extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-07 16:44:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix for BUG 1167158. Now setting cookie as encoded password vs. plaintext.

Browse Source
This commit is contained in:
Miles Lott 2005-05-16 00:42:05 +00:00
parent 5e51a5d913
commit 7c5b4d93c0
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
setup/inc/class.setup.inc.php
View File

@ -204,7 +204,7 @@
$GLOBALS['egw_info']['server']['header_admin_password']))
{
$this->set_cookie('HeaderUser',"$FormUser",$expire,'/');
$this->set_cookie('HeaderPW',"$FormPW",$expire,'/');
$this->set_cookie('HeaderPW',md5("$FormPW"),$expire,'/');
$this->set_cookie('ConfigLang',"$ConfigLang",$expire,'/');
return True;
}
@ -223,7 +223,7 @@
$GLOBALS['egw_info']['server']['header_admin_password']))
{
$this->set_cookie('HeaderUser',"$HeaderUser",$expire,'/');
$this->set_cookie('HeaderPW',"$HeaderPW",$expire,'/');
$this->set_cookie('HeaderPW',md5("$HeaderPW"),$expire,'/');
$this->set_cookie('ConfigLang',"$ConfigLang",$expire,'/');
return True;
}
@ -245,7 +245,7 @@
@$GLOBALS['egw_domain'][$FormDomain]['config_passwd']))
{
$this->set_cookie('ConfigUser',"$FormUser",$expire,'/');
$this->set_cookie('ConfigPW',"$FormPW",$expire,'/');
$this->set_cookie('ConfigPW',md5("$FormPW"),$expire,'/');
$this->set_cookie('ConfigDomain',"$FormDomain",$expire,'/');
/* Set this now since the cookie will not be available until the next page load */
$this->ConfigDomain = "$FormDomain";
@ -267,7 +267,7 @@
@$GLOBALS['egw_domain'][$this->ConfigDomain]['config_passwd']))
{
$this->set_cookie('ConfigUser',"$ConfigUser",$expire,'/');
$this->set_cookie('ConfigPW',"$ConfigPW",$expire,'/');
$this->set_cookie('ConfigPW',md5("$ConfigPW"),$expire,'/');
$this->set_cookie('ConfigDomain',$this->ConfigDomain,$expire,'/');
$this->set_cookie('ConfigLang',"$ConfigLang",$expire,'/');
return True;
@ -294,8 +294,14 @@
}
if (preg_match('/^[0-9a-f]{32}$/',$conf_pw)) // $conf_pw is a md5
{
$pw = md5($pw);
/* Verify that $pw is not already encoded as md5 (new cookie 5-15-2005 - Milosch) */
if(!preg_match('/^[0-9a-f]{32}$/',$pw))
{
/* No? Make it so. */
$pw = md5($pw);
}
}
return $pw == $conf_pw;
}