Cookie.php

Go to the documentation of this file.

<?php
class Cookie {
    protected $name;
    protected $value;
    protected $expires;
    protected $path;
    protected $domain;
    protected $isSessionKey = true;
    // TO IMPLEMENT  protected $secure
    // TO IMPLEMENT? protected $maxAge (add onto expires)
    // TO IMPLEMENT? protected $version
    // TO IMPLEMENT? protected $comment
 
    public function __construct( $name, $value, $attr ) {
        $this->name = $name;
        $this->set( $value, $attr );
    }
 
    public function set( $value, $attr ) {
        $this->value = $value;
 
        if ( isset( $attr['expires'] ) ) {
            $this->isSessionKey = false;
            $this->expires = strtotime( $attr['expires'] );
        }
 
        $this->path = $attr['path'] ?? '/';
 
        if ( isset( $attr['domain'] ) ) {
            if ( self::validateCookieDomain( $attr['domain'] ) ) {
                $this->domain = $attr['domain'];
            }
        } else {
            throw new InvalidArgumentException( '$attr must contain a domain' );
        }
    }
 
    public static function validateCookieDomain( $domain, $originDomain = null ) {
        $dc = explode( ".", $domain );
 
        // Don't allow a trailing dot or addresses without a or just a leading dot
        if ( substr( $domain, -1 ) == '.' ||
            count( $dc ) <= 1 ||
            count( $dc ) == 2 && $dc[0] === ''
        ) {
            return false;
        }
 
        // Only allow full, valid IP addresses
        if ( preg_match( '/^[0-9.]+$/', $domain ) ) {
            if ( count( $dc ) !== 4 || ip2long( $domain ) === false ) {
                return false;
            }
 
            if ( $originDomain == null || $originDomain == $domain ) {
                return true;
            }
        }
 
        // Don't allow cookies for "co.uk" or "gov.uk", etc, but allow "supermarket.uk"
        if ( strrpos( $domain, "." ) - strlen( $domain ) == -3 ) {
            if ( ( count( $dc ) == 2 && strlen( $dc[0] ) <= 2 )
                || ( count( $dc ) == 3 && strlen( $dc[0] ) == 0 && strlen( $dc[1] ) <= 2 ) ) {
                return false;
            }
            if ( ( count( $dc ) == 2 || ( count( $dc ) == 3 && $dc[0] == '' ) )
                && preg_match( '/(com|net|org|gov|edu)\...$/', $domain ) ) {
                return false;
            }
        }
 
        if ( $originDomain != null ) {
            if ( substr( $domain, 0, 1 ) != '.' && $domain != $originDomain ) {
                return false;
            }
 
            if ( substr( $domain, 0, 1 ) == '.'
                && substr_compare(
                    $originDomain,
                    $domain,
                    -strlen( $domain ),
                    strlen( $domain ),
                    true
                ) != 0
            ) {
                return false;
            }
        }
 
        return true;
    }
 
    public function serializeToHttpRequest( $path, $domain ) {
        $ret = '';
 
        if ( $this->canServeDomain( $domain )
                && $this->canServePath( $path )
                && $this->isUnExpired() ) {
            $ret = $this->name . '=' . $this->value;
        }
 
        return $ret;
    }
 
    protected function canServeDomain( $domain ) {
        if ( $domain == $this->domain
            || ( strlen( $domain ) > strlen( $this->domain )
                && str_starts_with( $this->domain, '.' )
                && substr_compare(
                    $domain,
                    $this->domain,
                    -strlen( $this->domain ),
                    strlen( $this->domain ),
                    true
                ) == 0
            )
        ) {
            return true;
        }
 
        return false;
    }
 
    protected function canServePath( $path ) {
        return ( $this->path && substr_compare( $this->path, $path, 0, strlen( $this->path ) ) == 0 );
    }
 
    protected function isUnExpired() {
        return $this->isSessionKey || $this->expires > time();
    }
}