extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-06-25 12:21:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Working on fixing serialize() with encryption, seems to work on 3.0.16

Browse Source
This commit is contained in:
jengo 2000-12-29 09:56:04 +00:00
parent 0c5e127b53
commit 19a79c9735
3 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
phpgwapi/inc/phpgw_accounts_shared.inc.php
View File

@ -53,9 +53,13 @@
$phpgw_info_temp["user"]["preferences"] = $phpgw_info["user"]["preferences"]; $phpgw_info_temp["user"]["preferences"] = $phpgw_info["user"]["preferences"];
$phpgw_info_temp["user"]["kp3"] = ""; // We don't want it anywhere in the $phpgw_info_temp["user"]["kp3"] = ""; // We don't want it anywhere in the
// database for security. // database for security.
if ($PHP_VERSION < "4.0.0") {
$db->query("update phpgw_sessions set session_info='" . $phpgw->crypto->encrypt($phpgw_info_temp) $info_string = addslashes($phpgw->crypto->encrypt($phpgw_info_temp));
. "' where session_id='" . $phpgw_info["user"]["sessionid"] . "'",__LINE__,__FILE__); } else {
$info_string = $phpgw->crypto->encrypt($phpgw_info_temp);
}
$db->query("update phpgw_sessions set session_info='$info_string' where session_id='"
. $phpgw_info["user"]["sessionid"] . "'",__LINE__,__FILE__);
} }
function add_app($appname,$rebuild = False) function add_app($appname,$rebuild = False)

1
phpgwapi/inc/phpgw_crypto.inc.php
View File

@ -89,7 +89,6 @@
$encrypteddata = mcrypt_generic($this->td, $data); $encrypteddata = mcrypt_generic($this->td, $data);
} }
} }
$encrypteddata = bin2hex($encrypteddata); $encrypteddata = bin2hex($encrypteddata);
return $encrypteddata; return $encrypteddata;
} else { // No mcrypt == insecure ! } else { // No mcrypt == insecure !

12
phpgwapi/inc/phpgw_session.inc.php
View File

@ -32,9 +32,10 @@
$db = $phpgw->db; $db = $phpgw->db;
$db2 = $phpgw->db; $db2 = $phpgw->db;
$phpgw->common->key = $kp3; // PHP 3 complains that these are not defined when the already are defined.
$phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"]; @$phpgw->common->key = $kp3;
$phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv); @$phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"];
$phpgw->crypto = new crypto(@$phpgw->common->key,@$phpgw->common->iv);
$db->query("select * from phpgw_sessions where session_id='$sessionid'",__LINE__,__FILE__); $db->query("select * from phpgw_sessions where session_id='$sessionid'",__LINE__,__FILE__);
$db->next_record(); $db->next_record();
@ -77,8 +78,9 @@
if (! $phpgw_info["user"]["userid"] ) { if (! $phpgw_info["user"]["userid"] ) {
return False; return False;
} else { } else {
$phpgw->preferences->preferences = $phpgw_info["user"]["preferences"]; // PHP 3 complains that these are not defined when the already are defined.
$phpgw->preferences->account_id = $phpgw_info["user"]["account_id"]; @$phpgw->preferences->preferences = $phpgw_info["user"]["preferences"];
@$phpgw->preferences->account_id = $phpgw_info["user"]["account_id"];
return True; return True;
} }
} }