extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-08 00:54:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Changes for hopefully better handling of the global crypto object; remove

Browse Source 
calls to common class functions and setting of common class vars;
This commit is contained in:
Miles Lott 2001-12-27 15:48:42 +00:00
parent 297f386c85
commit 06dc27229c
3 changed files with 122 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
phpgwapi/inc/class.common.inc.php
View File

@ -41,9 +41,8 @@
*/
class common
{
var $crypto;
var $debug_info; // An array with debugging info from the API
var $debug_info; // An array with debugging info from the API
/*!
@function cmp_version
@abstract Compares two Version strings and return 1 if str2 is newest (bigger version number) than str1
@ -906,11 +905,11 @@
include(PHPGW_API_INC . '/footer.inc.php');
}
// Clean up mcrypt
if (@is_object($this->crypto))
/* Clean up mcrypt */
if (@is_object($GLOBALS['phpgw']->crypto))
{
$this->crypto->cleanup();
unset($this->crypto);
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
}
@ -919,6 +918,7 @@
$len = strlen($data);
return pack('H' . $len, $data);
}
/*!
@function encrypt
@abstract encrypt data passed to the function
@ -937,6 +937,7 @@
{
return $GLOBALS['phpgw']->crypto->decrypt($data);
}
/*!
@function des_cryptpasswd
@abstract des encrypt a password
@ -960,10 +961,9 @@
function md5_cryptpasswd($userpass, $random)
{
$bsalt = '$1$';
$esalt = '$'; // patch
$esalt = '$';
$lcrypt = '{crypt}';
// $modsalt = sprintf('%s%s', $bsalt, $random);
$modsalt = sprintf('%s%s%s', $bsalt, $random, $esalt); // patch
$modsalt = sprintf('%s%s%s', $bsalt, $random, $esalt);
$password = crypt($userpass, $modsalt);
$ldappassword = sprintf('%s%s', $lcrypt, $password);
@ -984,8 +984,7 @@
}
if ($GLOBALS['phpgw_info']['server']['ldap_encryption_type'] == 'MD5')
{
//$salt = $this->randomstring(9);
$salt = $this->randomstring(8); // patch
$salt = $this->randomstring(8);
$e_password = $this->md5_cryptpasswd($password, $salt);
}
return $e_password;
@ -1059,9 +1058,9 @@
{
include($f);
}
} // if
} // while
} // if
}
}
}
else
{
reset ($GLOBALS['phpgw_info']['user']['apps']);
@ -1075,10 +1074,10 @@
{
include($f);
}
} // if
} // while
} // if $no_permission_check
} // function
}
}
}
}
/*!
@function hook_single
@ -1121,7 +1120,7 @@
while ($permission = each($GLOBALS['phpgw_info']['user']['apps']))
{
$f = PHPGW_SERVER_ROOT . $SEP . $permission[0] . $SEP . 'inc' . $SEP . 'hook_' . $location . '.inc.php';
if (file_exists($f))
{
++$count;
@ -1168,6 +1167,7 @@
}
return date($format,$t);
}
/*!
@function dateformatorder
@abstract
@ -1195,6 +1195,7 @@
return (implode(' ',$dlarr));
}
}
/*!
@function formattime
@abstract format the time takes settings from user preferences
@ -1240,29 +1241,6 @@
return "$h12:$min$sec$ampm";
}
/* If the above still works, please remove this */
function old_formattime($hour,$min,$sec='')
{
$h12 = $hour;
if ($GLOBALS['phpgw_info']['user']['preferences']['common']['timeformat'] == '12') {
if ($hour >= 12)
$ampm = ' pm';
else
$ampm = ' am';
$h12 %= 12;
if ($h12 == 0 && $hour)
$h12 = 12;
if ($h12 == 0 && ! $hour)
$h12 = 0;
} else
$h12 = $hour;
if ($sec)
$sec = ":$sec";
return "$h12:$min$sec$ampm";
}
// This is not the best place for it, but it needs to be shared bewteen Aeromail and SM
/*!
@function get_email_passwd_ex
@ -1300,7 +1278,6 @@
return $email_passwd;
}
*/
// This is not the best place for it, but it needs to be shared bewteen Aeromail and SM
/*!
@ -1308,7 +1285,7 @@
@abstract create email preferences
@discussion This is not the best place for it, but it needs to be shared between Aeromail and SM
@param $prefs
@param $account_id -optional defaults to : phpgw_info['user']['account_id']
@param $account_id -optional defaults to : phpgw_info['user']['account_id']
*/
function create_emailpreferences($prefs='',$accountid='')
{
@ -1324,7 +1301,7 @@
$do_free_me = True;
}
// this sets the prederences into the phpgw_info structure
// this sets the preferences into the phpgw_info structure
$GLOBALS['phpgw']->msg->create_email_preferences();
// cleanup and return
@ -1410,8 +1387,6 @@
}
*/
// This will be moved into the applications area.
/*!
@function check_code

15
phpgwapi/inc/class.crypto.inc.php
View File

@ -34,15 +34,22 @@
var $td = False; /* Handle for mcrypt */
var $iv = '';
var $key = '';
var $debug = True;
var $debug = False;
function crypto($vars)
function crypto($vars='')
{
if(is_array($vars))
{
$this->init($vars);
}
}
function init($vars)
{
/* _debug_array(mcrypt_list_algorithms()); */
$key = $vars[0];
$iv = $vars[1];
if ($GLOBALS['phpgw_info']['server']['mcrypt_enabled'] && extension_loaded('mcrypt'))
{
if($GLOBALS['phpgw_info']['server']['mcrypt_algo'])
@ -127,7 +134,7 @@
echo '<br>' . time() . ' crypto->encrypt() unencrypted data: ---->>>>' . $data . "\n";
}
if(gettype($data) == 'array' || gettype($data) == 'object')
if(is_array($data) || is_object($data))
{
if($this->debug)
{

147
phpgwapi/inc/class.sessions.inc.php
View File

@ -39,6 +39,9 @@
var $session_flags;
var $sessionid;
var $kp3;
var $key;
var $iv;
var $data;
var $db;
var $db2;
@ -56,6 +59,9 @@
$this->db2 = $GLOBALS['phpgw']->db;
$this->sessionid = (isset($GLOBALS['HTTP_GET_VARS']['sessionid'])?$GLOBALS['HTTP_GET_VARS']['sessionid']:(isset($GLOBALS['HTTP_COOKIE_VARS']['sessionid'])?$GLOBALS['HTTP_COOKIE_VARS']['sessionid']:''));
$this->kp3 = (isset($GLOBALS['HTTP_GET_VARS']['kp3'])?$GLOBALS['HTTP_GET_VARS']['kp3']:(isset($GLOBALS['HTTP_COOKIE_VARS']['kp3'])?$GLOBALS['HTTP_COOKIE_VARS']['kp3']:''));
/* Create the crypto object */
$GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto');
}
function DONTlist_methods($_type)
@ -121,14 +127,7 @@
$this->sessionid = $sessionid;
$this->kp3 = $kp3;
$GLOBALS['phpgw']->common->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$GLOBALS['phpgw']->common->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$cryptovars[0] = $GLOBALS['phpgw']->common->key;
$cryptovars[1] = $GLOBALS['phpgw']->common->iv;
$GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto', $cryptovars);
$db->query("select * from phpgw_sessions where session_id='" . $this->sessionid . "'",__LINE__,__FILE__);
$db->query("SELECT * FROM phpgw_sessions WHERE session_id='" . $this->sessionid . "'",__LINE__,__FILE__);
$db->next_record();
$this->session_flags = $db->f('session_flags');
@ -180,6 +179,11 @@
return False;
}
/* init the crypto object before appsession call below */
$this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv));
$GLOBALS['phpgw_info']['user'] = $this->user;
$GLOBALS['phpgw_info']['hooks'] = $this->hooks;
@ -200,6 +204,11 @@
$GLOBALS['phpgw']->log->commit();
}
if(is_object($GLOBALS['phpgw']->crypto))
{
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
return False;
}
@ -220,6 +229,11 @@
$GLOBALS['phpgw']->log->commit();
}
if(is_object($GLOBALS['phpgw']->crypto))
{
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
return False;
}
}
@ -242,6 +256,11 @@
$GLOBALS['phpgw']->log->commit();
}
if(is_object($GLOBALS['phpgw']->crypto))
{
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
return False;
}
else
@ -256,11 +275,11 @@
// If you plan on using the cron apps, please remove the following lines.
// I am going to make this a config option durring 0.9.11, instead of an application (jengo)
$GLOBALS['phpgw']->db->query("delete from phpgw_sessions where session_dla <= '" . (time() - 7200)
. "' and session_flags !='A'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->query("DELETE FROM phpgw_sessions WHERE session_dla <= '" . (time() - 7200)
. "' AND session_flags !='A'",__LINE__,__FILE__);
// This is set a little higher, we don't want to kill session data for anonymous sessions.
$GLOBALS['phpgw']->db->query("delete from phpgw_app_sessions where session_dla <= '" . (time() - 86400)
$GLOBALS['phpgw']->db->query("DELETE FROM phpgw_app_sessions WHERE session_dla <= '" . (time() - 86400)
. "'",__LINE__,__FILE__);
}
@ -316,14 +335,8 @@
$GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id;
$GLOBALS['phpgw']->accounts->accounts($this->account_id);
$this->sessionid = md5($GLOBALS['phpgw']->common->randomstring(10));
$this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15));
$GLOBALS['phpgw']->common->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$GLOBALS['phpgw']->common->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$cryptovars[0] = $GLOBALS['phpgw']->common->key;
$cryptovars[1] = $GLOBALS['phpgw']->common->iv;
$GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto', $cryptovars);
$this->sessionid = md5($GLOBALS['phpgw']->common->randomstring(10));
$this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15));
if ($GLOBALS['phpgw_info']['server']['usecookies'])
{
@ -333,13 +346,13 @@
Setcookie('last_domain',$this->account_domain,$now+1209600);
if ($this->account_domain == $GLOBALS['phpgw_info']['server']['default_domain'])
{
Setcookie('last_loginid', $this->account_lid ,$now+1209600); // For 2 weeks
Setcookie('last_loginid', $this->account_lid ,$now+1209600); /* For 2 weeks */
}
else
{
Setcookie('last_loginid', $login ,$now+1209600); // For 2 weeks
Setcookie('last_loginid', $login ,$now+1209600); /* For 2 weeks */
}
unset ($GLOBALS['phpgw_info']['server']['default_domain']); // we kill this for security reasons
unset($GLOBALS['phpgw_info']['server']['default_domain']); /* we kill this for security reasons */
}
$this->read_repositories(False);
@ -359,6 +372,11 @@
return False;
}
/* init the crypto object */
$this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv));
$GLOBALS['phpgw_info']['user'] = $this->user;
$GLOBALS['phpgw_info']['hooks'] = $this->hooks;
@ -372,16 +390,16 @@
$session_flags = 'N';
}
$user_ip = $this->getuser_ip();
$user_ip = $this->getuser_ip();
$GLOBALS['phpgw']->db->transaction_begin();
$GLOBALS['phpgw']->db->query("insert into phpgw_sessions values ('" . $this->sessionid
$GLOBALS['phpgw']->db->query("INSERT INTO phpgw_sessions VALUES ('" . $this->sessionid
. "','".$login."','" . $user_ip . "','"
. $now . "','" . $now . "','" . $GLOBALS['PHP_SELF'] . "','" . $session_flags
. "')",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->query('insert into phpgw_access_log(sessionid,loginid,ip,li,lo,account_id) '
." values ('" . $this->sessionid . "','" . "$login','" . $user_ip . "',".$now.",''," . $this->account_id . ")",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->query('INSERT INTO phpgw_access_log(sessionid,loginid,ip,li,lo,account_id) '
." VALUES ('" . $this->sessionid . "','" . "$login','" . $user_ip . "',".$now.",''," . $this->account_id . ")",__LINE__,__FILE__);
$this->appsession('account_previous_login','phpgwapi',$GLOBALS['phpgw']->auth->previous_login);
$GLOBALS['phpgw']->auth->update_lastlogin($this->account_id,$user_ip);
@ -398,14 +416,7 @@
$this->sessionid = $sessionid;
$this->kp3 = $kp3;
$GLOBALS['phpgw']->common->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$GLOBALS['phpgw']->common->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$cryptovars[0] = $GLOBALS['phpgw']->common->key;
$cryptovars[1] = $GLOBALS['phpgw']->common->iv;
$GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto', $cryptovars);
$db->query("select * from phpgw_sessions where session_id='" . $this->sessionid . "'",__LINE__,__FILE__);
$db->query("SELECT * FROM phpgw_sessions WHERE session_id='" . $this->sessionid . "'",__LINE__,__FILE__);
$db->next_record();
$this->session_flags = $db->f('session_flags');
@ -423,12 +434,15 @@
}
$GLOBALS['phpgw_info']['user']['kp3'] = $this->kp3;
$phpgw_info_flags = $GLOBALS['phpgw_info']['flags'];
$phpgw_info_flags = $GLOBALS['phpgw_info']['flags'];
$GLOBALS['phpgw_info']['flags'] = $phpgw_info_flags;
$userid_array = explode('@',$db->f('session_lid'));
// Thinking this might solve auth_http problems
if(@$userid_array[1] == '') { $userid_array[1] = 'default'; }
if(@$userid_array[1] == '')
{
$userid_array[1] = 'default';
}
$this->account_lid = $userid_array[1];
$this->update_dla();
$this->account_id = $GLOBALS['phpgw']->interserver->name2id($this->account_lid);
@ -442,10 +456,15 @@
$this->read_repositories(@$GLOBALS['phpgw_info']['server']['cache_phpgw_info']);
/* init the crypto object before appsession call below */
$this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv));
$GLOBALS['phpgw_info']['user'] = $this->user;
$GLOBALS['phpgw_info']['hooks'] = $this->hooks;
$GLOBALS['phpgw_info']['user']['session_ip'] = $db->f('session_ip');
$GLOBALS['phpgw_info']['user']['session_ip'] = $db->f('session_ip');
$GLOBALS['phpgw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi'));
if ($userid_array[1] != $GLOBALS['phpgw_info']['user']['domain'])
@ -462,6 +481,11 @@
$GLOBALS['phpgw']->log->commit();
}
if(is_object($GLOBALS['phpgw']->crypto))
{
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
return False;
}
@ -482,6 +506,11 @@
$GLOBALS['phpgw']->log->commit();
}
if(is_object($GLOBALS['phpgw']->crypto))
{
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
return False;
}
}
@ -504,6 +533,11 @@
$GLOBALS['phpgw']->log->commit();
}
if(is_object($GLOBALS['phpgw']->crypto))
{
$GLOBALS['phpgw']->crypto->cleanup();
unset($GLOBALS['phpgw']->crypto);
}
return False;
}
else
@ -549,14 +583,13 @@
$GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id;
$GLOBALS['phpgw']->interserver->serverid = $this->account_id;
$this->sessionid = md5($GLOBALS['phpgw']->common->randomstring(10));
$this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15));
$this->sessionid = md5($GLOBALS['phpgw']->common->randomstring(10));
$this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15));
$GLOBALS['phpgw']->common->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$GLOBALS['phpgw']->common->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$cryptovars[0] = $GLOBALS['phpgw']->common->key;
$cryptovars[1] = $GLOBALS['phpgw']->common->iv;
$GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto', $cryptovars);
/* re-init the crypto object */
$this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']);
$this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv'];
$GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv));
//$this->read_repositories(False);
@ -566,7 +599,7 @@
$this->appsession('password','phpgwapi',base64_encode($this->passwd));
$session_flags = 'S';
$user_ip = $this->getuser_ip();
$user_ip = $this->getuser_ip();
$GLOBALS['phpgw']->db->transaction_begin();
$GLOBALS['phpgw']->db->query("INSERT INTO phpgw_sessions VALUES ('" . $this->sessionid
@ -597,11 +630,11 @@
$action = $PHP_SELF;
}
$GLOBALS['phpgw']->db->query("update phpgw_sessions set session_dla='" . time() . "', session_action='$action' "
. "where session_id='" . $this->sessionid."'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->query("UPDATE phpgw_sessions SET session_dla='" . time() . "', session_action='$action' "
. "WHERE session_id='" . $this->sessionid."'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->query("update phpgw_app_sessions set session_dla='" . time() . "' "
. "where sessionid='" . $this->sessionid."'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->query("UPDATE phpgw_app_sessions SET session_dla='" . time() . "' "
. "WHERE sessionid='" . $this->sessionid."'",__LINE__,__FILE__);
return True;
}
@ -613,11 +646,11 @@
}
$GLOBALS['phpgw']->db->transaction_begin();
$GLOBALS['phpgw']->db->query("delete from phpgw_sessions where session_id='"
$GLOBALS['phpgw']->db->query("DELETE FROM phpgw_sessions WHERE session_id='"
. $sessionid . "'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->query("delete from phpgw_app_sessions where sessionid='"
$GLOBALS['phpgw']->db->query("DELETE FROM phpgw_app_sessions WHERE sessionid='"
. $sessionid . "'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->query("update phpgw_access_log set lo='" . time() . "' where sessionid='"
$GLOBALS['phpgw']->db->query("UPDATE phpgw_access_log SET lo='" . time() . "' WHERE sessionid='"
. $sessionid . "'",__LINE__,__FILE__);
// Only do the following, if where working with the current user
@ -691,7 +724,7 @@
$account_id = get_account_id($accountid,$this->account_id);
$query = "DELETE FROM phpgw_app_sessions WHERE loginid = '".$account_id."'"
." AND app = 'phpgwapi' and location = 'phpgw_info_cache'";
." AND app = 'phpgwapi' AND location = 'phpgw_info_cache'";
$GLOBALS['phpgw']->db->query($query);
}
@ -734,10 +767,10 @@
// Changed by milosch 2001 Dec 20
// do not stripslashes here unless this proves to be a problem.
// Changed by milosch 2001 Dec 25
// do not decrypt and return if no data (decrypt returning garbage)
/* do not decrypt and return if no data (decrypt returning garbage) */
if($data)
{
$data = $GLOBALS['phpgw']->common->decrypt($data);
$data = $GLOBALS['phpgw']->crypto->decrypt($data);
//echo 'appsession returning: '; _debug_array($data);
return $data;
}
@ -749,8 +782,6 @@
. " AND app = '".$appname."' AND location = '".$location."'",__LINE__,__FILE__);
$encrypteddata = $GLOBALS['phpgw']->crypto->encrypt($data);
// Added by milosch 2001 Dec 20
// Use db_addslashes to slash this
$encrypteddata = $GLOBALS['phpgw']->db->db_addslashes($encrypteddata);
if ($GLOBALS['phpgw']->db->num_rows()==0)
@ -837,8 +868,6 @@
\*************************************************************************/
function link($url, $extravars = '')
{
global $usercookie;
$kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3'];
if (! $kp3)