extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-06-25 12:21:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Changes for hopefully better handling of the global crypto object; remove

Browse Source 
calls to common class functions and setting of common class vars;
This commit is contained in:
Miles Lott 2001-12-27 15:48:42 +00:00
parent 297f386c85
commit 06dc27229c
3 changed files with 122 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
phpgwapi/inc/class.common.inc.php
View File

@ -41,9 +41,8 @@
*/ */
class common class common
{ {
var $crypto; var $debug_info; // An array with debugging info from the API
var $debug_info; // An array with debugging info from the API
/*! /*!
@function cmp_version @function cmp_version
@abstract Compares two Version strings and return 1 if str2 is newest (bigger version number) than str1 @abstract Compares two Version strings and return 1 if str2 is newest (bigger version number) than str1
@ -906,11 +905,11 @@
include(PHPGW_API_INC . '/footer.inc.php'); include(PHPGW_API_INC . '/footer.inc.php');
} }
// Clean up mcrypt /* Clean up mcrypt */
if (@is_object($this->crypto)) if (@is_object($GLOBALS['phpgw']->crypto))
{ {
$this->crypto->cleanup(); $GLOBALS['phpgw']->crypto->cleanup();
unset($this->crypto); unset($GLOBALS['phpgw']->crypto);
} }
} }
@ -919,6 +918,7 @@
$len = strlen($data); $len = strlen($data);
return pack('H' . $len, $data); return pack('H' . $len, $data);
} }
/*! /*!
@function encrypt @function encrypt
@abstract encrypt data passed to the function @abstract encrypt data passed to the function
@ -937,6 +937,7 @@
{ {
return $GLOBALS['phpgw']->crypto->decrypt($data); return $GLOBALS['phpgw']->crypto->decrypt($data);
} }
/*! /*!
@function des_cryptpasswd @function des_cryptpasswd
@abstract des encrypt a password @abstract des encrypt a password
@ -960,10 +961,9 @@
function md5_cryptpasswd($userpass, $random) function md5_cryptpasswd($userpass, $random)
{ {
$bsalt = '$1$'; $bsalt = '$1$';
$esalt = '$'; // patch $esalt = '$';
$lcrypt = '{crypt}'; $lcrypt = '{crypt}';
// $modsalt = sprintf('%s%s', $bsalt, $random); $modsalt = sprintf('%s%s%s', $bsalt, $random, $esalt);
$modsalt = sprintf('%s%s%s', $bsalt, $random, $esalt); // patch
$password = crypt($userpass, $modsalt); $password = crypt($userpass, $modsalt);
$ldappassword = sprintf('%s%s', $lcrypt, $password); $ldappassword = sprintf('%s%s', $lcrypt, $password);
@ -984,8 +984,7 @@
} }
if ($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'MD5') if ($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'MD5')
{ {
//$salt = $this->randomstring(9); $salt = $this->randomstring(8);
$salt = $this->randomstring(8); // patch
$e_password = $this->md5_cryptpasswd($password, $salt); $e_password = $this->md5_cryptpasswd($password, $salt);
} }
return $e_password; return $e_password;
@ -1059,9 +1058,9 @@
{ {
include($f); include($f);
} }
} // if }
} // while }
} // if }
else else
{ {
reset ($GLOBALS['phpgw_info']['user']['apps']); reset ($GLOBALS['phpgw_info']['user']['apps']);
@ -1075,10 +1074,10 @@
{ {
include($f); include($f);
} }
} // if }
} // while }
} // if $no_permission_check }
} // function }
/*! /*!
@function hook_single @function hook_single
@ -1121,7 +1120,7 @@
while ($permission = each($GLOBALS['phpgw_info']['user']['apps'])) while ($permission = each($GLOBALS['phpgw_info']['user']['apps']))
{ {
$f = PHPGW_SERVER_ROOT . $SEP . $permission[0] . $SEP . 'inc' . $SEP . 'hook_' . $location . '.inc.php'; $f = PHPGW_SERVER_ROOT . $SEP . $permission[0] . $SEP . 'inc' . $SEP . 'hook_' . $location . '.inc.php';
if (file_exists($f)) if (file_exists($f))
{ {
++$count; ++$count;
@ -1168,6 +1167,7 @@
} }
return date($format,$t); return date($format,$t);
} }
/*! /*!
@function dateformatorder @function dateformatorder
@abstract @abstract
@ -1195,6 +1195,7 @@
return (implode(' ',$dlarr)); return (implode(' ',$dlarr));
} }
} }
/*! /*!
@function formattime @function formattime
@abstract format the time takes settings from user preferences @abstract format the time takes settings from user preferences
@ -1240,29 +1241,6 @@
return "$h12:$min$sec$ampm"; return "$h12:$min$sec$ampm";
} }
/* If the above still works, please remove this */
function old_formattime($hour,$min,$sec='')
{
$h12 = $hour;
if ($GLOBALS['phpgw_info']['user']['preferences']['common']['timeformat'] == '12') {
if ($hour >= 12)
$ampm = ' pm';
else
$ampm = ' am';
$h12 %= 12;
if ($h12 == 0 && $hour)
$h12 = 12;
if ($h12 == 0 && ! $hour)
$h12 = 0;
} else
$h12 = $hour;
if ($sec)
$sec = ":$sec";
return "$h12:$min$sec$ampm";
}
// This is not the best place for it, but it needs to be shared bewteen Aeromail and SM // This is not the best place for it, but it needs to be shared bewteen Aeromail and SM
/*! /*!
@function get_email_passwd_ex @function get_email_passwd_ex
@ -1300,7 +1278,6 @@
return $email_passwd; return $email_passwd;
} }
*/ */
// This is not the best place for it, but it needs to be shared bewteen Aeromail and SM // This is not the best place for it, but it needs to be shared bewteen Aeromail and SM
/*! /*!
@ -1308,7 +1285,7 @@
@abstract create email preferences @abstract create email preferences
@discussion This is not the best place for it, but it needs to be shared between Aeromail and SM @discussion This is not the best place for it, but it needs to be shared between Aeromail and SM
@param $prefs @param $prefs
@param $account_id -optional defaults to : phpgw_info['user']['account_id'] @param $account_id -optional defaults to : phpgw_info['user']['account_id']
*/ */
function create_emailpreferences($prefs='',$accountid='') function create_emailpreferences($prefs='',$accountid='')
{ {
@ -1324,7 +1301,7 @@
$do_free_me = True; $do_free_me = True;
} }
// this sets the prederences into the phpgw_info structure // this sets the preferences into the phpgw_info structure
$GLOBALS['phpgw']->msg->create_email_preferences(); $GLOBALS['phpgw']->msg->create_email_preferences();
// cleanup and return // cleanup and return
@ -1410,8 +1387,6 @@
} }
*/ */
// This will be moved into the applications area. // This will be moved into the applications area.
/*! /*!
@function check_code @function check_code

15
phpgwapi/inc/class.crypto.inc.php
View File

@ -34,15 +34,22 @@
var $td = False; /* Handle for mcrypt */ var $td = False; /* Handle for mcrypt */
var $iv = ''; var $iv = '';
var $key = ''; var $key = '';
var $debug = True;
var $debug = False; var $debug = False;
function crypto($vars) function crypto($vars='')
{
if(is_array($vars))
{
$this->init($vars);
}
}
function init($vars)
{ {
/* _debug_array(mcrypt_list_algorithms()); */ /* _debug_array(mcrypt_list_algorithms()); */
$key = $vars[0]; $key = $vars[0];
$iv = $vars[1]; $iv = $vars[1];
if ($GLOBALS['phpgw_info']['server']['mcrypt_enabled'] && extension_loaded('mcrypt')) if ($GLOBALS['phpgw_info']['server']['mcrypt_enabled'] && extension_loaded('mcrypt'))
{ {
if($GLOBALS['phpgw_info']['server']['mcrypt_algo']) if($GLOBALS['phpgw_info']['server']['mcrypt_algo'])
@ -127,7 +134,7 @@
echo '<br>' . time() . ' crypto->encrypt() unencrypted data: ---->>>>' . $data . "\n"; echo '<br>' . time() . ' crypto->encrypt() unencrypted data: ---->>>>' . $data . "\n";
} }
if(gettype($data) == 'array' || gettype($data) == 'object') if(is_array($data) || is_object($data))
{ {
if($this->debug) if($this->debug)
{ {

147
phpgwapi/inc/class.sessions.inc.php
View File

@ -39,6 +39,9 @@
var $session_flags; var $session_flags;
var $sessionid; var $sessionid;
var $kp3; var $kp3;
var $key;
var $iv;
var $data; var $data;
var $db; var $db;
var $db2; var $db2;
@ -56,6 +59,9 @@
$this->db2 = $GLOBALS['phpgw']->db; $this->db2 = $GLOBALS['phpgw']->db;
$this->sessionid = (isset($GLOBALS['HTTP_GET_VARS']['sessionid'])?$GLOBALS['HTTP_GET_VARS']['sessionid']:(isset($GLOBALS['HTTP_COOKIE_VARS']['sessionid'])?$GLOBALS['HTTP_COOKIE_VARS']['sessionid']:'')); $this->sessionid = (isset($GLOBALS['HTTP_GET_VARS']['sessionid'])?$GLOBALS['HTTP_GET_VARS']['sessionid']:(isset($GLOBALS['HTTP_COOKIE_VARS']['sessionid'])?$GLOBALS['HTTP_COOKIE_VARS']['sessionid']:''));
$this->kp3 = (isset($GLOBALS['HTTP_GET_VARS']['kp3'])?$GLOBALS['HTTP_GET_VARS']['kp3']:(isset($GLOBALS['HTTP_COOKIE_VARS']['kp3'])?$GLOBALS['HTTP_COOKIE_VARS']['kp3']:'')); $this->kp3 = (isset($GLOBALS['HTTP_GET_VARS']['kp3'])?$GLOBALS['HTTP_GET_VARS']['kp3']:(isset($GLOBALS['HTTP_COOKIE_VARS']['kp3'])?$GLOBALS['HTTP_COOKIE_VARS']['kp3']:''));
/* Create the crypto object */
$GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto');
} }
function DONTlist_methods($_type) function DONTlist_methods($_type)
@ -121,14 +127,7 @@
$this->sessionid = $sessionid; $this->sessionid = $sessionid;
$this->kp3 = $kp3; $this->kp3 = $kp3;
$GLOBALS['phpgw']->common->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); $db->query("SELECT * FROM phpgw_sessions WHERE session_id='" . $this->sessionid . "'",__LINE__,__FILE__);
$GLOBALS['phpgw']->common->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$cryptovars[0] = $GLOBALS['phpgw']->common->key;
$cryptovars[1] = $GLOBALS['phpgw']->common->iv;
$GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto', $cryptovars);
$db->query("select * from phpgw_sessions where session_id='" . $this->sessionid . "'",__LINE__,__FILE__);
$db->next_record(); $db->next_record();
$this->session_flags = $db->f('session_flags'); $this->session_flags = $db->f('session_flags');
@ -180,6 +179,11 @@
return False; return False;
} }
/* init the crypto object before appsession call below */
$this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv));
$GLOBALS['phpgw_info']['user'] = $this->user; $GLOBALS['phpgw_info']['user'] = $this->user;
$GLOBALS['phpgw_info']['hooks'] = $this->hooks; $GLOBALS['phpgw_info']['hooks'] = $this->hooks;
@ -200,6 +204,11 @@
$GLOBALS['phpgw']->log->commit(); $GLOBALS['phpgw']->log->commit();
} }
if(is_object($GLOBALS['phpgw']->crypto))
{
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
return False; return False;
} }
@ -220,6 +229,11 @@
$GLOBALS['phpgw']->log->commit(); $GLOBALS['phpgw']->log->commit();
} }
if(is_object($GLOBALS['phpgw']->crypto))
{
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
return False; return False;
} }
} }
@ -242,6 +256,11 @@
$GLOBALS['phpgw']->log->commit(); $GLOBALS['phpgw']->log->commit();
} }
if(is_object($GLOBALS['phpgw']->crypto))
{
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
return False; return False;
} }
else else
@ -256,11 +275,11 @@
// If you plan on using the cron apps, please remove the following lines. // If you plan on using the cron apps, please remove the following lines.
// I am going to make this a config option durring 0.9.11, instead of an application (jengo) // I am going to make this a config option durring 0.9.11, instead of an application (jengo)
$GLOBALS['phpgw']->db->query("delete from phpgw_sessions where session_dla <= '" . (time() - 7200) $GLOBALS['phpgw']->db->query("DELETE FROM phpgw_sessions WHERE session_dla <= '" . (time() - 7200)
. "' and session_flags !='A'",__LINE__,__FILE__); . "' AND session_flags !='A'",__LINE__,__FILE__);
// This is set a little higher, we don't want to kill session data for anonymous sessions. // This is set a little higher, we don't want to kill session data for anonymous sessions.
$GLOBALS['phpgw']->db->query("delete from phpgw_app_sessions where session_dla <= '" . (time() - 86400) $GLOBALS['phpgw']->db->query("DELETE FROM phpgw_app_sessions WHERE session_dla <= '" . (time() - 86400)
. "'",__LINE__,__FILE__); . "'",__LINE__,__FILE__);
} }
@ -316,14 +335,8 @@
$GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id;
$GLOBALS['phpgw']->accounts->accounts($this->account_id); $GLOBALS['phpgw']->accounts->accounts($this->account_id);
$this->sessionid = md5($GLOBALS['phpgw']->common->randomstring(10)); $this->sessionid = md5($GLOBALS['phpgw']->common->randomstring(10));
$this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15)); $this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15));
$GLOBALS['phpgw']->common->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$GLOBALS['phpgw']->common->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$cryptovars[0] = $GLOBALS['phpgw']->common->key;
$cryptovars[1] = $GLOBALS['phpgw']->common->iv;
$GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto', $cryptovars);
if ($GLOBALS['phpgw_info']['server']['usecookies']) if ($GLOBALS['phpgw_info']['server']['usecookies'])
{ {
@ -333,13 +346,13 @@
Setcookie('last_domain',$this->account_domain,$now+1209600); Setcookie('last_domain',$this->account_domain,$now+1209600);
if ($this->account_domain == $GLOBALS['phpgw_info']['server']['default_domain']) if ($this->account_domain == $GLOBALS['phpgw_info']['server']['default_domain'])
{ {
Setcookie('last_loginid', $this->account_lid ,$now+1209600); // For 2 weeks Setcookie('last_loginid', $this->account_lid ,$now+1209600); /* For 2 weeks */
} }
else else
{ {
Setcookie('last_loginid', $login ,$now+1209600); // For 2 weeks Setcookie('last_loginid', $login ,$now+1209600); /* For 2 weeks */
} }
unset ($GLOBALS['phpgw_info']['server']['default_domain']); // we kill this for security reasons unset($GLOBALS['phpgw_info']['server']['default_domain']); /* we kill this for security reasons */
} }
$this->read_repositories(False); $this->read_repositories(False);
@ -359,6 +372,11 @@
return False; return False;
} }
/* init the crypto object */
$this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv));
$GLOBALS['phpgw_info']['user'] = $this->user; $GLOBALS['phpgw_info']['user'] = $this->user;
$GLOBALS['phpgw_info']['hooks'] = $this->hooks; $GLOBALS['phpgw_info']['hooks'] = $this->hooks;
@ -372,16 +390,16 @@
$session_flags = 'N'; $session_flags = 'N';
} }
$user_ip = $this->getuser_ip(); $user_ip = $this->getuser_ip();
$GLOBALS['phpgw']->db->transaction_begin(); $GLOBALS['phpgw']->db->transaction_begin();
$GLOBALS['phpgw']->db->query("insert into phpgw_sessions values ('" . $this->sessionid $GLOBALS['phpgw']->db->query("INSERT INTO phpgw_sessions VALUES ('" . $this->sessionid
. "','".$login."','" . $user_ip . "','" . "','".$login."','" . $user_ip . "','"
. $now . "','" . $now . "','" . $GLOBALS['PHP_SELF'] . "','" . $session_flags . $now . "','" . $now . "','" . $GLOBALS['PHP_SELF'] . "','" . $session_flags
. "')",__LINE__,__FILE__); . "')",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->query('insert into phpgw_access_log(sessionid,loginid,ip,li,lo,account_id) ' $GLOBALS['phpgw']->db->query('INSERT INTO phpgw_access_log(sessionid,loginid,ip,li,lo,account_id) '
." values ('" . $this->sessionid . "','" . "$login','" . $user_ip . "',".$now.",''," . $this->account_id . ")",__LINE__,__FILE__); ." VALUES ('" . $this->sessionid . "','" . "$login','" . $user_ip . "',".$now.",''," . $this->account_id . ")",__LINE__,__FILE__);
$this->appsession('account_previous_login','phpgwapi',$GLOBALS['phpgw']->auth->previous_login); $this->appsession('account_previous_login','phpgwapi',$GLOBALS['phpgw']->auth->previous_login);
$GLOBALS['phpgw']->auth->update_lastlogin($this->account_id,$user_ip); $GLOBALS['phpgw']->auth->update_lastlogin($this->account_id,$user_ip);
@ -398,14 +416,7 @@
$this->sessionid = $sessionid; $this->sessionid = $sessionid;
$this->kp3 = $kp3; $this->kp3 = $kp3;
$GLOBALS['phpgw']->common->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); $db->query("SELECT * FROM phpgw_sessions WHERE session_id='" . $this->sessionid . "'",__LINE__,__FILE__);
$GLOBALS['phpgw']->common->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$cryptovars[0] = $GLOBALS['phpgw']->common->key;
$cryptovars[1] = $GLOBALS['phpgw']->common->iv;
$GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto', $cryptovars);
$db->query("select * from phpgw_sessions where session_id='" . $this->sessionid . "'",__LINE__,__FILE__);
$db->next_record(); $db->next_record();
$this->session_flags = $db->f('session_flags'); $this->session_flags = $db->f('session_flags');
@ -423,12 +434,15 @@
} }
$GLOBALS['phpgw_info']['user']['kp3'] = $this->kp3; $GLOBALS['phpgw_info']['user']['kp3'] = $this->kp3;
$phpgw_info_flags = $GLOBALS['phpgw_info']['flags']; $phpgw_info_flags = $GLOBALS['phpgw_info']['flags'];
$GLOBALS['phpgw_info']['flags'] = $phpgw_info_flags; $GLOBALS['phpgw_info']['flags'] = $phpgw_info_flags;
$userid_array = explode('@',$db->f('session_lid')); $userid_array = explode('@',$db->f('session_lid'));
// Thinking this might solve auth_http problems // Thinking this might solve auth_http problems
if(@$userid_array[1] == '') { $userid_array[1] = 'default'; } if(@$userid_array[1] == '')
{
$userid_array[1] = 'default';
}
$this->account_lid = $userid_array[1]; $this->account_lid = $userid_array[1];
$this->update_dla(); $this->update_dla();
$this->account_id = $GLOBALS['phpgw']->interserver->name2id($this->account_lid); $this->account_id = $GLOBALS['phpgw']->interserver->name2id($this->account_lid);
@ -442,10 +456,15 @@
$this->read_repositories(@$GLOBALS['phpgw_info']['server']['cache_phpgw_info']); $this->read_repositories(@$GLOBALS['phpgw_info']['server']['cache_phpgw_info']);
/* init the crypto object before appsession call below */
$this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv));
$GLOBALS['phpgw_info']['user'] = $this->user; $GLOBALS['phpgw_info']['user'] = $this->user;
$GLOBALS['phpgw_info']['hooks'] = $this->hooks; $GLOBALS['phpgw_info']['hooks'] = $this->hooks;
$GLOBALS['phpgw_info']['user']['session_ip'] = $db->f('session_ip'); $GLOBALS['phpgw_info']['user']['session_ip'] = $db->f('session_ip');
$GLOBALS['phpgw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi')); $GLOBALS['phpgw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi'));
if ($userid_array[1] != $GLOBALS['phpgw_info']['user']['domain']) if ($userid_array[1] != $GLOBALS['phpgw_info']['user']['domain'])
@ -462,6 +481,11 @@
$GLOBALS['phpgw']->log->commit(); $GLOBALS['phpgw']->log->commit();
} }
if(is_object($GLOBALS['phpgw']->crypto))
{
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
return False; return False;
} }
@ -482,6 +506,11 @@
$GLOBALS['phpgw']->log->commit(); $GLOBALS['phpgw']->log->commit();
} }
if(is_object($GLOBALS['phpgw']->crypto))
{
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
return False; return False;
} }
} }
@ -504,6 +533,11 @@
$GLOBALS['phpgw']->log->commit(); $GLOBALS['phpgw']->log->commit();
} }
if(is_object($GLOBALS['phpgw']->crypto))
{
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
return False; return False;
} }
else else
@ -549,14 +583,13 @@
$GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id;
$GLOBALS['phpgw']->interserver->serverid = $this->account_id; $GLOBALS['phpgw']->interserver->serverid = $this->account_id;
$this->sessionid = md5($GLOBALS['phpgw']->common->randomstring(10)); $this->sessionid = md5($GLOBALS['phpgw']->common->randomstring(10));
$this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15)); $this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15));
$GLOBALS['phpgw']->common->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); /* re-init the crypto object */
$GLOBALS['phpgw']->common->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; $this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$cryptovars[0] = $GLOBALS['phpgw']->common->key; $this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$cryptovars[1] = $GLOBALS['phpgw']->common->iv; $GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv));
$GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto', $cryptovars);
//$this->read_repositories(False); //$this->read_repositories(False);
@ -566,7 +599,7 @@
$this->appsession('password','phpgwapi',base64_encode($this->passwd)); $this->appsession('password','phpgwapi',base64_encode($this->passwd));
$session_flags = 'S'; $session_flags = 'S';
$user_ip = $this->getuser_ip(); $user_ip = $this->getuser_ip();
$GLOBALS['phpgw']->db->transaction_begin(); $GLOBALS['phpgw']->db->transaction_begin();
$GLOBALS['phpgw']->db->query("INSERT INTO phpgw_sessions VALUES ('" . $this->sessionid $GLOBALS['phpgw']->db->query("INSERT INTO phpgw_sessions VALUES ('" . $this->sessionid
@ -597,11 +630,11 @@
$action = $PHP_SELF; $action = $PHP_SELF;
} }
$GLOBALS['phpgw']->db->query("update phpgw_sessions set session_dla='" . time() . "', session_action='$action' " $GLOBALS['phpgw']->db->query("UPDATE phpgw_sessions SET session_dla='" . time() . "', session_action='$action' "
. "where session_id='" . $this->sessionid."'",__LINE__,__FILE__); . "WHERE session_id='" . $this->sessionid."'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->query("update phpgw_app_sessions set session_dla='" . time() . "' " $GLOBALS['phpgw']->db->query("UPDATE phpgw_app_sessions SET session_dla='" . time() . "' "
. "where sessionid='" . $this->sessionid."'",__LINE__,__FILE__); . "WHERE sessionid='" . $this->sessionid."'",__LINE__,__FILE__);
return True; return True;
} }
@ -613,11 +646,11 @@
} }
$GLOBALS['phpgw']->db->transaction_begin(); $GLOBALS['phpgw']->db->transaction_begin();
$GLOBALS['phpgw']->db->query("delete from phpgw_sessions where session_id='" $GLOBALS['phpgw']->db->query("DELETE FROM phpgw_sessions WHERE session_id='"
. $sessionid . "'",__LINE__,__FILE__); . $sessionid . "'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->query("delete from phpgw_app_sessions where sessionid='" $GLOBALS['phpgw']->db->query("DELETE FROM phpgw_app_sessions WHERE sessionid='"
. $sessionid . "'",__LINE__,__FILE__); . $sessionid . "'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->query("update phpgw_access_log set lo='" . time() . "' where sessionid='" $GLOBALS['phpgw']->db->query("UPDATE phpgw_access_log SET lo='" . time() . "' WHERE sessionid='"
. $sessionid . "'",__LINE__,__FILE__); . $sessionid . "'",__LINE__,__FILE__);
// Only do the following, if where working with the current user // Only do the following, if where working with the current user
@ -691,7 +724,7 @@
$account_id = get_account_id($accountid,$this->account_id); $account_id = get_account_id($accountid,$this->account_id);
$query = "DELETE FROM phpgw_app_sessions WHERE loginid = '".$account_id."'" $query = "DELETE FROM phpgw_app_sessions WHERE loginid = '".$account_id."'"
." AND app = 'phpgwapi' and location = 'phpgw_info_cache'"; ." AND app = 'phpgwapi' AND location = 'phpgw_info_cache'";
$GLOBALS['phpgw']->db->query($query); $GLOBALS['phpgw']->db->query($query);
} }
@ -734,10 +767,10 @@
// Changed by milosch 2001 Dec 20 // Changed by milosch 2001 Dec 20
// do not stripslashes here unless this proves to be a problem. // do not stripslashes here unless this proves to be a problem.
// Changed by milosch 2001 Dec 25 // Changed by milosch 2001 Dec 25
// do not decrypt and return if no data (decrypt returning garbage) /* do not decrypt and return if no data (decrypt returning garbage) */
if($data) if($data)
{ {
$data = $GLOBALS['phpgw']->common->decrypt($data); $data = $GLOBALS['phpgw']->crypto->decrypt($data);
//echo 'appsession returning: '; _debug_array($data); //echo 'appsession returning: '; _debug_array($data);
return $data; return $data;
} }
@ -749,8 +782,6 @@
. " AND app = '".$appname."' AND location = '".$location."'",__LINE__,__FILE__); . " AND app = '".$appname."' AND location = '".$location."'",__LINE__,__FILE__);
$encrypteddata = $GLOBALS['phpgw']->crypto->encrypt($data); $encrypteddata = $GLOBALS['phpgw']->crypto->encrypt($data);
// Added by milosch 2001 Dec 20
// Use db_addslashes to slash this
$encrypteddata = $GLOBALS['phpgw']->db->db_addslashes($encrypteddata); $encrypteddata = $GLOBALS['phpgw']->db->db_addslashes($encrypteddata);
if ($GLOBALS['phpgw']->db->num_rows()==0) if ($GLOBALS['phpgw']->db->num_rows()==0)
@ -837,8 +868,6 @@
\*************************************************************************/ \*************************************************************************/
function link($url, $extravars = '') function link($url, $extravars = '')
{ {
global $usercookie;
$kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3']; $kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3'];
if (! $kp3) if (! $kp3)