From 19a79c97350493600740a15caa844a2f716700cf Mon Sep 17 00:00:00 2001 From: jengo Date: Fri, 29 Dec 2000 09:56:04 +0000 Subject: [PATCH] Working on fixing serialize() with encryption, seems to work on 3.0.16 --- phpgwapi/inc/phpgw_accounts_shared.inc.php | 10 +++++++--- phpgwapi/inc/phpgw_crypto.inc.php | 3 +-- phpgwapi/inc/phpgw_session.inc.php | 12 +++++++----- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/phpgwapi/inc/phpgw_accounts_shared.inc.php b/phpgwapi/inc/phpgw_accounts_shared.inc.php index 5cd8fa93ad..e4ff0dd32f 100644 --- a/phpgwapi/inc/phpgw_accounts_shared.inc.php +++ b/phpgwapi/inc/phpgw_accounts_shared.inc.php @@ -53,9 +53,13 @@ $phpgw_info_temp["user"]["preferences"] = $phpgw_info["user"]["preferences"]; $phpgw_info_temp["user"]["kp3"] = ""; // We don't want it anywhere in the // database for security. - - $db->query("update phpgw_sessions set session_info='" . $phpgw->crypto->encrypt($phpgw_info_temp) - . "' where session_id='" . $phpgw_info["user"]["sessionid"] . "'",__LINE__,__FILE__); + if ($PHP_VERSION < "4.0.0") { + $info_string = addslashes($phpgw->crypto->encrypt($phpgw_info_temp)); + } else { + $info_string = $phpgw->crypto->encrypt($phpgw_info_temp); + } + $db->query("update phpgw_sessions set session_info='$info_string' where session_id='" + . $phpgw_info["user"]["sessionid"] . "'",__LINE__,__FILE__); } function add_app($appname,$rebuild = False) diff --git a/phpgwapi/inc/phpgw_crypto.inc.php b/phpgwapi/inc/phpgw_crypto.inc.php index aefbf7492a..0572a7999d 100644 --- a/phpgwapi/inc/phpgw_crypto.inc.php +++ b/phpgwapi/inc/phpgw_crypto.inc.php @@ -89,9 +89,8 @@ $encrypteddata = mcrypt_generic($this->td, $data); } } - $encrypteddata = bin2hex($encrypteddata); - return $encrypteddata; + return $encrypteddata; } else { // No mcrypt == insecure ! return $data; } diff --git a/phpgwapi/inc/phpgw_session.inc.php b/phpgwapi/inc/phpgw_session.inc.php index 10a9270f2b..81483dedc0 100644 --- a/phpgwapi/inc/phpgw_session.inc.php +++ b/phpgwapi/inc/phpgw_session.inc.php @@ -32,9 +32,10 @@ $db = $phpgw->db; $db2 = $phpgw->db; - $phpgw->common->key = $kp3; - $phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"]; - $phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv); + // PHP 3 complains that these are not defined when the already are defined. + @$phpgw->common->key = $kp3; + @$phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"]; + $phpgw->crypto = new crypto(@$phpgw->common->key,@$phpgw->common->iv); $db->query("select * from phpgw_sessions where session_id='$sessionid'",__LINE__,__FILE__); $db->next_record(); @@ -77,8 +78,9 @@ if (! $phpgw_info["user"]["userid"] ) { return False; } else { - $phpgw->preferences->preferences = $phpgw_info["user"]["preferences"]; - $phpgw->preferences->account_id = $phpgw_info["user"]["account_id"]; + // PHP 3 complains that these are not defined when the already are defined. + @$phpgw->preferences->preferences = $phpgw_info["user"]["preferences"]; + @$phpgw->preferences->account_id = $phpgw_info["user"]["account_id"]; return True; } }