 9 of 99 bytes in C:\path_to_dir\test2.php on line 3

Line 3 is, of course, the call to unserialize(). If you activate displaying of notices in php.ini (for example, by setting error_reporting = E_ALL in php.ini), you should see the notice. Apparently, " (double quotes) get escaped with backslashes, hence the error.

My first hack to make it work in PHP 4.4.7 was to remove the backslashes:
Code Select
$var = unserialize(stripslashes($_COOKIE['my-cookie-name']));

I also checked the SMF 1.1.4 source code and noticed this in LogInOut.php, lines 102-107:
Code Select

if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;(i:\d{1,6}|s:[1-8]:"\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~', $_COOKIE[$cookiename]) === 1)
list (, , $timeout) = @unserialize($_COOKIE[$cookiename]);
elseif (isset($_SESSION['login_' . $cookiename]))
list (, , $timeout) = @unserialize(stripslashes($_SESSION['login_' . $cookiename]));
else
trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);


So I did this:
Code Select

<?php
$cookiename 'my-cookie-name';
echo $_COOKIE[$cookiename] . '<br />';

if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;(i:\d{1,6}|s:[1-8]:"\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~'$_COOKIE[$cookiename]) === 1)
 $var = @unserialize($_COOKIE[$cookiename]);
else
 $var = @unserialize(stripslashes($_COOKIE[$cookiename]));

echo '<br>---<br><pre>';
print_r($var);
echo '</pre>';

$member_id $var[0];
echo 'user: '.$member_id;
?>


and it worked too.

[edit]
FYI, the above tests were done on Windows.

    Please do not PM me with support requests unless I invite you to.

http://www.zeriyt.com/   ~   http://www.galeriashqiptare.net/

Quote
<H> I had zero posts when I started posting

nicor2k

#9
March 27, 2008, 10:03:56 AM
thank you sooooo much - this works fine!
(just did a very quick test, but it really seems to be a great solution)
Print
Go Up Pages1
User actions
Advertisement: