[SOLVED] Cookie passing

[Kairu]

I tried to look this up but I cant seem to get anything to work.

 

I have a PHP file which uses the GD library to create an image. It blends different images using different layering. Recently I have found a link which would be rather interesting to incorperate. It sets the image depending on which user is logged into a site.

 

I'm not sure if it uses cookies or sessions, but I'm fairly sure it is cookies. What I want to do is pass the cookie along to the site so I can get the proper image. Is this possible? And in the case that it is not cookies, is it possible to pass the session along?

[ratcateme]

i would recomend using sessions as they are more secure. to set a session use code like this

<?php
session_start(); //before any output (sets a cookie)
$_SESSION['a'] = $b; //any where before or after output
?>

 

Scott.

[Kairu]

Not quite what I meant. I don't have the option to choose, I'm just not sure which it is. And I need to pass it through to the site I am calling the image from.

 

Basically I copy a base image and then a second image to layer on top. The layering image can change at any given time, which is why I need this to be done in real time.

 

This is a finished script by the way, I have just found this link: http://www.gaiaonline.com/export/?mode=avi&uid=2628246&size=1&fid=1&u=d&t=1216368652.783 which takes user login info and selects the proper avatar for the currently logged in user.

 

If the user is logged in, it will display their avatar, but if the user is not, it will throw an error and go to the default "You are not logged in" page. Now, because it is being called by my server instead of the users browser, it throws the "You are not logged in" page, and I cannot take the image from the server and use it.

 

I am trying to basically pass any security info from the websites verification stuff, through the PHP info and back to the websites server, to get the proper image.

 

Basically creating a mirror so that whenever the user looks at my image they will see their own avatar on the base image.

 

Sorry about the long winded post, just trying to get things as clear as possible 

 

Any ideas?

[Kairu]

Also, just to clarify, I don't want to ever see or record any of the info that gets passed through. I'm assuming it is encrypted anyway.

[aseaofflames]

i'd try cURL (http://us2.php.net/curl)

 

<?php

error_reporting(0);

//login

 

$username = ""; //guia username

$password = ""; //guia password

$ch = curl_init("http://login.gaiaonline.com/gaia/login.php");       //starting cURL

curl_setopt($ch, CURLOPT_POST, TRUE);                                       //telling that we are using POST method

curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".$username."&password=".$password);                            //giving post vars to cURL

curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);                    //telling cURL that we want the result as a string so as to show it later

curl_setopt($ch, CURLOPT_COOKIEJAR, $username.".txt");             //file to store recieved cookies

 

$result = curl_exec($ch);

 

 

//get avatar

 

$ch2 = curl_init("http://www.gaiaonline.com/export/?mode=avi&uid=2628246&size=1&fid=1&u=d&t=1216368652.783");       //starting cURL

curl_setopt($ch2, CURLOPT_RETURNTRANSFER, TRUE);                    //telling cURL that we want the result as a string so as to show it later

curl_setopt($ch2, CURLOPT_COOKIEJAR, $username.".txt");             //file to store recieved cookies

curl_setopt ($ch2, CURLOPT_COOKIEFILE, $username.".txt");

 

$result = curl_exec($ch2);                                                           //executing query

 

if(!$result)                                                                              // checking result

{ die(curl_error($ch2)); }

if(strstr($result,"<head>")) die("You are not logged in.");

else {

 

$im = imagecreatefromstring($result);

header('Content-type: image/png');

imagepng($im);

imagedestroy($im);

}

 

?>

 

example: http://backup.aseaofflames.com/avatar.php

 

 

you can use $im just like a regular loaded image (like $im = imagecreatefromjpeg("file.jpg")). I just displayed it as a png.

[Kairu]

Is it possible to take an existing cookie/session from the viewing users computer and pass it through with cURL?

 

Basically what needs to happen is:

 

User views PHP image -> PHP image takes cookie/session info from their computer -> PHP image uses cookie/session info to get the avatar image and display it.

 

Now that I think about it, there are probably security measures to ensure this isn't possible. But I may as well try.

[gizmola]

Is it possible to take an existing cookie/session from the viewing users computer and pass it through with cURL?

 

Basically what needs to happen is:

 

User views PHP image -> PHP image takes cookie/session info from their computer -> PHP image uses cookie/session info to get the avatar image and display it.

 

Now that I think about it, there are probably security measures to ensure this isn't possible. But I may as well try.

 

Or not.  No your site cannot read another site's cookie.  If it could, cookies would be useless, as they were designed to allow a browser to pass information back and forth between sites.  If you look at how they work, cookie data is sent by the browser to the appropriate website on every single HTTP request.  Cookies are "scoped" as it were, by the server domain -- easy enough to verify by looking at the cookies themselves, which you will see in firefox for example as being listed by the domain for which they were instantiated.

 

Despite several descriptions, I'm afraid I still don't understand what you're trying to do precisely, or why, so I'm hard pressed to offer any further assistance, other than to tell you, that you're going down a path that at best will end in failure, and at worst borders on a cross site scripting attack against the original site.

[Kairu]

Yeah the more I thought about it, the less possible it became. I'm not trying to do anything malicious, though I guess it could be scued to do such.

 

I guess I'll break it down as best I can. No matter how I explain it to people it never seems to come out right, so I guess I will name the sites.

 

On my site, I have a PHP script which creates an image. It takes different images which are stored in a MySQL database. Right now, it simply grabs the images, puts them together and then displays them. Basically what you would do in photoshop, but in real time. This is because the images being used can change at any point in time.

 

What I want to do, is be able to call a url (which is publicly know) which displays a users own avatar. Meaning that when I go to the URL it shows my avatar, if my girlfriend goes to it it shows her avatar. But this only works if you are logged in (obviously). What I was trying to do was make it so that I could put the URL into my PHP code, and when a logged in user browsed to a page with the script, it would get their avatar, and display it. So in the case I was testing with, I was trying to show them a picture with their avatar saying something cheeky.

 

I was hoping that because it would only be displayed on the website that requires the cookies/session info, I would be able to grab it and use it to get the image, and then display the picture to them. Basically making them stop and think.

 

I just thought it would be interesting, which was the main reason I started using PHP in the first place.

[aseaofflames]

the only way (that i can think of) to do this is if you know the person's username and password for guiaonline. you could then use php to authenticate the user at guiaonline.com and use the cookies that are sent when you login the user. (like a proxy). That's what the code i gave you before does.

[Kairu]

Ok, I'm taking a new rout, but I am going to start a new thread as it has nothing to do with cookies or sessions.

 

Marking as solved.