I've just caught a crash reported on sentry, I am trying to debug and see the root cause for the problem.
Luckily, in the cookies panel, I can see the laravel_session value that was used while crash happened.
The question, is, how can decrypt the cookie?
You can decrypt the cookie with the following code:
$cookie = 'eyJpdiI6ImFUQ0FvMWFSVlNvTmhlQjdLWGw1Z1E9PSIsInZhbHVlIjoicFh6Q09iTDl0K0huWU1Nc1NYVmxSY2hPRGU5Vk85dDJyYUpRbUVjRWg5R0JxYkVobkF3YkZVcVQrakFFUmxaVnZrTjFST3F3RTZ4akpDZEpvUFJiQXc9PSIsIm1hYyI6IjlhYmJhMTY3MWMxYWI3YjJmNmFjMmNkZWE0MWZmMmVhNTNiMjI5ZWY3NzUwNzQ0ZjAzMGQ1ZGU0YzVhNjJmZGYifQ==';
$cookie_contents = json_decode( base64_decode( $cookie, true ));
$value = base64_decode( $cookie_contents->value );
$iv = base64_decode( $cookie_contents->iv );
$clear = unserialize( \openssl_decrypt($value, \Config::get( 'app.cipher' ), \Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));
echo "Cookie contents (Session ID): $clear\n";
You should end up with a session ID that looks something like this:
Laravel 5.1: 55782b00dbfcc3f848585ac2cefc66802d773cf5
Laravel 5.4: yPjeV74joY4MtMNNtTpeOYBP2CMixJBBChc9HRND
I didn't test with Laravel 5.3, but I'm confident it will work.
When using this code, make sure you paste the entire contents of the cookie into the $cookie variable, including the two equals signs at the end.
For laravel 6 I think it's pretty much the same
$base64_key = "base64:ISAcSPwQ0HDqqLygaS9LyPzs5ZujMAKOjBou+gyz9sw=";
$payload = json_decode(base64_decode($_COOKIE["your_cookie_name"]), true);
$iv = base64_decode($payload['iv']);
$key = base64_decode(substr($base64_key, 7));
$sessionId = openssl_decrypt($payload['value'], 'AES-256-CBC', $key, 0, $iv);
echo "Session Id: $sessionId";
But check few things:
Cipher encoding, mine is 'AES-256-CBC', it can be 'AES-128-CBC' if your key length is 16
Key format, mine start with "base64:" so I have to remove this part first
Related
I got an issue with HMAC.
I have to sign a form before sending it to a bank.
They only provide an example in PHP in their documentation.
I have a hex key to sign my data (e.g. FCEBA61A884A938E7E7FE4F5C68AA7F4A349768EE5957DDFBE99C1D05A09CBACF1FCF0A7084CB2E4CBA95193176C4395DE7F39EA9DBEBEF0907D77192AAE3E8A).
In the PHP exemple, they do this with the key before signing the data:
$key = "FCEBA61A884A938E7E7FE4F5C68AA7F4A349768EE5957DDFBE99C1D05A09CBACF1FCF0A7084CB2E4CBA95193176C4395DE7F39EA9DBEBEF0907D77192AAE3E8A";
$message = "param1=a¶m2=b";
$binKey = pack('H*', $key);
$signature = hash_hmac('sha512', $msg, $binKey);
echo $signature;
// => a3efb70368bee502ea57a1a4708cac8912a5172075ea8dec2de2770dfbb4c8fb587f03fdadc0ca4f9e1bb024cfda12866295b259f5fb4df2fe14d960874a68ab
I don't understand why they pack the key and if I should do something similar with my key.
I did the following in my Ruby code:
key = "FCEBA61A884A938E7E7FE4F5C68AA7F4A349768EE5957DDFBE99C1D05A09CBACF1FCF0A7084CB2E4CBA95193176C4395DE7F39EA9DBEBEF0907D77192AAE3E8A"
message = "param1=a¶m2=b"
digest = OpenSSL::Digest.new('sha512')
signature = OpenSSL::HMAC.hexdigest(digest, key, message)
puts signature
# => d817611845246640d1224a0874bf60fed0956a367aa3069b7947cbec56903bb5d8c54df170f5504c586dad55e4f879c70cf1a40526cfc9f35411195822c535ed
You need to do this in Ruby:
hash = OpenSSL::HMAC.hexdigest(digest, [key].pack('H*'), message)
The real issue here is that your PHP code uses two variable names for the message. You set $message, then use $msg, which means you're computing the hash for an undefined variable.
The packing of the hex representation of the key back into a binary form is the bit you're missing.
See this post for example: https://blog.bigbinary.com/2011/07/20/ruby-pack-unpack.html
You'll want something like this:
signature = OpenSSL::HMAC.hexdigest(digest, key.pack('H'), message)
I'm using this in my project:
bin_key = Array(keyTest).pack 'H*'
#hmac = OpenSSL::HMAC.hexdigest("SHA512", bin_key, msg).upcase
This works fine for me.
I have a joomla website with plethora theme. This is the link to the website where I'm facing problems. http://miraghotels.com/joomjob/membership/planadd?step=2
The form on this link is processed somewhere and an array of variables referring to the form fields and their values is stored in the Joomla session. The problem is that I want to change/override the value of a parameter which is actually in the array variable of the session. To explain this, I'm attaching this code.
$planChosen = $session->get('planChosen', 0, 'register');
First of all, what syntax is this session following? I get a different ouput from just
$session->get('planChosen').
Ok now, when I ouput this variable($planChosen), I get the following output:
Array ( [planname3] => Basic
[planperiod3] => 15 Days
[plancredit3] => 5
[price3] => 0
[plan_id] => 4
[planname4] => Premium
[planperiod4] => 3 Months
[plancredit4] => 25
[price4] => 50
[gateway] => paypal
[option] => com_joomjob
[task] => guest.grabplaninfo
[2d13d7c9e4ffff248cf29092b199f5b2] => 1 )
Now what I want to know is that where is this session stored i.e. where can I find the file where these items are processed in the session.
Secondly, if I want to override a value for e.g. change the value of "gateway" from "paypal" to "moneybookers", how can I achieve that? I tried the following code but no luck:
$string="('planChosen', 0, 'register')[\"gateway\"]";
$session->set($string, "moneybookers");
Please help me out with this
I got this from Joomla.org website
The following code gets the current session then sets the value of the session variable 'myvar' to 'helloworld'.
$session =& JFactory::getSession();
$session->set( 'myvar', 'helloworld' );
The session variable can be retrieved later in a similar way.
$session =& JFactory::getSession();
echo 'Session variable myvar has value: ' . $session->get( 'myvar', 'empty' );
So if you used this code to set paypal as payment gateway
$session->set( 'gateway', 'paypal' );
Now if you want moneybookers you can override paypal by
$session->clear('gateway');
$session->set( 'gateway', 'moneybookers' );
And your session data are saved in database by default unless you changed it to files in the global configuration area. So #__sessions has all your session data.
EDIT:
In that case you can do like this
$session =& JFactory::getSession();
$session->set( 'planChosen', $planChosen );//store array in session variable
//Now you have entire array in this session variable which contains paypal as payment gateway
// Suppose you want to update it then use the code below
$session =& JFactory::getSession();
$planChosen = $session->get( 'planChosen' );
unset($planChosen[$gateway]);
$planChosen["gateway"] = "moneybookers";
$session->set('planChosen',$planChosen);
In my project, I need to set a cookie, here is my first version:
$cookie = Cookie::make('from_app', 1);
$view = View::make('buy.sale')->with(array(
'goods' =>$goods_group,
'time' =>$time,
))->withCookie($cookie);
and I found that this cookie doesn't work.
and then here is the second version:
return Redirect::to($view)->withCookie($cookie)
and the cookie works but it will jump twice .
when I use
return Response::to($view)->withCookie($cookie)
everything is ok.
I don't know what version of Laravel are you using but on mine 4.2.15 there's not such thing like Response::to there's only Redirect::to and it creates a new redirect response to the given path.
I do not want the user to be logged out of the site even if the person is idle for, it is okay if the person is logged out if he has closed the browser.
session.gc_maxlifetime = 180000
session.gc_probability = 1
session.gc_divisor = 1
session.save_path = "/var/lib/php/session"
cookie_lifetime = 0
Is there any setting that i am missing?
Please help
To set the life time i have added the following code.
session_set_cookie_params(21600);
session_start();
You need extend your live time of cookie, remember that session id is stored in user webbrowser within cookie, set session.cookie_lifetime with a more big value too.
session_set_cookie_params(21600);
session_start();
21600 seconds is only 6 hours
Try setting to something bigger maybe even PHP_INT_MAX
Dont know whether it will help just wrote to give u the idea of how?....cookie are saved at user browser so ,
$cookieName = "userscookie";
$lifetime = time() + (60*60*24); // one day life
if(isset($_COOKIE[$cookieName])) {
$value = $_COOKIE[$cookieName];
// one day life from day of access
setcookie($cookieName, $value, $lifetime);
} else {
$value = "this value to store";
setcookie($cookieName, $value, $lifetime);
}
output:
Thankyou
I have a client who needs a website urgently, but I have no access to information such as the control panel.
PHP Version is 4.4 Which is a pain as I'm used to 5.
The first problem is I keep getting:
Parse error: parse error, unexpected T_OBJECT_OPERATOR, expecting ')' in D:\hshome\*******\********\includes\functions.php on line 37
This is the function in question:
function read_rss($display=0,$url='') {
$doc = new DOMDocument();
$doc->load($url);
$itemArr = array();
foreach ($doc->getElementsByTagName('item') as $node) {
if ($display == 0) {
break;
}
$itemRSS = array(
'title'=>$node->getElementsByTagName('title')->item(0)->nodeValue,
'description'=>$node->getElementsByTagName('description')->item(0)->nodeValue,
'link'=>$node->getElementsByTagName('link')->item(0)->nodeValue);
array_push($itemArr, $itemRSS);
$display--;
}
return $itemArr;
}
And the line in question:
'title'=>$node->getElementsByTagName('title')->item(0)->nodeValue,
PHP4 does not support object dereferencing. So $obj->something()->something will not work. You need to do $tmp = $obj->something(); $tmp->something...
You can't do that in PHP 4.
Have to do something like
$nodes = $node->getElementsByTagName('title');
$item = $nodes->item(0);
$value = $item->nodeValue,
Try it and it will work.
You can't chain object calls in PHP 4. You're going to have to make each call separately to a variable and store it all.
$titleobj = $node->getElementsByTagName('title');
$itemobj = $titleobj->item(0);
$value = $itemobj->nodeValue;
...
'title'=>$value,
you'll have to do it on all those chained calls
As for .htaccess ... you need to talk to someone who controls the actual server. It sounds like .htaccess isn't allowed to change the setting you're trying to change.
You need to break down that line into individual variables. PHP 4 does not like -> following parentheses. Do this instead:
$title = $node->getElementsByTagName('title');
$title = $title->item(0);
$description = $node->getElementsByTagName('description');
$description = $description->item(0);
$link = $node->getElementsByTagName('link');
$link = $link->item(0);
$itemRSS = array(
'title'=>$title->nodeValue,
'description'=>$description->nodeValue,
'link'=>$link->nodeValue);
The two variable declarations for each may be redundant and condensed, I'm not sure how PHP4 will respond. You can try to condense them if you want.
DOMDocument is php 5 function.You cant use it.
you may need to use DOM XML (PHP 4) Functions