Master Jake's Profile User Rating: -----

Reputation: 16 Tradesman
Group:
Author w/DIC++
Active Posts:
109 (0.04 per day)
Joined:
27-February 09
Profile Views:
8,890
Last Active:
User is offline Jan 01 2016 07:22 PM
Currently:
Offline

Previous Fields

Country:
US
OS Preference:
Linux
Favorite Browser:
FireFox
Favorite Processor:
AMD
Favorite Gaming Platform:
PC
Your Car:
Who Cares
Dream Kudos:
150

Latest Visitors

Icon   Master Jake has not set their status

Posts I've Made

  1. In Topic: How to Get Started Writing a Forum?

    Posted 1 Jan 2016

    This is a response to your question about sessions. I'm going to give a brief overview of how sessions work, so you can skip over this if you already know.

    Ultimately, sessions allow you to store ephemeral data on the Web server. Whereas cookies are stored on the client's device (which the client can easily modify), session information is outside the reach of the client and cannot be freely modified by the client. However, HTTP is stateless, so there has to be some way to tie a device (e.g., a client's Web browser) to a session. PHP does this by generating a big random number and storing it on the client's device in a cookie. This number is called the session ID. Thus, every session still requires one cookie to work. Of course, the client could modify the session ID cookie and try to spoof another user's session. But due to entropy, this is unlikely to say the least.

    Your transition from using cookies to using sessions will most likely be as simple as string replacing "$_COOKIE" with "$_SESSION". You will also have to add the session_start() call at the beginning of any PHP script that you want to be able to access session information.

    So how would you implement a "remember me" function? Like you said, you will need to create a long-term cookie that is somehow linked to the user's account. If you see that cookie, and no session is active, you should automatically login the user (creating a new session). Remember, sessions are short term. A user may seamlessly transition between multiple sessions with your "remember me" function. I've never implemented this feature before, but I would probably create a database table tying user IDs to special "remember me" cookies. You'll need to find a good way of generating the "remember me" cookies also. Users should not be able to change their cookies and spoof another user's account (with high probability). You might look into how PHP generates its session IDs to get ideas.
  2. In Topic: Strtok() Help

    Posted 28 Dec 2015

    One thing that I immediately see which is likely causing problems is that your request_target is declared to hold up to 10 characters, but the string "/cat.html?q=Alice" is bigger than 10 characters. This is bad news, so I would start by increasing the size of your request_target buffer.

    Also, you should use strncpy instead of strcpy. The former allows you to specify a maximum number of bytes to copy (i.e., the size of whatever buffer you are copying into) in order to avoid buffer overflows.

    Since you appear to be parsing HTTP requests, there's no reason to have a while loop with a counter either. Just call strtok three times in sequence. Make sure to check for NULL between each call in case the request is invalid. You can also call it a fourth time and check for NULL again (it should be NULL on the fourth call if it is a valid HTTP request).

My Information

Member Title:
D.I.C Head
Age:
23 years old
Birthday:
October 29, 1992
Gender:

Contact Information

E-mail:
Private

Friends

Comments

Master Jake has no profile comments yet. Why not say hello?