防止伪造cookie的方法

<?php
define('COOKIE_ENCRYPTION', 'CAf8W#h@3$k$5Y1k'); // 定义cookie加密串常量

/**
 * 设置cookie
 *
 * @param string $name  cookie名
 * @param string $value cookie值
 * @return bool 设置cookie结果(TRUE=成功|FALSE=失败)
 */
function set_cookie($name, $value) {
    $cookie1 = setcookie($name, $value);
    $cookie2 = setcookie("{$name}_ENCRYPTION", md5(COOKIE_ENCRYPTION . $value));
    return ($cookie1 && $cookie2) ? TRUE : FALSE;
}

/**
 * 获取cookie
 *
 * @param string $name cookie名
 * @return mixed cookie值(若cookie不存在或cookie是伪造的返回NULL)
 */
function get_cookie($name) {
    if (!isset($_COOKIE[$name]) || !isset($_COOKIE["{$name}_ENCRYPTION"])) {
        return NULL;
    } else {
        if ($_COOKIE["{$name}_ENCRYPTION"] != md5(COOKIE_ENCRYPTION . $_COOKIE[$name])) {
            return NULL;
        } else {
            return $_COOKIE[$name];
        }
    }
}

Copyright © 2023 码农人生. All Rights Reserved