fix for crypto and password

phpgwapi/inc/phpgw.inc.php

@@ -59,12 +59,6 @@
   {
     global $phpgw,$phpgw_info;
  
-    $phpgw->common->key  = $phpgw_info["server"]["encryptkey"];
-    $phpgw->common->key .= $phpgw_info["user"]["sessionid"];
-    $phpgw->common->key .= $phpgw_info["user"]["kp3"];
-    $phpgw->common->iv   = $phpgw_info["server"]["mcrypt_iv"];
-    $phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv);
-
     if ($phpgw_info["flags"]["enable_categories_class"]) {
        include($phpgw_info["server"]["api_inc"] . "/phpgw_categories.inc.php");
        $phpgw->categories = new categories;
@@ -152,11 +146,17 @@
          while($this->db->next_record()) {
            $phpgw_info["server"][$this->db->f("config_name")] = $this->db->f("config_value");
          }
+      } else {
+         $this->db->query("select config_value from config where config_name='encryptkey'",__LINE__,__FILE__);
+         $this->db->next_record();
+         $phpgw_info["server"]["encryptkey"] = $this->db->f("config_value");
       }
 
       /**************************************************************************\
       * Continue adding the classes                                              *
       \**************************************************************************/
+      $this->common        = new common;
+
       if ($phpgw_info["flags"]["currentapp"] == "login") {
         /* Load selected authentication class */
         if (empty($phpgw_info["server"]["auth_type"])){$phpgw_info["server"]["auth_type"] = "sql";}
@@ -191,7 +191,6 @@
      }
       $this->accounts      = new accounts;
       $this->translation   = new translation;
-      $this->common        = new common;
       $this->acl           = new acl;
       $this->hooks         = new hooks;
 

phpgwapi/inc/phpgw_accounts_shared.inc.php

@@ -197,7 +197,7 @@
 
   class preferences
   {
-    var $account_id;
+    var $account_id = 0;
     var $preferences;
 
     function preferences($account_id)

phpgwapi/inc/phpgw_session.inc.php

@@ -33,9 +33,11 @@
        $db2 = $phpgw->db;
 
        // PHP 3 complains that these are not defined when the already are defined.
-       @$phpgw->common->key  = $kp3;
-       @$phpgw->common->iv   = $phpgw_info["server"]["mcrypt_iv"];
-       $phpgw->crypto = new crypto(@$phpgw->common->key,@$phpgw->common->iv);
+       $phpgw->common->key  = $phpgw_info["server"]["encryptkey"];
+       $phpgw->common->key .= $sessionid;
+       $phpgw->common->key .= $kp3;
+       $phpgw->common->iv   = $phpgw_info["server"]["mcrypt_iv"];
+       $phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv);
 
        $db->query("select * from phpgw_sessions where session_id='$sessionid'",__LINE__,__FILE__);
        $db->next_record();
@@ -79,8 +81,6 @@
           return False;
        } else {
           // PHP 3 complains that these are not defined when the already are defined.
-          @$phpgw->preferences->preferences = $phpgw_info["user"]["preferences"];
-          @$phpgw->preferences->account_id  = $phpgw_info["user"]["account_id"];
           return True;
        }
     }
@@ -119,11 +119,13 @@
        $phpgw_info["user"]["sessionid"] = md5($phpgw->common->randomstring(10));
        $phpgw_info["user"]["kp3"]       = md5($phpgw->common->randomstring(15));
 
-       $phpgw->common->key  = $phpgw_info["user"]["kp3"];
+       $phpgw->common->key  = $phpgw_info["server"]["encryptkey"];
+       $phpgw->common->key .= $phpgw_info["user"]["sessionid"];
+       $phpgw->common->key .= $phpgw_info["user"]["kp3"];
        $phpgw->common->iv   = $phpgw_info["server"]["mcrypt_iv"];
        $phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv);
 
-       //$phpgw_info["user"]["passwd"]    = $phpgw->common->encrypt($passwd);
+       $phpgw_info["user"]["passwd"]    = $phpgw->common->encrypt($passwd);
  
        if ($phpgw_info["server"]["usecookies"]) {
           Setcookie("sessionid",$phpgw_info["user"]["sessionid"]);