extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-06 18:22:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Started converting the code to encrypt the session_info field, and it now uses kp3 properly. This needs to be tested

Browse Source
This commit is contained in:
jengo 2000-12-29 09:00:52 +00:00
parent 4985bb1605
commit 0c5e127b53
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpgwapi/inc/phpgw_accounts_shared.inc.php
View File

@ -54,7 +54,7 @@
$phpgw_info_temp["user"]["kp3"] = ""; // We don't want it anywhere in the
// database for security.
$db->query("update phpgw_sessions set session_info='" . addslashes(serialize($phpgw_info_temp))
$db->query("update phpgw_sessions set session_info='" . $phpgw->crypto->encrypt($phpgw_info_temp)
. "' where session_id='" . $phpgw_info["user"]["sessionid"] . "'",__LINE__,__FILE__);
}

10
phpgwapi/inc/phpgw_session.inc.php
View File

@ -32,6 +32,10 @@
$db = $phpgw->db;
$db2 = $phpgw->db;
$phpgw->common->key = $kp3;
$phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"];
$phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv);
$db->query("select * from phpgw_sessions where session_id='$sessionid'",__LINE__,__FILE__);
$db->next_record();
@ -53,7 +57,7 @@
$phpgw_info["user"]["kp3"] = $kp3;
$phpgw_info_flags = $phpgw_info["flags"];
$phpgw_info = unserialize($db->f("session_info"));
$phpgw_info = $phpgw->crypto->decrypt($db->f("session_info"));
$phpgw_info["flags"] = $phpgw_info_flags;
@ -113,11 +117,11 @@
$phpgw_info["user"]["sessionid"] = md5($phpgw->common->randomstring(10));
$phpgw_info["user"]["kp3"] = md5($phpgw->common->randomstring(15));
$phpgw->common->key = $phpgw_info["server"]["encryptkey"];
$phpgw->common->key = $phpgw_info["user"]["kp3"];
$phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"];
$phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv);
$phpgw_info["user"]["passwd"] = $phpgw->common->encrypt($passwd);
//$phpgw_info["user"]["passwd"] = $phpgw->common->encrypt($passwd);
if ($phpgw_info["server"]["usecookies"]) {
Setcookie("sessionid",$phpgw_info["user"]["sessionid"]);